adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b63f5e4-bf24-4f46-8340-48fc02de0b81.json

3013 lines
580 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b63f5e4-bf24-4f46-8340-48fc02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:35.000Z",
"modified": "2018-08-03T07:05:35.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b63f5e4-bf24-4f46-8340-48fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:35.000Z",
"modified": "2018-08-03T07:05:35.000Z",
"name": "OSINT - Attacks on industrial enterprises using RMS and TeamViewer",
"published": "2018-08-03T07:27:04Z",
"object_refs": [
"observed-data--5b63f5ef-b2ac-46ba-a801-44ce02de0b81",
"url--5b63f5ef-b2ac-46ba-a801-44ce02de0b81",
"x-misp-attribute--5b63f608-97e4-4125-9e7b-457d02de0b81",
"x-misp-attribute--5b63f8c5-a258-4e3e-a5d7-46d602de0b81",
"x-misp-attribute--5b63f8c5-6240-4b67-a5d9-4b2d02de0b81",
"x-misp-attribute--5b63f8c5-322c-4d68-9493-44ce02de0b81",
"x-misp-attribute--5b63f8c5-be84-4d86-9781-45ef02de0b81",
"x-misp-attribute--5b63f8c5-818c-4271-a487-4e7b02de0b81",
"indicator--5b63fae7-0148-448a-bb4c-44f002de0b81",
"indicator--5b63fb12-b55c-4d94-b9dd-4dc202de0b81",
"indicator--5b63fb98-a0c0-42dd-910a-4ad602de0b81",
"indicator--5b63fb98-79a8-4232-9aed-470502de0b81",
"indicator--5b63fb98-42f0-4c8a-956b-40f002de0b81",
"indicator--5b63fb98-23a8-48b4-b711-4e2802de0b81",
"indicator--5b63fbff-76c4-4c00-a466-433802de0b81",
"indicator--5b63fbff-7078-4f05-a045-4d9502de0b81",
"indicator--5b63fc00-24f0-4eaa-a4ea-451f02de0b81",
"indicator--5b63fc00-d590-4678-8fbb-4b0d02de0b81",
"indicator--5b63fc01-0e4c-459d-9aa5-4b2802de0b81",
"indicator--5b63fc01-36c8-42e1-b9bb-4f1d02de0b81",
"indicator--5b63fc02-c7c4-4406-acbd-424302de0b81",
"indicator--5b63fc02-3994-454f-91a3-471e02de0b81",
"indicator--5b63fc03-d9a4-487e-9f6a-434102de0b81",
"indicator--5b63fc03-23fc-4d52-ad37-4c3c02de0b81",
"indicator--5b63fc04-be90-4410-b7a9-4d2302de0b81",
"indicator--5b63fc04-ed58-450f-b839-41da02de0b81",
"indicator--5b63fc04-6064-4772-a747-462602de0b81",
"indicator--5b63fc05-d124-4f85-b57d-42eb02de0b81",
"indicator--5b63fc05-ed94-4549-adbc-45d502de0b81",
"indicator--5b63fc06-97d0-4776-947b-435202de0b81",
"indicator--5b63fc97-9664-44ad-b08f-449d02de0b81",
"indicator--5b63fc97-0a8c-495d-bacc-484d02de0b81",
"indicator--5b63fc98-824c-429d-acd0-463902de0b81",
"indicator--5b63fc98-1bb4-4b68-9353-4cd302de0b81",
"indicator--5b63fc99-34ac-43a7-83aa-40c202de0b81",
"indicator--5b63fc99-4c68-452a-a241-4e2602de0b81",
"indicator--5b63fc99-1b1c-4342-abd2-4ee502de0b81",
"indicator--5b63fc9a-cf44-4116-be6e-40ec02de0b81",
"indicator--5b63fc9a-922c-4066-9966-464b02de0b81",
"indicator--5b63fc9b-f500-4352-acb2-49f802de0b81",
"indicator--5b63fc9b-2dcc-4b46-92f2-456202de0b81",
"indicator--5b63fc9c-b8b0-4a56-ba31-4a0a02de0b81",
"indicator--5b63fd66-cdb8-4bc0-a818-470002de0b81",
"indicator--5b63fd67-eefc-4c2f-9ce5-49a102de0b81",
"indicator--5b63fd67-2da4-4702-9b89-4d4402de0b81",
"indicator--5b63fd67-b584-4a05-8b22-480702de0b81",
"indicator--5b63fd68-a048-457f-bd35-437202de0b81",
"indicator--5b63fd68-63cc-4a17-b1b6-403002de0b81",
"indicator--5b63fd69-6dc4-4a45-9a9c-4d4102de0b81",
"indicator--5b63fd69-3470-4837-89db-49bc02de0b81",
"indicator--5b63fd6a-0fbc-47b7-aad6-471102de0b81",
"indicator--5b63fd6a-b0c4-4cd1-9769-46ea02de0b81",
"indicator--5b63fd6a-9b48-4aa5-9970-4b8b02de0b81",
"observed-data--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"file--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"indicator--76d54bf8-8a5c-4d15-99a5-60099d75f33c",
"x-misp-object--85c6f32f-13fd-45fc-b553-04eea230334d",
"indicator--8fbcce78-3cbc-4071-b67d-dfe531d27c00",
"x-misp-object--19c2defe-70e2-4b45-9834-a0d0c63c4611",
"indicator--18222cee-2ac0-47a1-8791-6744df043aad",
"x-misp-object--89416cc5-db81-4f92-9523-398c9f71e800",
"indicator--0e9b4bd9-14db-4902-9991-a206bcacc6f1",
"x-misp-object--b0a6a50d-3304-4eaf-9802-eb197d2ad89d",
"indicator--d4cb5445-b513-432b-97e4-b95f612ab3d4",
"x-misp-object--2b6f9fe6-6e77-420e-ad70-57285e0091df",
"indicator--7c801ac7-ea1e-463d-91c4-d0cbd23b3109",
"x-misp-object--f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d",
"indicator--7afe7225-8811-485e-8937-ab7bad8e74f0",
"x-misp-object--7d927d9b-6bc5-4668-9595-b58885c9cc0b",
"indicator--294d1429-59cd-4ad7-95d9-fc5b3661475a",
"x-misp-object--240a9164-aac0-4a1d-9f8c-ac58688889dd",
"indicator--0bf17bb7-e694-4e30-ae93-44dad8b167dc",
"x-misp-object--f600d536-ac39-4588-9ff8-63621d6d372b",
"indicator--95ac7141-73a2-4887-a57b-703e4ae18c8f",
"x-misp-object--8afbb632-1a98-404c-bde5-89b01c882fda",
"indicator--1b004d6a-4eaa-4144-80db-7ddfed3e1672",
"x-misp-object--1f8e9d51-4bc9-466f-ad49-357294ada4d8",
"indicator--764f0fcd-1ab1-4784-8f89-476df01f9e82",
"x-misp-object--4d24cad3-2421-48ad-9b73-2624715cd5dd",
"indicator--d5094d86-5aa2-4930-be67-590b666faf24",
"x-misp-object--68f98b66-dfff-4879-a93e-23798294887a",
"indicator--52674802-1516-419a-bc3b-01dae5b5746f",
"x-misp-object--2b1648e9-577e-46f9-bdb3-f70186927dc3",
"indicator--096da749-1936-41dd-96f3-cbdd247f2548",
"x-misp-object--bee97d03-cf53-441d-b24e-be6fe5aff6fe",
"indicator--fe9ff2db-3990-4476-af1f-4ea5fd9455ec",
"x-misp-object--3a3d31fe-1599-4535-8de1-073d022ac421",
"indicator--2c0a000b-4cb5-444e-b6e8-f5ce047774bc",
"x-misp-object--6a699fff-9d42-4ebc-835c-7063f752908c",
"indicator--b41fba7b-7e99-46be-b244-3749274d6511",
"x-misp-object--2643e936-cbd4-4080-bf24-897926886b9c",
"indicator--4024aa3c-18df-4452-a3b9-9f3e62fa105c",
"x-misp-object--242889dc-9946-48f0-bb16-b6044a619b37",
"indicator--818160f4-21c2-45b6-be21-dd9eec574074",
"x-misp-object--250c1137-3bfa-446e-b1e3-9ac17421a058",
"indicator--1267f609-b45b-4b55-a0d1-ea1ae7db562d",
"x-misp-object--df4f13dc-e7db-4896-a560-3f428553d305",
"indicator--6745208f-c8c8-4274-b672-890fb2779a26",
"x-misp-object--5f713e33-c562-4370-87c0-17a7a79034be",
"indicator--7d5de9ae-0701-4641-b1dd-6db94f8b0ad6",
"x-misp-object--d9a9cd7a-cc40-41c7-ab06-8ca0b166726f",
"relationship--98207a10-ece9-41c6-9537-e5d1bbf6ab80",
"relationship--82552fa3-f92d-4480-9f9f-465d4c89ab83",
"relationship--ed05c875-6ccb-48ed-a475-a7146c0c64fb",
"relationship--0aebf98f-37ce-459f-a303-4b0c12fa80c6",
"relationship--f271edbc-4d89-4bdb-9c01-10641dbb076e",
"relationship--aa963de2-7f71-4d7c-8736-c29d0bde32a8",
"relationship--09b51c3e-70db-4a96-a14e-0d5f6f0945a6",
"relationship--c7621388-ad2e-402e-976b-a81bda1c1e16",
"relationship--33579eb3-38a2-44ad-83d7-9f643088e693",
"relationship--e25deeb4-d73c-480c-a35a-efbdbbaef3df",
"relationship--d3ed4109-97e1-48d6-a97a-1f7b44747b94",
"relationship--be5c67d8-befc-4da2-a318-d8b8536fce0d",
"relationship--37d9f301-7d95-4db0-bbae-7f33a5b8e7db",
"relationship--e5a6e873-c7fb-4062-a3c7-31e0ea559ced",
"relationship--aa9c823a-52f8-4fcd-885e-1b1b6960357c",
"relationship--3da3a71a-5947-43e4-9316-f4ea1df49e9b",
"relationship--53cb517f-05a1-48ff-8b64-b41b2f0faa6a",
"relationship--49b8ae12-aa49-424a-8f77-3918b186d599",
"relationship--cb9eb214-dd05-48ed-b302-2aef6a32a32a",
"relationship--301606a3-4079-4403-a39c-4aca56ac9748",
"relationship--9dce78ce-dbee-4bb9-a287-f736b46b5408",
"relationship--b31f4121-98dd-4d39-8e12-ca1efe7039f8",
"relationship--4bad4218-95a0-47bd-a343-1ad564451617"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:rat=\"Babylon\"",
"misp-galaxy:botnet=\"BetaBot\"",
"misp-galaxy:stealer=\"AZORult\"",
