1458 lines
65 KiB
JSON
1458 lines
65 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5caefb63-cb90-4a86-abc2-4fcc950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5caefb63-cb90-4a86-abc2-4fcc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"name": "OSINT - OSINT Reporting Regarding DPRK and TA505 Overlap",
|
||
|
"published": "2019-04-11T08:57:43Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5caefb80-627c-44aa-958d-4941950d210f",
|
||
|
"url--5caefb80-627c-44aa-958d-4941950d210f",
|
||
|
"x-misp-attribute--5caefb9e-4ff4-4279-8eb1-4f34950d210f",
|
||
|
"indicator--5caefc2b-536c-4f65-8313-47ff950d210f",
|
||
|
"indicator--5caefc2b-5358-4bd8-a44b-45a2950d210f",
|
||
|
"indicator--5caefc2b-5960-4325-8f02-47de950d210f",
|
||
|
"indicator--5caefc2b-61e4-4911-b7e1-46a5950d210f",
|
||
|
"indicator--5caefc2b-c4c8-47f0-852d-4163950d210f",
|
||
|
"indicator--5caefc2b-b920-4108-818b-4bb7950d210f",
|
||
|
"indicator--5caefc2b-4cd8-4961-8370-4f9a950d210f",
|
||
|
"indicator--5caefc2b-3c5c-4319-b485-47ff950d210f",
|
||
|
"indicator--5caefc2b-03a4-41ba-a412-4114950d210f",
|
||
|
"indicator--5caefc2b-00f8-4b12-b9ce-4afb950d210f",
|
||
|
"indicator--5caefc2b-d480-4029-a1e2-4fa7950d210f",
|
||
|
"indicator--5caefc2b-7860-4a21-8938-4862950d210f",
|
||
|
"indicator--5caefc2b-4c4c-4c03-8cca-4c91950d210f",
|
||
|
"indicator--5caefc56-19c4-499d-b0ab-447b950d210f",
|
||
|
"indicator--5caefc9c-d268-486d-882b-4d9b950d210f",
|
||
|
"x-misp-object--5caeff81-12e0-4a18-bfa2-406b950d210f",
|
||
|
"indicator--0f82f247-68d7-432b-9207-6a651e249789",
|
||
|
"x-misp-object--f09e7ee6-1c63-4b54-8640-c296e0f51a48",
|
||
|
"indicator--ae0407a4-1c88-4dbe-8217-038a7f410235",
|
||
|
"x-misp-object--b02e8fad-5c20-428f-ae2f-97dc1a84a1b6",
|
||
|
"indicator--2826ff14-cad5-43cd-b6cd-6820a2d11785",
|
||
|
"x-misp-object--30b8618d-3d37-49c8-b5ce-d9b0b60bd069",
|
||
|
"indicator--ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
|
||
|
"x-misp-object--d97fb25c-3f24-4bab-acb7-2cb440918538",
|
||
|
"indicator--526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
|
||
|
"x-misp-object--122483b1-248c-4166-84bf-bf59cf4a598f",
|
||
|
"indicator--ab826329-510d-44a0-9899-82e9d734561e",
|
||
|
"x-misp-object--c98a3166-c9c2-4b97-b669-d844f7a15b50",
|
||
|
"indicator--8edf4809-f353-4a04-b77e-3e84960327b5",
|
||
|
"x-misp-object--b33073cd-b85f-46a3-929c-d7893547e63d",
|
||
|
"indicator--a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
|
||
|
"x-misp-object--c2aaa9d9-db45-4eab-9ca8-e285a677dc05",
|
||
|
"indicator--0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
|
||
|
"x-misp-object--8f375dd5-8169-46db-9da5-c71686b424b1",
|
||
|
"indicator--ade3118a-0418-44f4-9967-524ba203ee24",
|
||
|
"x-misp-object--b70df9f5-45ab-4369-a434-263514e9a1a5",
|
||
|
"indicator--e23b9b62-4226-4fd2-be50-d37fb7b643ea",
|
||
|
"x-misp-object--43bfebb6-83a2-48c1-8872-47102ef582aa",
|
||
|
"indicator--27704985-ae7f-4621-bfdb-e6b92e3eabff",
|
||
|
"x-misp-object--5475eb79-4664-4ee7-967d-5c8c1d19b715",
|
||
|
"indicator--847b7779-1090-43be-9436-9c851a0777d5",
|
||
|
"x-misp-object--e5f252bc-b462-4792-9999-ea950b1f633b",
|
||
|
"relationship--d3f3802d-57fb-4efa-9433-c6e375124772",
|
||
|
"relationship--2a160885-8d25-41d3-a549-2296e14dcd30",
|
||
|
"relationship--73c73e89-f96b-44fe-b079-e16bd03889c0",
|
||
|
"relationship--0ca66f17-55e3-4ac5-8476-f24f70271a2d",
|
||
|
"relationship--2fc1837e-5a64-45cf-9f2b-0fb98792b57e",
|
||
|
"relationship--77ed040b-160c-44e9-8993-8b0b8cf10e5b",
|
||
|
"relationship--63776d42-befd-4f06-aa92-bafe04c98ac4",
|
||
|
"relationship--c0c3ff45-8cad-49ad-b3b8-ed9f0fc0c863",
|
||
|
"relationship--a4b64dce-499d-49cb-b437-2a2a3737b0b1",
|
||
|
"relationship--7a551870-f2c2-4326-8130-0235ad0ad140",
|
||
|
"relationship--559d7440-4c85-4b56-b74b-570238c0b286",
|
||
|
"relationship--08e5074a-9c6c-4f80-81af-7a320343ce85",
|
||
|
"relationship--e666ded5-84e3-4547-8372-2cb8bbe6bd2b",
|
||
|
"relationship--7522add7-e586-41d8-97aa-72c626c885be"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\"",
|
||
|
"misp-galaxy:threat-actor=\"TA505\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5caefb80-627c-44aa-958d-4941950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:32:00.000Z",
|
||
|
"modified": "2019-04-11T08:32:00.000Z",
|
||
|
"first_observed": "2019-04-11T08:32:00Z",
|
||
|
"last_observed": "2019-04-11T08:32:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5caefb80-627c-44aa-958d-4941950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5caefb80-627c-44aa-958d-4941950d210f",
|
||
|
"value": "https://norfolkinfosec.com/osint-reporting-on-dprk-and-ta505-overlap/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5caefb9e-4ff4-4279-8eb1-4f34950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:32:30.000Z",
|
||
|
"modified": "2019-04-11T08:32:30.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Yesterday, at SAS2019, BAE Systems presented findings related to DPRK SWIFT heist activity that took place in 2018. As part of this research (a leaked video of the presentation is available online), BAE included two key points not previously disclosed in the public domain:\r\n\r\n\u00e2\u20ac\u201c The existence of a PowerShell backdoor attributable to DPRK, which the researchers dubbed PowerBrace\r\n\u00e2\u20ac\u201c A possible overlap between TA505 intrusions and DPRK intrusions, suggesting a possible hand-off between the two groups.\r\n\r\nThis blog will leave a full analysis of those two points and the supporting context to the people that found them, as it\u00e2\u20ac\u2122s theirs to share; however, data that may support such conclusions have been available in open source for quite some time.\r\n\r\nIn early January, VNCert issued an alert regarding attacks targeting financial institutions, containing a mix of DPRK IOCs (including a keylogger referred to as PSLogger previously analyzed by this blog), TA505 IOCs (previously published by 360 TIC), and a handful of PowerShell scripts that are generally identical aside from a handful of configuration changes. Furthermore, the aforementioned keylogger was first uploaded by a submitter (fabd7a52) in Pakistan in December 2018. That same submitter acted as the first uploader for one of the PowerShell samples identified below (b88d4d72fdabfc040ac7fb768bf72dcd), further corroborating a possible link.\r\n\r\nGiven the multi-sourced reporting overlaps and the additional Pakistan findings mentioned above, this blog assesses that the PowerShell scripts in question likely belong to the same family of DPRK-attributable malware reported by BAE systems."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-536c-4f65-8313-47ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '5b7244c47104f169b0840440cdede788']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-5358-4bd8-a44b-45a2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cc29adb5b78300b0f17e566ad461b2c7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-5960-4325-8f02-47de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e00499e21f9dcf77fc990400b8b3c2b5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-61e4-4911-b7e1-46a5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '53f7be945d5755bb628deecb71cdcbf2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-c4c8-47f0-852d-4163950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '9c35e9aa9255aa2214d704668b039ef6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-b920-4108-818b-4bb7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2e0d13266b45024153396f002e882f15']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-4cd8-4961-8370-4f9a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '26f09267d0ec0d339e70561a610fb1fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-3c5c-4319-b485-47ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '09e4f724e73fccc1f659b8a46bfa7184']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-03a4-41ba-a412-4114950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b12325a1e6379b213d35def383da2986']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-00f8-4b12-b9ce-4afb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8a41520c89dce75a345ab20ee352fef0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-d480-4029-a1e2-4fa7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7c651d115109fd8f35fddfc44fd24518']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-7860-4a21-8938-4862950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b88d4d72fdabfc040ac7fb768bf72dcd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc2b-4c4c-4c03-8cca-4c91950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:34:51.000Z",