"misp-galaxy:sector=\"Manufacturing\"",
"misp-galaxy:sector=\"Oil\"",
"misp-galaxy:sector=\"Energy\"",
"misp-galaxy:sector=\"Mining\"",
"misp-galaxy:sector=\"Construction\"",
"misp-galaxy:sector=\"Logistic\"",
"osint:source-type=\"blog-post\"",
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b63f5ef-b2ac-46ba-a801-44ce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:27:59.000Z",
"modified": "2018-08-03T06:27:59.000Z",
"first_observed": "2018-08-03T06:27:59Z",
"last_observed": "2018-08-03T06:27:59Z",
"number_observed": 1,
"object_refs": [
"url--5b63f5ef-b2ac-46ba-a801-44ce02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b63f5ef-b2ac-46ba-a801-44ce02de0b81",
"value": "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b63f608-97e4-4125-9e7b-457d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:28:24.000Z",
"modified": "2018-08-03T06:28:24.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production.\r\n\r\nThe phishing emails are disguised as legitimate commercial offers and are sent mainly to industrial companies located in Russia. The content of each email reflects the activity of the organization under attack and the type of work performed by the employee to whom the email is sent.\r\n\r\nAccording to the data that we have collected, this series of attacks started in November 2017 and is currently in progress. Notably, the first similar attacks were recorded as far back as 2015.\r\n\r\nThe malware used in these attacks installs legitimate remote administration software \u00e2\u20ac\u201c TeamViewer or Remote Manipulator System/Remote Utilities (RMS). This enables the attackers to gain remote control of infected systems. The threat actor uses various techniques to mask the infection and the activity of malware installed in the system.\r\n\r\nAccording to the data available, the attackers\u00e2\u20ac\u2122 main goal is to steal money from victim organizations\u00e2\u20ac\u2122 accounts. When attackers connect to a victim\u00e2\u20ac\u2122s computer, they search for and analyze purchase documents, as well as the financial and accounting software used. After that, the attackers look for various ways in which they can commit financial fraud, such as spoofing the bank details used to make payments.\r\n\r\nIn cases where the cybercriminals need additional data or capabilities after infecting a system, such as privilege escalation and obtaining local administrator privileges, the theft of user authentication data for financial software and services, or Windows accounts for lateral movement, the attackers download an additional pack of malware to the system, which is specifically tailored to the attack on each individual victim. The malware pack can include spyware, additional remote administration utilities that extend the attackers\u00e2\u20ac\u2122 control on infected systems, malware for exploiting operating system and application software vulnerabilities, as well as the Mimikatz utility, which provides the attackers with Windows account data.\r\n\r\nApparently, among other methods, the attackers obtain the information they need to perpetrate their criminal activity by analyzing the correspondence of employees at the enterprises attacked. They may also use the information found in these emails to prepare new attacks \u00e2\u20ac\u201c against companies that partner with the current victim.\r\n\r\nClearly, on top of the financial losses, these attacks result in leaks of the victim organizations\u00e2\u20ac\u2122 sensitive data."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b63f8c5-a258-4e3e-a5d7-46d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:40:05.000Z",
"modified": "2018-08-03T06:40:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.BAT.Starter"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b63f8c5-6240-4b67-a5d9-4b2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:40:05.000Z",
"modified": "2018-08-03T06:40:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Dllhijack"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b63f8c5-322c-4d68-9493-44ce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:40:05.000Z",
"modified": "2018-08-03T06:40:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Waldek"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b63f8c5-be84-4d86-9781-45ef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:40:05.000Z",
"modified": "2018-08-03T06:40:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor.Win32.RA-based"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b63f8c5-818c-4271-a487-4e7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:40:05.000Z",
"modified": "2018-08-03T06:40:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor.Win32.Agent"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fae7-0148-448a-bb4c-44f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:49:11.000Z",
"modified": "2018-08-03T06:49:11.000Z",
"pattern": "[rule TeamViewer_msimg32_dllhijack {\r\nmeta:\r\ndescription = \"msimg32.dll malicious file used in TeamViewer\"\r\nhash = \"16b4ebfdf74db8f730f2fb4d03e86d27\"\r\nhash = \"8c4e9016b9b4db809dd312f971a275b\r\n1\"\r\nversion = \"1.1\" \r\nstrings:\r\n$a1=\"msimg32.dll\" fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand any of ($a*)\r\nand pe.exports(\"SvcMain\")\r\nand pe.number_of_exports >6\r\nand filesize > 50000 \r\nand filesize < 200000 \r\n}]",
"pattern_type": "yara",
"valid_from": "2018-08-03T06:49:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fb12-b55c-4d94-b9dd-4dc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:49:54.000Z",
"modified": "2018-08-03T06:49:54.000Z",
"pattern": "[import \"pe\"\r\n\r\nrule RMS_winspooldrv_dllhijack {\r\nmeta:\r\ndescription = \"winspool.drv malicious file used in RMS RAT\"\r\nhash = \"5a6efa2921d3174bb9808fa3a3400d13\" \r\nhash\r\n= \"bb188e1e92e2be8a1ff009fe22f58f7f\" \r\nversion = \"1.1\" \r\nstrings:\r\n$a1= \"Password.rcfg\" fullword\r\n$a2 = \"Password.rcfg\" wide fullword\r\n$b1= \"winspool.drv\" fullword\r\n$b2= \"killrms\" wide fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand\r\nany of ($a*)\r\nand all of ($b*)\r\nand filesize < 100000 \r\n}]",
"pattern_type": "yara",
"valid_from": "2018-08-03T06:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fb98-a0c0-42dd-910a-4ad602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:52:08.000Z",
"modified": "2018-08-03T06:52:08.000Z",
"description": "Email addresses to which the malware sends messages",
"pattern": "[email-message:to_refs[*].value = 'barinovbb2018@yandex.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:52:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fb98-79a8-4232-9aed-470502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:52:08.000Z",
"modified": "2018-08-03T06:52:08.000Z",
"description": "Email addresses to which the malware sends messages",
"pattern": "[email-message:to_refs[*].value = 'drozd04m@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:52:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fb98-42f0-4c8a-956b-40f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:52:08.000Z",
"modified": "2018-08-03T06:52:08.000Z",
"description": "Email addresses to which the malware sends messages",
"pattern": "[email-message:to_refs[*].value = 'barinovbb@yandex.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:52:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fb98-23a8-48b4-b711-4e2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:52:08.000Z",
"modified": "2018-08-03T06:52:08.000Z",
"description": "Email addresses to which the malware sends messages",
"pattern": "[email-message:to_refs[*].value = 'barinovbb101@yandex.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:52:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fbff-76c4-4c00-a466-433802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:51.000Z",
"modified": "2018-08-03T06:53:51.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'rosatomgov.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fbff-7078-4f05-a045-4d9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:51.000Z",
"modified": "2018-08-03T06:53:51.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.141.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc00-24f0-4eaa-a4ea-451f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:52.000Z",
"modified": "2018-08-03T06:53:52.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'micorsoft.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc00-d590-4678-8fbb-4b0d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:52.000Z",
"modified": "2018-08-03T06:53:52.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.198.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc01-0e4c-459d-9aa5-4b2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:53.000Z",
"modified": "2018-08-03T06:53:53.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'buhuchetooo.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc01-36c8-42e1-b9bb-4f1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:53.000Z",
"modified": "2018-08-03T06:53:53.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.51.247.125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc02-c7c4-4406-acbd-424302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:54.000Z",
"modified": "2018-08-03T06:53:54.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'barinovbb.had.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc02-3994-454f-91a3-471e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:54.000Z",
"modified": "2018-08-03T06:53:54.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.51.247.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc03-d9a4-487e-9f6a-434102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:55.000Z",
"modified": "2018-08-03T06:53:55.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'barinoh9.beget.tech']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc03-23fc-4d52-ad37-4c3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:55.000Z",
"modified": "2018-08-03T06:53:55.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.236.19.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc04-be90-4410-b7a9-4d2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:56.000Z",
"modified": "2018-08-03T06:53:56.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'papaninili.temp.swtest.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc04-ed58-450f-b839-41da02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:56.000Z",
"modified": "2018-08-03T06:53:56.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.222.57.247']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc04-6064-4772-a747-462602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:56.000Z",
"modified": "2018-08-03T06:53:56.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'mts2015stm.myjino.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc05-d124-4f85-b57d-42eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:57.000Z",
"modified": "2018-08-03T06:53:57.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.135.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc05-ed94-4549-adbc-45d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:57.000Z",
"modified": "2018-08-03T06:53:57.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[domain-name:value = 'document-buh.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc06-97d0-4776-947b-435202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:53:58.000Z",
"modified": "2018-08-03T06:53:58.000Z",
"description": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.101.245.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:53:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc97-9664-44ad-b08f-449d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:23.000Z",
"modified": "2018-08-03T06:56:23.000Z",
"description": "AzoRult",
"pattern": "[file:hashes.MD5 = '3463d4a1dea003b9904674f21904f04b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc97-0a8c-495d-bacc-484d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:23.000Z",
"modified": "2018-08-03T06:56:23.000Z",
"description": "BabylonRAT",
"pattern": "[file:hashes.MD5 = '075ff2fb2e33a319e56a8955fade154e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc98-824c-429d-acd0-463902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:24.000Z",
"modified": "2018-08-03T06:56:24.000Z",
"description": "BabylonRAT",
"pattern": "[file:hashes.MD5 = 'aa6797ec4d23a39f91ddd222a31ddd1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc98-1bb4-4b68-9353-4cd302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:24.000Z",
"modified": "2018-08-03T06:56:24.000Z",
"description": "Betabot",
"pattern": "[file:hashes.MD5 = 'ba9747658aa8263b446bc29b99c0071f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc99-34ac-43a7-83aa-40c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:25.000Z",
"modified": "2018-08-03T06:56:25.000Z",
"description": "AzoRult",
"pattern": "[file:hashes.MD5 = '61aecb3e037e01bc0ad1062e6ff557e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc99-4c68-452a-a241-4e2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:25.000Z",
"modified": "2018-08-03T06:56:25.000Z",
"description": "AzoRult",
"pattern": "[file:hashes.MD5 = '4fd16e0e8bf3ae4ff155e461b2eccb79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc99-1b1c-4342-abd2-4ee502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:25.000Z",
"modified": "2018-08-03T06:56:25.000Z",
"description": "Betabot",
"pattern": "[file:hashes.MD5 = 'db0954a2f9c95737d1e54a1f9cf01404']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc9a-cf44-4116-be6e-40ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:26.000Z",
"modified": "2018-08-03T06:56:26.000Z",
"description": "Delphi Keylogger",
"pattern": "[file:hashes.MD5 = 'ccb184bbb7d257f02e2f69790d33f3b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc9a-922c-4066-9966-464b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:26.000Z",
"modified": "2018-08-03T06:56:26.000Z",
"description": "BabylonRAT",
"pattern": "[file:hashes.MD5 = '5f19025a2ac2afeb331d4a0971507131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc9b-f500-4352-acb2-49f802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:27.000Z",
"modified": "2018-08-03T06:56:27.000Z",
"description": "Betabot",
"pattern": "[file:hashes.MD5 = '579a5233fe9580e83fb20c2addb1a303']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc9b-2dcc-4b46-92f2-456202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:27.000Z",
"modified": "2018-08-03T06:56:27.000Z",
"description": "Hallaj PRO Rat",