|
||
|
"modified": "2019-04-11T08:34:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3be75036010f1f2102b6ce09a9299bca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:34:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc56-19c4-499d-b0ab-447b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:35:34.000Z",
|
||
|
"modified": "2019-04-11T08:35:34.000Z",
|
||
|
"description": "C&C",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.95.14.128']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:35:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5caefc9c-d268-486d-882b-4d9b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:38:08.000Z",
|
||
|
"modified": "2019-04-11T08:38:08.000Z",
|
||
|
"description": "PowerShell Backdoor",
|
||
|
"pattern": "[file:hashes.MD5 = 'b12325a1e6379b213d35def383da2986' AND file:name = 'ICAS.ps1' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:38:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5caeff81-12e0-4a18-bfa2-406b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:49:05.000Z",
|
||
|
"modified": "2019-04-11T08:49:05.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"script\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "script",
|
||
|
"value": "import base64\r\nimport re\r\n\r\nc = open(\"c:\\\\users\\\\[username]\\\\desktop\\\\[filename]\").readlines()\r\n\r\nline_list = []\r\n\r\nfor line in c:\r\n #print(line)\r\n try:\r\n enc = re.search(\"(?<=\\$\\(\\[Text.Encoding\\]::Unicode.GetString\\(\\[Convert\\]::FromBase64String\\().*?(?=\\))\",line).group()\r\n\t\tprint(line)\r\n\t\tprint(enc)\r\n\t\td = ('\"' + base64.b64decode(enc) + '\"')\r\n\t\te = (re.sub(\"\\$\\(\\[Text.Encoding\\]::Unicode.GetString\\(\\[Convert\\]::FromBase64String\\(.*?\\)\\)\\)\",d,line))\r\n\t\tf = re.sub(\"\\0\",\"\",e)\r\n\t\tline_list.append(f)\r\n \r\n except:\r\n line_list.append(line)\r\n\r\n\r\nwith open(\"c:\\\\users\\\\[username]\\\\desktop\\\\laz_decoded.ps1\",\"wt\") as t:\r\n for unit in line_list:\r\n t.write(unit)",
|
||
|
"category": "Other",
|
||
|
"uuid": "5caeff81-5fac-4c75-9599-4c5c950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "language",
|
||
|
"value": "Python",
|
||
|
"category": "Other",
|
||
|
"uuid": "5caeff81-ebc8-44c0-a1a5-4c95950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "comment",
|
||
|
"value": "Support for decrypting",
|
||
|
"category": "Other",
|
||
|
"uuid": "5caeff81-901c-4033-975f-404d950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "state",
|
||
|
"value": "Trusted",
|
||
|
"category": "Other",
|
||
|
"uuid": "5caeff81-08f0-4464-8219-479b950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "script"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0f82f247-68d7-432b-9207-6a651e249789",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:38.000Z",
|
||
|
"modified": "2019-04-11T08:54:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b12325a1e6379b213d35def383da2986' AND file:hashes.SHA1 = 'c48ff39e5efc6ca60c31200344c47b5de3b3605d' AND file:hashes.SHA256 = '6ed6ac7b499f7fa613949c412b4245dd21c684192afd3de5614575c37cf35e1f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f09e7ee6-1c63-4b54-8640-c296e0f51a48",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:38.000Z",
|
||
|
"modified": "2019-04-11T08:54:38.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-03-02T21:11:05",
|
||
|
"category": "Other",
|
||
|
"uuid": "03826117-eb1a-42e4-bd88-75ffe1331ae3"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6ed6ac7b499f7fa613949c412b4245dd21c684192afd3de5614575c37cf35e1f/analysis/1551561065/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "f472bf32-b7a3-4727-978c-4b0cc5a28951"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "18/53",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "3d6944b2-214f-44b3-915c-b7f214edec33"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ae0407a4-1c88-4dbe-8217-038a7f410235",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:38.000Z",