"pattern": "[file:hashes.MD5 = '567157989551a5c6926c375eb0652804']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fc9c-b8b0-4a56-ba31-4a0a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:56:28.000Z",
"modified": "2018-08-03T06:56:28.000Z",
"description": "AzoRult",
"pattern": "[file:hashes.MD5 = '5a610962baf6081eb809a9e460599871']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd66-cdb8-4bc0-a818-470002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:50.000Z",
"modified": "2018-08-03T06:59:50.000Z",
"description": "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153.exe",
"pattern": "[file:hashes.MD5 = '34a1e9fcc84adc4ab2ec364845f64220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd67-eefc-4c2f-9ce5-49a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:51.000Z",
"modified": "2018-08-03T06:59:51.000Z",
"description": "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153 (\u00d0\u00ba\u00d0\u00be\u00d0\u00b4 917815).rar",
"pattern": "[file:hashes.MD5 = '59e172ec7d73a5c41d4dbb218ca1af66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd67-2da4-4702-9b89-4d4402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:51.000Z",
"modified": "2018-08-03T06:59:51.000Z",
"description": "OPLATA REESTR skrin dogovor.doc.com doc.pdf.oplat 27.12.2017.rar 1\u00d1\u0081 \u00d0\u00bf\u00d0\u00bf.pdf",
"pattern": "[file:hashes.MD5 = 'ddcd67b7b83e73426b4d35881789e7dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd67-b584-4a05-8b22-480702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:51.000Z",
"modified": "2018-08-03T06:59:51.000Z",
"description": "(No 444.pdf.com",
"pattern": "[file:hashes.MD5 = '2374c93efbe32199b177eb12f96b6166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd68-a048-457f-bd35-437202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:52.000Z",
"modified": "2018-08-03T06:59:52.000Z",
"description": "\u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9 \u00d1\u201a\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9.txt.com - oplata022018rm.rar",
"pattern": "[file:hashes.MD5 = 'c531c45b08b692d84cf0699ef92f0134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd68-63cc-4a17-b1b6-403002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:52.000Z",
"modified": "2018-08-03T06:59:52.000Z",
"description": "oplata 1\u00d1\u0081_2 scan.pdf.com - reestr oplat 1c \u00d0\u00be\u00d1\u201a 01.12.2017.rar",
"pattern": "[file:hashes.MD5 = 'e5562389a49680c25e67b750b2c368eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd69-6dc4-4a45-9a9c-4d4102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:53.000Z",
"modified": "2018-08-03T06:59:53.000Z",
"description": "1C tshetim.rar",
"pattern": "[file:hashes.MD5 = '3a636038a3d893e441f25696bcbf2c73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd69-3470-4837-89db-49bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:53.000Z",
"modified": "2018-08-03T06:59:53.000Z",
"description": "1C kopiya No5.pdf.scr",
"pattern": "[file:hashes.MD5 = 'f9b14393b995a655e72731c8b6ce78fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd6a-0fbc-47b7-aad6-471102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:54.000Z",
"modified": "2018-08-03T06:59:54.000Z",
"description": "WinRAR pp.rar",
"pattern": "[file:hashes.MD5 = '6e10bc85be5d330e9aed5b5c87ccee38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd6a-b0c4-4cd1-9769-46ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:54.000Z",
"modified": "2018-08-03T06:59:54.000Z",
"description": "kopiya WinRAR.docx.scr",
"pattern": "[file:hashes.MD5 = 'f8ec2d059d937723becd92eae050a097']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b63fd6a-9b48-4aa5-9970-4b8b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T06:59:54.000Z",
"modified": "2018-08-03T06:59:54.000Z",
"description": "act sverki 09.10.2017 crbarin.pdf.com",
"pattern": "[file:hashes.MD5 = '21089b34d8f9cb7910f521e30aa55908']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T06:59:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:02:18.000Z",
"modified": "2018-08-03T07:02:18.000Z",
"first_observed": "2018-08-03T07:02:18Z",
"last_observed": "2018-08-03T07:02:18Z",
"number_observed": 1,
"object_refs": [
"file--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"name": "TV_RMS_IoC_eng.pdf",
"content_ref": "artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81",
"payload_bin": "JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhydS1SVSkgPj4NCmVuZG9iag0KMiAwIG9iag0KPDwvVHlwZS9QYWdlcy9Db3VudCA1L0tpZHNbIDMgMCBSIDIzIDAgUiAyNSAwIFIgMjcgMCBSIDMzIDAgUl0gPj4NCmVuZG9iag0KMyAwIG9iag0KPDwvVHlwZS9QYWdlL1BhcmVudCAyIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjEgNSAwIFIvRjIgOSAwIFIvRjMgMTQgMCBSL0Y0IDE2IDAgUi9GNSAxOCAwIFI+Pi9FeHRHU3RhdGU8PC9HUzcgNyAwIFIvR1M4IDggMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+L01lZGlhQm94WyAwIDAgNTk1LjMyIDg0MS45Ml0gL0NvbnRlbnRzIDQgMCBSL0dyb3VwPDwvVHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1M+Pg0KZW5kb2JqDQo0IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDU2MDI+Pg0Kc3RyZWFtDQp4nN1dWW8kN5J+b6D/Q70MoBpAOTyTmYAhoFSSBrtz2T0N+MHeB1WV1BbcUmkkeWZ6f/1G8EpmJYN5aJ7Whkt5RAaDQcYXEbx8+fnjhz/c8JVQq8/3Hz/wFYN/+UrWK2PqisHTRyD449/N6svrxw/wslLCwK+UcvXyxb5qMq8+/fHjh5/ONs/Pd0+Hh38Dw/X/rD7/98cP11DcpS1SnBbJtapMWupP3zF2KS5OPxzIyuumMqr35dlpeZHWqAHtf4GI+9u348vr6ni/2h4fn1+Oa3X2+PC6PhdndwQnJVWlDF3qPz5++CGILFdcDNSreaXdh6g6ARSs4jW3Wu0/ccrMM085SlnVtRfl5ojCfz3crc/1GdRs/wJVght5dos/b+vG3R3wZwV3O7z4tubsbPWGl7/gz114+7g+r92XX/+15spdvlC6EUxV3PQFonSjVpxbDZ6ohzedeqxGrBJ+t/l+fa7OvgeRrjYow+e1Ptv8jpCjlZUG1gmvn85+/pkiNpWqT4g/oT6Ot48PoLynL1SfknUlxMRSuII2bfrEf8Wm+rzm9dmf1/XZcX8LpX2F/zbPWMPnK3yNz95uKX1zWYm2z3S8uzBZsdA6y/SachjVa0o8S6+TSgl6TYmdNtecnwWNXt2+Qb3wzuucYNbqqtZ9ZqP6rBsD+PUOdaYMxrSZ0s5R5qQyvC5TWqqLBoUW9ZgymgORda0r2cyAyL+sPbx9RV3sH46/Ifq9rm7xz9vb2kPY/he4sohm8e0J7t5eSY+hG+wEiSy5SsAvKhgaBnRnzEqAM1MAbS3+vtx9/PDj71dPp2SNI9MDMhoZuRKVxM/bqrXCgNJe0OeC95Srf/XB8gbU8eAb6g7bbvW05g3oAAD80TqArhqDOiwRroEP6onCrQaF/xAuRMvRfQRVKlO1JqfKlK6h6GhxFXgp3U4U9y9oymvBzvRA7veKIXRl+Du1ZmkkMMKeytDSIRpr3A8Kcf/78deu7d1r3/Y9AtGyqm5TBozxUxKnCs/EqaJHoWVbcdVnomaT+Ko4jds3nb5TUTsCFLVPE4pJadQJTWcSglWNHjdrJKvLlqNzfYBX+DH0gOY05PmOicsrJsXNxbn4Dv5umWTwn8Bn8kLBI15faPjDbuwd29o/iuMfBvdSbNxnogFaFlhcSOSmLbH/4z613/DNxbl2j7il4ExK7kXYOF7wDGnF5c1FC1JulJUUHl00cLtl9lZsuXu1tcLaR5ebC86AkW4uzuEZ59dYAb6tbZl4S+DSBO3mLEwYU0Hz5/U7BYh8448CkZdvLgKItoakiZJPoo9S+LNZt2ccL64xpmnxCiF+uwUX3Dgqc7a5wqvtmoePLgU8vd5K+LgORJFaByY13Fh6pBZ4wUigW1hNBc3QUt2cbIbO1GUHWmjNJ7hlCRLYSkkSOJA94OoTRRiXKXSlNAlmyB4y9QRyEjstFcCpI6DBKaUhwUlDfKVizCFF1bQ6h04pnUa6ls2BJ85CNPz/HZ4ClTTXFqEsfyufuuDSyjCAqB/mKjprIqhoDXCg24GBWHvnYJ0GLxq4sFig4eLnNWYbFcSxL7cvRFC3WCbITmpBSjWOnqFgZ1G53kkRTpUw4Ceka5IPJLQQ17rRDN0pUIQnkCAK9+gAEGkvpBsnUe5bS6CCvg8Kvjns4HYH5CI0ikVUSIu0o8KP76E9EFZrCkgXV1jVjUXSfIVHkBQgRTZFKHUUI1jasSmBqWdVRtOUFQWnXldW7ERTiUQJBX5+QuTL6hGpU6LOWGpT6fFwLyWbE5A4Mzd1VZtB6/3t+z9jtrr5vEEnv/p0jZm3dfh/DwMJn3BE7hXvfkW7f3nADvq0sr3zCK++HPHBP4Hy+IIPK6Q6HPfQX+3l/ojsHimgWFgpwXXFWqpaE3BCGMyDfF/RbSWaPEwU6UZRQmuQTw7ku7KjbNsr1JwNkywQXGIY5a4a0J7FhWsDNi1DAGUBoI60NoS6sqQ+uGoCOPSgu42crrYkPCysqGqgewmqomV00E1dtW0JHTxFGR0SNgV0CKyK6NBjRaKD67N0sJUQkMFWj4YOtkDaWibQIEUWGhIyPSAbg4Z804EJV+BXng/Qbe6dx4efIw7/PX9F1/O2EtiLsVthMMBDPG/p8IL1OqINGNaNdVZk2LCwHjgpI+qFnRAagpnYCU3bno5SeIquE/ZokjZnJu2EPaqk1ZlJ+1e/PCeR00Khf3UEdP9Kaej+5a1+rH8lZFS7kKG8Bh5mEDhAnHt9dXFuA++rJDbf2FgckvUakvOmhQR9c2HgUjREnj5FtlyfaSA2FJR0Y30GlMt1EbgcxQhwdWxywJW0JNdjmOS0UOgzHQHdZ1Iaus8wgz53NFxJyGaPTmkOrTKI/5Mc6bK2eRHncH3DXD+Cvya5zfYh+3EcCgJNmCvLhBtN9a8J9chiElcWk7I1mRKh+HLHxoHKdOMRSl4+4TITj90qjvK0MWO5xoGcy2t8KAP0c5f9+IjjktsUx/O4tiELj9kQft7ahAVJazva5O/oHGZhXRVOxM9tis6whCy6B0cx4h46Njn3kARhIh0PyvqQlBXpQ5ymAh7oeiBQR+DxIKEJJaU06oQmGojCCbfx9CUlm40HCjprM4jz0XfU3oc0OOjDpNwyybcOG3DUF4eKknEhO7RiR5DwE/cpu3HDOv5Tiw4IHO3GPo8jxe0G3yFqWNaAHAXUmFLbLGpog/MQ+fpOQA0FAUYTexA0o6yzqFGmG0UNhXHy0GtutQyR4FaBRduc5JLBVROtvI0IcGWf+5Hg7Q18yZz1e/xoPcxwlXxkb2Nk6TMjAi6WVlIZjbM0RCVH8AJshrdFvHAUI3jRsSnhhWdVxouUFYUXvr/S8UNCQMYPPRoyfgitMoYXCdns4Q5loOn0oOmOPnO5DdlJMv/gvRd2yJdH6Is2jaFHOJeKxyUDV0TIV+5aqF5hSlGnpyhHnQmbQtTZo6KiTq+EQq/pCOhek9LQvQb7OB/vNQnZfC8D4MsG+aOHeowj6xvGmbjw3gAvjZ8jwFxGu1xGGj/jeH1tHQy+5y1zTgVDTviM47WprbNR/4EgdUq18+5GVbohKj7F3UAs0tYpwrZ5dyMsQULXzIpSsX5s6A9xRF27eQnvOGLc2kQPYlegqBCZ1sHIWRxtF5ED8qtDwLrz0at2+OCfiPiZDGU24dMd6YiWVl8ZgYvsiOqPwAXYldQlT+Qpyp4oYVPwRIFV0RP1WJGeyHXlAqZ0BDSmpDQ0pvje22GKyWKKb73OuOo5oCINjlQPQaXZ4uoDuwIB7b51aasFlmbrUMPhjsOB2k5pIngoR2VjXNGNoyBSuHGUBucgQ+iLZHh7vXXhLlCbDl7CrccqnzTHW/jIJCM1NzL91taACfxLwdIUzeUXd9W