|
||
|
"modified": "2019-04-11T08:54:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b88d4d72fdabfc040ac7fb768bf72dcd' AND file:hashes.SHA1 = '3f1735ddba2fffa2814319079bcf8d8c4431147e' AND file:hashes.SHA256 = '52eb8f654d33f1d5c34b5bae0d83360158d8eccc32ddcbb555d7b1b7c943842c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b02e8fad-5c20-428f-ae2f-97dc1a84a1b6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:38.000Z",
|
||
|
"modified": "2019-04-11T08:54:38.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-03-13T11:40:15",
|
||
|
"category": "Other",
|
||
|
"uuid": "67a5a105-747a-495f-88e5-fe4154efefa2"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/52eb8f654d33f1d5c34b5bae0d83360158d8eccc32ddcbb555d7b1b7c943842c/analysis/1552477215/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "eff5c459-06ee-4f01-8fd4-67fb402a01db"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "15/57",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "ac1bb17b-a429-4ea9-bc8f-e79587181035"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2826ff14-cad5-43cd-b6cd-6820a2d11785",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:38.000Z",
|
||
|
"modified": "2019-04-11T08:54:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '53f7be945d5755bb628deecb71cdcbf2' AND file:hashes.SHA1 = 'dc560698ced8b4dffd7b35c7dcb82822a2d3c134' AND file:hashes.SHA256 = 'a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--30b8618d-3d37-49c8-b5ce-d9b0b60bd069",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-03-28T10:36:15",
|
||
|
"category": "Other",
|
||
|
"uuid": "95a8bf34-e34f-4726-a1bc-3f38cec9bf23"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a/analysis/1553769375/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "bb5bf427-258a-4898-8f5c-f55f512674e6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "36/60",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "94da223c-c4ac-4bb8-aaba-9997177c2e30"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '5b7244c47104f169b0840440cdede788' AND file:hashes.SHA1 = '0415eda9cbd038a8aed69cc35641338b65bb89f6' AND file:hashes.SHA256 = '4939fcb4ef14b21219c55c9de93f607915cc8b36399b47ef5edd8fa6e693ce08']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d97fb25c-3f24-4bab-acb7-2cb440918538",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-04-09T05:38:29",
|
||
|
"category": "Other",
|
||
|
"uuid": "6b1e308e-d573-402f-a5a1-3a2c524a89cf"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/4939fcb4ef14b21219c55c9de93f607915cc8b36399b47ef5edd8fa6e693ce08/analysis/1554788309/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "beef1671-1aa1-4056-b511-24f26bb631b7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "44/67",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "639f2415-b7fa-45bc-9eca-013da84ad048"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e00499e21f9dcf77fc990400b8b3c2b5' AND file:hashes.SHA1 = '04b5be447def79e43d4329611c0e0800d784820a' AND file:hashes.SHA256 = 'c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--122483b1-248c-4166-84bf-bf59cf4a598f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-03-29T01:50:32",
|
||
|
"category": "Other",
|
||
|
"uuid": "a2f2a35a-38f1-4baf-9f1c-911bbf33b34a"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4/analysis/1553824232/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "96a16ff6-d8d9-4090-90f0-cf846ec2a861"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "43/66",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "ce5bebb0-870f-45aa-89a8-a140adf6d741"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ab826329-510d-44a0-9899-82e9d734561e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2e0d13266b45024153396f002e882f15' AND file:hashes.SHA1 = 'f4b9f05f9c774b65c9581aa06a2fac1eca94704d' AND file:hashes.SHA256 = '54e35e0b763d45d3974fc5d01c446a6a1cc123fb7bb09646064ea008137adffe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c98a3166-c9c2-4b97-b669-d844f7a15b50",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-03-01T01:42:59",
|
||
|
"category": "Other",
|
||
|
"uuid": "6cf19386-ae30-42f3-acc1-9e09454bb2a2"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/54e35e0b763d45d3974fc5d01c446a6a1cc123fb7bb09646064ea008137adffe/analysis/1551404579/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "2b0f36cb-0e63-4bbc-b115-3cd04d4b509b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "22/52",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "846d62d1-661f-4760-8119-c80945b1b121"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8edf4809-f353-4a04-b77e-3e84960327b5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8a41520c89dce75a345ab20ee352fef0' AND file:hashes.SHA1 = '3ad86e1776018eb3743be06996d7a63963673a57' AND file:hashes.SHA256 = '8a0e6c50a6483f2f01a458cd0cb4e485605778c42c9708b07b820968132efb76']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b33073cd-b85f-46a3-929c-d7893547e63d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-02-15T04:42:30",
|
||
|
"category": "Other",
|
||
|
"uuid": "ad30c3eb-63ff-4472-9be6-9e94096a9fcc"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/8a0e6c50a6483f2f01a458cd0cb4e485605778c42c9708b07b820968132efb76/analysis/1550205750/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "81d19681-e6df-4292-8879-f08548f83b3c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "12/56",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "1cea6915-795d-467a-a6d1-a5e13b4cc244"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '9c35e9aa9255aa2214d704668b039ef6' AND file:hashes.SHA1 = '9b47b600e25f6f552acd6228d08e1bac0861c082' AND file:hashes.SHA256 = '752ab2023ef74bd2974e18e81dbb9f969c347e2104c045ae8f6f778a77f6199f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c2aaa9d9-db45-4eab-9ca8-e285a677dc05",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:39.000Z",
|
||
|
"modified": "2019-04-11T08:54:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-02-21T00:44:10",
|
||
|
"category": "Other",
|
||
|
"uuid": "df2b4a00-71b9-444d-b078-56c85e283350"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/752ab2023ef74bd2974e18e81dbb9f969c347e2104c045ae8f6f778a77f6199f/analysis/1550709850/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "e85ec22e-ec4f-46df-b1f8-e42dbeecc797"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "26/57",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "f7b1e661-152d-42a5-ab45-e3faa856230c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:40.000Z",
|
||
|
"modified": "2019-04-11T08:54:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cc29adb5b78300b0f17e566ad461b2c7' AND file:hashes.SHA1 = '67d2d7af7d04565b252eeea28d58fcfb61d4aa4c' AND file:hashes.SHA256 = 'db3d9a3f3e44818853e7273cae5dc9b0921c38ceb8b554a980251826e985e37f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8f375dd5-8169-46db-9da5-c71686b424b1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:40.000Z",
|
||
|
"modified": "2019-04-11T08:54:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-02-21T00:30:03",
|
||
|
"category": "Other",
|
||
|
"uuid": "c1abf0e9-f39e-409e-b0a2-45182ec40e87"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/db3d9a3f3e44818853e7273cae5dc9b0921c38ceb8b554a980251826e985e37f/analysis/1550709003/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "48454521-3db4-43eb-b51d-101cb51ba7ca"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "34/59",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "81aaf368-3c2d-410f-bdff-5f4b8e51f80c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ade3118a-0418-44f4-9967-524ba203ee24",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:40.000Z",
|
||
|
"modified": "2019-04-11T08:54:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3be75036010f1f2102b6ce09a9299bca' AND file:hashes.SHA1 = 'c47c00040779225593d23fb105892f544e4f7966' AND file:hashes.SHA256 = 'fd7c2afabbfc3b20ec73d5719eba04195c59b4a70b2de266995438032e1e80ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b70df9f5-45ab-4369-a434-263514e9a1a5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-02-19T05:20:12",
|
||
|
"category": "Other",
|
||
|