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76d54bf8-8a5c-4d15-99a5-60099d75f33c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:29.000Z",
"modified": "2018-08-03T07:04:29.000Z",
"pattern": "[file:hashes.MD5 = 'f8ec2d059d937723becd92eae050a097' AND file:hashes.SHA1 = '3ac6e16b8c127575cfc73bc94e519fc3a58fa7b5' AND file:hashes.SHA256 = 'b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--85c6f32f-13fd-45fc-b553-04eea230334d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:28.000Z",
"modified": "2018-08-03T07:04:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-16T08:12:04",
"category": "Other",
"uuid": "610f905b-3e22-476b-b85d-fa2950cd9e9f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72/analysis/1526458324/",
"category": "External analysis",
"uuid": "04078969-96c3-4849-b011-4443f045c926"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "15/66",
"category": "Other",
"uuid": "ffd3d4b5-ffc4-47f1-b6fb-29115afa07ae"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8fbcce78-3cbc-4071-b67d-dfe531d27c00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:32.000Z",
"modified": "2018-08-03T07:04:32.000Z",
"pattern": "[file:hashes.MD5 = '6e10bc85be5d330e9aed5b5c87ccee38' AND file:hashes.SHA1 = '63d796f57f7e72ac85766034320ef01863f4a22e' AND file:hashes.SHA256 = '31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--19c2defe-70e2-4b45-9834-a0d0c63c4611",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:31.000Z",
"modified": "2018-08-03T07:04:31.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-09T11:24:58",
"category": "Other",
"uuid": "c186b0ec-baf5-41f5-9fe1-abf706268da3"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557/analysis/1531135498/",
"category": "External analysis",
"uuid": "c8b29c08-2711-4f6c-bef9-e7e4d4c29548"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/61",
"category": "Other",
"uuid": "e873be03-a3dd-417a-8531-219d41271e1d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--18222cee-2ac0-47a1-8791-6744df043aad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:35.000Z",
"modified": "2018-08-03T07:04:35.000Z",
"pattern": "[file:hashes.MD5 = '3463d4a1dea003b9904674f21904f04b' AND file:hashes.SHA1 = 'ea09ca011157ff09743e07f2273291c91e81e925' AND file:hashes.SHA256 = 'd89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--89416cc5-db81-4f92-9523-398c9f71e800",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:33.000Z",
"modified": "2018-08-03T07:04:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-28T21:30:50",
"category": "Other",
"uuid": "38fe2f48-7f55-46b6-8a8b-9be8a5c6ea62"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f/analysis/1532813450/",
"category": "External analysis",
"uuid": "ef4a3a56-dbdb-45f2-a922-fcf3954be4ce"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Other",
"uuid": "0434626c-bef4-45f0-97b3-921d7637fb62"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0e9b4bd9-14db-4902-9991-a206bcacc6f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:37.000Z",
"modified": "2018-08-03T07:04:37.000Z",
"pattern": "[file:hashes.MD5 = 'ba9747658aa8263b446bc29b99c0071f' AND file:hashes.SHA1 = 'a67eeb92cee5691eb022b0583c33684f3a893e48' AND file:hashes.SHA256 = 'dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b0a6a50d-3304-4eaf-9802-eb197d2ad89d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:36.000Z",
"modified": "2018-08-03T07:04:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-20T21:20:18",
"category": "Other",
"uuid": "2fdc44f1-fb8a-4844-9997-79a94b8e0b8b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd/analysis/1532121618/",
"category": "External analysis",
"uuid": "e0252f8c-f6bf-4562-afdf-649685561b34"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/68",
"category": "Other",
"uuid": "4d5f0a98-9bed-4300-8c25-064eae706677"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4cb5445-b513-432b-97e4-b95f612ab3d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:40.000Z",
"modified": "2018-08-03T07:04:40.000Z",
"pattern": "[file:hashes.MD5 = '2374c93efbe32199b177eb12f96b6166' AND file:hashes.SHA1 = 'ca948caa972a756d57260a2bd3f0b3bc7c8cf5da' AND file:hashes.SHA256 = '50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2b6f9fe6-6e77-420e-ad70-57285e0091df",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:39.000Z",
"modified": "2018-08-03T07:04:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-26T15:44:18",
"category": "Other",
"uuid": "c339bb60-e470-4bac-bd9d-27485a79a6c0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41/analysis/1516981458/",
"category": "External analysis",
"uuid": "d656dce0-c353-44d4-963d-c38b1d4ebd2d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "23/65",
"category": "Other",
"uuid": "f77f523a-23dd-4882-bc54-3180141cca05"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c801ac7-ea1e-463d-91c4-d0cbd23b3109",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:43.000Z",
"modified": "2018-08-03T07:04:43.000Z",
"pattern": "[file:hashes.MD5 = '579a5233fe9580e83fb20c2addb1a303' AND file:hashes.SHA1 = '713d542f516b7ec679f7d3a4090a7d9e07e137ef' AND file:hashes.SHA256 = '8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:42.000Z",
"modified": "2018-08-03T07:04:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-18T02:11:25",
"category": "Other",
"uuid": "6ea8c0c4-cd43-48de-b920-40a6206e20a2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b/analysis/1510971085/",
"category": "External analysis",
"uuid": "734c6a95-e688-431b-b864-a2309cc8c1ea"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/67",
"category": "Other",
"uuid": "863452d8-d122-4270-aa19-d3cc9cc82be3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7afe7225-8811-485e-8937-ab7bad8e74f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:46.000Z",
"modified": "2018-08-03T07:04:46.000Z",
"pattern": "[file:hashes.MD5 = '3a636038a3d893e441f25696bcbf2c73' AND file:hashes.SHA1 = 'b331c97c29abde694cde08850ec0dae039f2101b' AND file:hashes.SHA256 = '267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7d927d9b-6bc5-4668-9595-b58885c9cc0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:44.000Z",
"modified": "2018-08-03T07:04:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-30T00:06:21",
"category": "Other",
"uuid": "f7afa361-998b-4276-9212-d7781cb0d73e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2/analysis/1527638781/",
"category": "External analysis",
"uuid": "87df4eca-62ab-41ee-adbe-0d6c6e819db1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/60",
"category": "Other",
"uuid": "e2d8429a-4bae-4223-96cc-02a05cf8d5e4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--294d1429-59cd-4ad7-95d9-fc5b3661475a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:48.000Z",
"modified": "2018-08-03T07:04:48.000Z",
"pattern": "[file:hashes.MD5 = '4fd16e0e8bf3ae4ff155e461b2eccb79' AND file:hashes.SHA1 = '19eae97bb8ceac18bb02bcd3450458ed0e59c406' AND file:hashes.SHA256 = '863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--240a9164-aac0-4a1d-9f8c-ac58688889dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:47.000Z",
"modified": "2018-08-03T07:04:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-23T00:12:21",
"category": "Other",
"uuid": "5697742a-38ef-4e5f-8b5b-c4f1264b5c50"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c/analysis/1532304741/",
"category": "External analysis",
"uuid": "31aab7a7-f01b-4d9a-b9dd-09c8c2e7b0b9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/68",
"category": "Other",
"uuid": "8a7c447f-f278-4541-bca7-37bef818c827"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0bf17bb7-e694-4e30-ae93-44dad8b167dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:51.000Z",
"modified": "2018-08-03T07:04:51.000Z",
"pattern": "[file:hashes.MD5 = '61aecb3e037e01bc0ad1062e6ff557e6' AND file:hashes.SHA1 = '9bbd38502f32dccf4ec8f5c6b0a52a96f2b7825b' AND file:hashes.SHA256 = 'ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f600d536-ac39-4588-9ff8-63621d6d372b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:50.000Z",
"modified": "2018-08-03T07:04:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-17T07:51:06",
"category": "Other",
"uuid": "48756df7-573d-42ac-85cd-8fe3c5788ee6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54/analysis/1510905066/",
"category": "External analysis",
"uuid": "282bfdc9-157e-4210-bb84-0a1777506956"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/61",
"category": "Other",
"uuid": "43993ef1-d625-4106-82d4-d6118f0c4cfd"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--95ac7141-73a2-4887-a57b-703e4ae18c8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:54.000Z",
"modified": "2018-08-03T07:04:54.000Z",
"pattern": "[file:hashes.MD5 = 'ddcd67b7b83e73426b4d35881789e7dc' AND file:hashes.SHA1 = 'bf3eac9a7808d3ee75e8018397cde1d8d6628b43' AND file:hashes.SHA256 = 'cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8afbb632-1a98-404c-bde5-89b01c882fda",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:53.000Z",
"modified": "2018-08-03T07:04:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-08T11:15:14",
"category": "Other",
"uuid": "463f05bc-f341-41db-85db-1bb6014384bc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1/analysis/1515410114/",
"category": "External analysis",
"uuid": "7a4b99ac-2a67-44e8-88a7-10beb23f0bb3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/66",
"category": "Other",
"uuid": "920a9729-3f24-4669-a705-32bb7a85aac1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1b004d6a-4eaa-4144-80db-7ddfed3e1672",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:58.000Z",
"modified": "2018-08-03T07:04:58.000Z",
"pattern": "[file:hashes.MD5 = 'db0954a2f9c95737d1e54a1f9cf01404' AND file:hashes.SHA1 = '4533f0c5b799f92fcecda88bf2c94b16eb554878' AND file:hashes.SHA256 = 'dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:04:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1f8e9d51-4bc9-466f-ad49-357294ada4d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:56.000Z",
"modified": "2018-08-03T07:04:56.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-14T18:51:32",
"category": "Other",
"uuid": "00e0002d-aad3-4985-8589-b123f93e726d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b/analysis/1510685492/",
"category": "External analysis",
"uuid": "ae882f60-63c1-4df4-bd99-5b54ba427c6a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/60",
"category": "Other",
"uuid": "b29f8bde-8a2d-4d09-9b0c-c270df68e58f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--764f0fcd-1ab1-4784-8f89-476df01f9e82",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:00.000Z",
"modified": "2018-08-03T07:05:00.000Z",
"pattern": "[file:hashes.MD5 = '075ff2fb2e33a319e56a8955fade154e' AND file:hashes.SHA1 = 'ec11b96059609d9e253b5ec977a2bc358f82db44' AND file:hashes.SHA256 = '1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4d24cad3-2421-48ad-9b73-2624715cd5dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:04:59.000Z",
"modified": "2018-08-03T07:04:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-21T09:17:59",
"category": "Other",
"uuid": "9f65d903-d08d-4947-9754-6f9a1c667fd4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e/analysis/1511255879/",
"category": "External analysis",
"uuid": "0089de46-5fe9-4655-9b15-ccc24ce0d162"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/68",
"category": "Other",
"uuid": "0a1f957d-dbb3-4f70-bfa6-3bdce0a9309a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5094d86-5aa2-4930-be67-590b666faf24",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:03.000Z",
"modified": "2018-08-03T07:05:03.000Z",
"pattern": "[file:hashes.MD5 = '567157989551a5c6926c375eb0652804' AND file:hashes.SHA1 = 'e9d03f2e60ba16636291bf1e75ed088caf9c0e23' AND file:hashes.SHA256 = 'c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--68f98b66-dfff-4879-a93e-23798294887a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:04.000Z",
"modified": "2018-08-03T07:05:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-22T16:30:27",
"category": "Other",
"uuid": "ef1c04a8-d4b6-4ea6-b2ea-52902c39abee"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46/analysis/1532277027/",
"category": "External analysis",
"uuid": "211bf203-36e3-42c8-9ff8-3f8c7de10da2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "59/68",
"category": "Other",
"uuid": "1e55e3b2-8535-47ce-83e0-db826ea05c79"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--52674802-1516-419a-bc3b-01dae5b5746f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:08.000Z",
"modified": "2018-08-03T07:05:08.000Z",
"pattern": "[file:hashes.MD5 = 'aa6797ec4d23a39f91ddd222a31ddd1e' AND file:hashes.SHA1 = '3d38d65a1306d9d85514585c8b01f347c1067a79' AND file:hashes.SHA256 = '7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2b1648e9-577e-46f9-bdb3-f70186927dc3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:06.000Z",
"modified": "2018-08-03T07:05:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-06-23T06:30:59",
"category": "Other",
"uuid": "eb279efe-855d-4375-87c6-b02ad41efcd1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699/analysis/1529735459/",
"category": "External analysis",
"uuid": "6f700c7e-96f3-41e7-8a0f-24053157b240"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/68",
"category": "Other",
"uuid": "53125897-66d9-42fd-bf74-3885aaed354f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--096da749-1936-41dd-96f3-cbdd247f2548",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:11.000Z",
"modified": "2018-08-03T07:05:11.000Z",