"uuid": "2b3f2295-7e97-4d86-bc07-0bc9c3a979ce"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/fd7c2afabbfc3b20ec73d5719eba04195c59b4a70b2de266995438032e1e80ef/analysis/1550553612/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "0b19c5be-e1e2-470f-8821-a2ec8f5ce62e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "12/56",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "35466d48-f6cf-4f90-a1f3-7c9a024e55aa"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e23b9b62-4226-4fd2-be50-d37fb7b643ea",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '26f09267d0ec0d339e70561a610fb1fd' AND file:hashes.SHA1 = '8d0d5f1bfd5f1d13eb2c44d9dc31a91d80ee69db' AND file:hashes.SHA256 = '6f807662e04b5cfb85bc892e27a29994ddcf78e7c3311581753761fede3d5bd1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--43bfebb6-83a2-48c1-8872-47102ef582aa",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-02-28T01:32:54",
|
||
|
"category": "Other",
|
||
|
"uuid": "372f3141-dc25-4241-8cef-b1f6afb29b74"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6f807662e04b5cfb85bc892e27a29994ddcf78e7c3311581753761fede3d5bd1/analysis/1551317574/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "e50ac75b-0881-4ca9-b651-74bafd3239b9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "23/54",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "95ea6470-32f9-4e41-a39b-00419bf6eab4"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--27704985-ae7f-4621-bfdb-e6b92e3eabff",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7c651d115109fd8f35fddfc44fd24518' AND file:hashes.SHA1 = 'a62b7b3b43127e213090590cae18f3432e2f7f57' AND file:hashes.SHA256 = '56102f70df2e481a91d3be1e33facd7e220e2b685405ddf873f3ab079e99873e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5475eb79-4664-4ee7-967d-5c8c1d19b715",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-03-13T11:41:37",
|
||
|
"category": "Other",
|
||
|
"uuid": "f4accdef-6776-4be1-883e-1adab8684282"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/56102f70df2e481a91d3be1e33facd7e220e2b685405ddf873f3ab079e99873e/analysis/1552477297/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "2b892246-97bc-478e-99ca-ed590ab43938"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "13/56",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "ea38c96f-7044-4892-8dd9-fdfa1a997299"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--847b7779-1090-43be-9436-9c851a0777d5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '09e4f724e73fccc1f659b8a46bfa7184' AND file:hashes.SHA1 = '2c98ee7d46006dadff275a3bea49b9a56c0f301d' AND file:hashes.SHA256 = '28a53479fd83579057f9784c14a006d36ea3ed8625bd640cfc64ddb07b58d169']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-04-11T08:54:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e5f252bc-b462-4792-9999-ea950b1f633b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-04-08T01:22:20",
|
||
|
"category": "Other",
|
||
|
"uuid": "873fed9e-a063-41a9-b665-fc3484492996"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/28a53479fd83579057f9784c14a006d36ea3ed8625bd640cfc64ddb07b58d169/analysis/1554686540/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "e71667f0-1874-45fc-8cc7-ad24c09dd7d9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "24/59",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "c0e860c3-1179-49e1-97d7-df48dfbac249"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d3f3802d-57fb-4efa-9433-c6e375124772",
|
||
|
"created": "2019-04-11T08:38:07.000Z",
|
||
|
"modified": "2019-04-11T08:38:07.000Z",
|
||
|
"relationship_type": "connects-to",
|
||
|
"source_ref": "indicator--5caefc9c-d268-486d-882b-4d9b950d210f",
|
||
|
"target_ref": "indicator--5caefc56-19c4-499d-b0ab-447b950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2a160885-8d25-41d3-a549-2296e14dcd30",
|
||
|
"created": "2019-04-11T08:54:41.000Z",
|
||
|
"modified": "2019-04-11T08:54:41.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--0f82f247-68d7-432b-9207-6a651e249789",
|
||
|
"target_ref": "x-misp-object--f09e7ee6-1c63-4b54-8640-c296e0f51a48"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--73c73e89-f96b-44fe-b079-e16bd03889c0",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ae0407a4-1c88-4dbe-8217-038a7f410235",
|
||
|
"target_ref": "x-misp-object--b02e