"pattern": "[file:hashes.MD5 = '21089b34d8f9cb7910f521e30aa55908' AND file:hashes.SHA1 = '5e0d7f6a8f88decf4ed2107adeeb0f2d805dbc6d' AND file:hashes.SHA256 = 'a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bee97d03-cf53-441d-b24e-be6fe5aff6fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:09.000Z",
"modified": "2018-08-03T07:05:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-31T06:44:56",
"category": "Other",
"uuid": "1a37dc13-68a5-419e-8593-c80aad983a0f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a/analysis/1517381096/",
"category": "External analysis",
"uuid": "dbdf7ee7-d96e-43df-99ec-f1a7d56df6c4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/66",
"category": "Other",
"uuid": "0e6c3ab0-31fe-4ac6-861a-86117f7610eb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe9ff2db-3990-4476-af1f-4ea5fd9455ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:14.000Z",
"modified": "2018-08-03T07:05:14.000Z",
"pattern": "[file:hashes.MD5 = '59e172ec7d73a5c41d4dbb218ca1af66' AND file:hashes.SHA1 = 'f116b6360951036814e9ce2a35fcdf467307d2c6' AND file:hashes.SHA256 = '21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3a3d31fe-1599-4535-8de1-073d022ac421",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:13.000Z",
"modified": "2018-08-03T07:05:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-01T11:55:50",
"category": "Other",
"uuid": "730fa964-2173-4469-80e6-038e28bd3b6f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0/analysis/1533124550/",
"category": "External analysis",
"uuid": "434cb613-2d0b-4e78-ad7d-15cf7bc2c0b9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/59",
"category": "Other",
"uuid": "9ae1bfb8-ee0a-42a2-b254-cd8d65cee0b6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c0a000b-4cb5-444e-b6e8-f5ce047774bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:17.000Z",
"modified": "2018-08-03T07:05:17.000Z",
"pattern": "[file:hashes.MD5 = 'c531c45b08b692d84cf0699ef92f0134' AND file:hashes.SHA1 = 'fc1ee56c51e8367e07c7d382b2251f460292b3cf' AND file:hashes.SHA256 = '3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6a699fff-9d42-4ebc-835c-7063f752908c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:16.000Z",
"modified": "2018-08-03T07:05:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-01T07:21:24",
"category": "Other",
"uuid": "62d26141-e9b0-4349-a720-5ed0d4d7e834"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e/analysis/1519888884/",
"category": "External analysis",
"uuid": "786c71b7-e87c-44d1-97e0-932131116732"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "11/68",
"category": "Other",
"uuid": "aded9a20-962a-4e46-a2c5-c26f10d0334d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b41fba7b-7e99-46be-b244-3749274d6511",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:20.000Z",
"modified": "2018-08-03T07:05:20.000Z",
"pattern": "[file:hashes.MD5 = '34a1e9fcc84adc4ab2ec364845f64220' AND file:hashes.SHA1 = '7ef53e5a9a67e7f932ad53bf3a85c2ae91026f34' AND file:hashes.SHA256 = '65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2643e936-cbd4-4080-bf24-897926886b9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:19.000Z",
"modified": "2018-08-03T07:05:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-01T11:55:11",
"category": "Other",
"uuid": "d6cc19a3-2f99-4d78-8fe2-7bf2bcfb4d90"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529/analysis/1533124511/",
"category": "External analysis",
"uuid": "08b25fe3-52e6-4aa1-a598-efb51d3856be"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/66",
"category": "Other",
"uuid": "76b329b7-f2f5-472a-b3aa-39a5e8896201"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4024aa3c-18df-4452-a3b9-9f3e62fa105c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:23.000Z",
"modified": "2018-08-03T07:05:23.000Z",
"pattern": "[file:hashes.MD5 = '5f19025a2ac2afeb331d4a0971507131' AND file:hashes.SHA1 = '1b58d0832448414d830bfb065b9f020d3c5fe64b' AND file:hashes.SHA256 = 'b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--242889dc-9946-48f0-bb16-b6044a619b37",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:21.000Z",
"modified": "2018-08-03T07:05:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-23T22:35:44",
"category": "Other",
"uuid": "bc6de473-2ba3-4e5c-81f2-9b43c4129c97"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882/analysis/1532385344/",
"category": "External analysis",
"uuid": "fd14bb8e-738c-47f7-a804-16e0358c56e6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Other",
"uuid": "1f4d5c0d-7cf0-45a5-b727-e53dad1d2436"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--818160f4-21c2-45b6-be21-dd9eec574074",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:25.000Z",
"modified": "2018-08-03T07:05:25.000Z",
"pattern": "[file:hashes.MD5 = '5a610962baf6081eb809a9e460599871' AND file:hashes.SHA1 = '6290a0dca10e063fc8913cfccc7057356e082e3b' AND file:hashes.SHA256 = 'bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--250c1137-3bfa-446e-b1e3-9ac17421a058",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:24.000Z",
"modified": "2018-08-03T07:05:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-25T17:57:11",
"category": "Other",
"uuid": "0f7f6908-09c7-4a86-b090-1fbf58b67e96"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7/analysis/1532541431/",
"category": "External analysis",
"uuid": "46ad717a-4b50-42b1-bedd-6cdd7e03a1e8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/68",
"category": "Other",
"uuid": "cd23483c-b1f7-4346-a0da-5544b45f3f8e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1267f609-b45b-4b55-a0d1-ea1ae7db562d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:28.000Z",
"modified": "2018-08-03T07:05:28.000Z",
"pattern": "[file:hashes.MD5 = 'ccb184bbb7d257f02e2f69790d33f3b6' AND file:hashes.SHA1 = '69b016cdcbbdbee85333fe04d2d81f8c1bc76f11' AND file:hashes.SHA256 = 'e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--df4f13dc-e7db-4896-a560-3f428553d305",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:27.000Z",
"modified": "2018-08-03T07:05:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-02T20:47:19",
"category": "Other",
"uuid": "6497fe78-a309-4e69-9687-96c6c24db053"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa/analysis/1533242839/",
"category": "External analysis",
"uuid": "8fd07da2-cc82-42ed-9fa4-a9ce5dad548e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/67",
"category": "Other",
"uuid": "d358f6e8-44d6-4401-839b-d5f52d134dcc"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6745208f-c8c8-4274-b672-890fb2779a26",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:31.000Z",
"modified": "2018-08-03T07:05:31.000Z",
"pattern": "[file:hashes.MD5 = 'e5562389a49680c25e67b750b2c368eb' AND file:hashes.SHA1 = '962574ed4d0aaa3479d24d44dcf77ea4ed558bb9' AND file:hashes.SHA256 = '32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5f713e33-c562-4370-87c0-17a7a79034be",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:29.000Z",
"modified": "2018-08-03T07:05:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-08T11:14:25",
"category": "Other",
"uuid": "f53903a9-0918-41d3-9e5f-c001c2fa17d4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477/analysis/1515410065/",
"category": "External analysis",
"uuid": "a1fc6f3d-377c-4ed9-bcad-5cbcbebd14f4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/67",
"category": "Other",
"uuid": "9ce6141a-8d24-4744-923b-38704f43271b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d5de9ae-0701-4641-b1dd-6db94f8b0ad6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"pattern": "[file:hashes.MD5 = 'f9b14393b995a655e72731c8b6ce78fd' AND file:hashes.SHA1 = 'fa9ab8fe04781041f49597c218324f358fc8d661' AND file:hashes.SHA256 = 'b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T07:05:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d9a9cd7a-cc40-41c7-ab06-8ca0b166726f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T07:05:32.000Z",
"modified": "2018-08-03T07:05:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-22T02:30:18",
"category": "Other",
"uuid": "ed7c1a62-02d3-41ff-a561-8a97c33a37ad"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8/analysis/1521685818/",
"category": "External analysis",
"uuid": "af4be266-5fb0-4cb9-88db-918da4d6e9bf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/62",
"category": "Other",
"uuid": "a54ba07e-36cd-4fbd-9ec5-9d613d889d00"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--98207a10-ece9-41c6-9537-e5d1bbf6ab80",
"created": "2018-08-03T07:05:33.000Z",
"modified": "2018-08-03T07:05:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--76d54bf8-8a5c-4d15-99a5-60099d75f33c",
"target_ref": "x-misp-object--85c6f32f-13fd-45fc-b553-04eea230334d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--82552fa3-f92d-4480-9f9f-465d4c89ab83",
"created": "2018-08-03T07:05:33.000Z",
"modified": "2018-08-03T07:05:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8fbcce78-3cbc-4071-b67d-dfe531d27c00",
"target_ref": "x-misp-object--19c2defe-70e2-4b45-9834-a0d0c63c4611"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ed05c875-6ccb-48ed-a475-a7146c0c64fb",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--18222cee-2ac0-47a1-8791-6744df043aad",
"target_ref": "x-misp-object--89416cc5-db81-4f92-9523-398c9f71e800"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0aebf98f-37ce-459f-a303-4b0c12fa80c6",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0e9b4bd9-14db-4902-9991-a206bcacc6f1",
"target_ref": "x-misp-object--b0a6a50d-3304-4eaf-9802-eb197d2ad89d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f271edbc-4d89-4bdb-9c01-10641dbb076e",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d4cb5445-b513-432b-97e4-b95f612ab3d4",
"target_ref": "x-misp-object--2b6f9fe6-6e77-420e-ad70-57285e0091df"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa963de2-7f71-4d7c-8736-c29d0bde32a8",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7c801ac7-ea1e-463d-91c4-d0cbd23b3109",
"target_ref": "x-misp-object--f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--09b51c3e-70db-4a96-a14e-0d5f6f0945a6",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7afe7225-8811-485e-8937-ab7bad8e74f0",
"target_ref": "x-misp-object--7d927d9b-6bc5-4668-9595-b58885c9cc0b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c7621388-ad2e-402e-976b-a81bda1c1e16",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--294d1429-59cd-4ad7-95d9-fc5b3661475a",
"target_ref": "x-misp-object--240a9164-aac0-4a1d-9f8c-ac58688889dd"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--33579eb3-38a2-44ad-83d7-9f643088e693",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0bf17bb7-e694-4e30-ae93-44dad8b167dc",
"target_ref": "x-misp-object--f600d536-ac39-4588-9ff8-63621d6d372b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e25deeb4-d73c-480c-a35a-efbdbbaef3df",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--95ac7141-73a2-4887-a57b-703e4ae18c8f",
"target_ref": "x-misp-object--8afbb632-1a98-404c-bde5-89b01c882fda"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d3ed4109-97e1-48d6-a97a-1f7b44747b94",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1b004d6a-4eaa-4144-80db-7ddfed3e1672",
"target_ref": "x-misp-object--1f8e9d51-4bc9-466f-ad49-357294ada4d8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--be5c67d8-befc-4da2-a318-d8b8536fce0d",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--764f0fcd-1ab1-4784-8f89-476df01f9e82",
"target_ref": "x-misp-object--4d24cad3-2421-48ad-9b73-2624715cd5dd"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--37d9f301-7d95-4db0-bbae-7f33a5b8e7db",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d5094d86-5aa2-4930-be67-590b666faf24",
"target_ref": "x-misp-object--68f98b66-dfff-4879-a93e-23798294887a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e5a6e873-c7fb-4062-a3c7-31e0ea559ced",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--52674802-1516-419a-bc3b-01dae5b5746f",
"target_ref": "x-misp-object--2b1648e9-577e-46f9-bdb3-f70186927dc3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa9c823a-52f8-4fcd-885e-1b1b6960357c",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--096da749-1936-41dd-96f3-cbdd247f2548",
"target_ref": "x-misp-object--bee97d03-cf53-441d-b24e-be6fe5aff6fe"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3da3a71a-5947-43e4-9316-f4ea1df49e9b",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fe9ff2db-3990-4476-af1f-4ea5fd9455ec",
"target_ref": "x-misp-object--3a3d31fe-1599-4535-8de1-073d022ac421"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--53cb517f-05a1-48ff-8b64-b41b2f0faa6a",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2c0a000b-4cb5-444e-b6e8-f5ce047774bc",
"target_ref": "x-misp-object--6a699fff-9d42-4ebc-835c-7063f752908c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--49b8ae12-aa49-424a-8f77-3918b186d599",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b41fba7b-7e99-46be-b244-3749274d6511",
"target_ref": "x-misp-object--2643e936-cbd4-4080-bf24-897926886b9c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cb9eb214-dd05-48ed-b302-2aef6a32a32a",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4024aa3c-18df-4452-a3b9-9f3e62fa105c",
"target_ref": "x-misp-object--242889dc-9946-48f0-bb16-b6044a619b37"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--301606a3-4079-4403-a39c-4aca56ac9748",
"created": "2018-08-03T07:05:34.000Z",
"modified": "2018-08-03T07:05:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--818160f4-21c2-45b6-be21-dd9eec574074",
"target_ref": "x-misp-object--250c1137-3bfa-446e-b1e3-9ac17421a058"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9dce78ce-dbee-4bb9-a287-f736b46b5408",
"created": "2018-08-03T07:05:35.000Z",
"modified": "2018-08-03T07:05:35.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1267f609-b45b-4b55-a0d1-ea1ae7db562d",
"target_ref": "x-misp-object--df4f13dc-e7db-4896-a560-3f428553d305"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b31f4121-98dd-4d39-8e12-ca1efe7039f8",
"created": "2018-08-03T07:05:35.000Z",
"modified": "2018-08-03T07:05:35.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6745208f-c8c8-4274-b672-890fb2779a26",
"target_ref": "x-misp-object--5f713e33-c562-4370-87c0-17a7a79034be"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4bad4218-95a0-47bd-a343-1ad564451617",
"created": "2018-08-03T07:05:35.000Z",
"modified": "2018-08-03T07:05:35.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7d5de9ae-0701-4641-b1dd-6db94f8b0ad6",
"target_ref": "x-misp-object--d9a9cd7a-cc40-41c7-ab06-8ca0b166726f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink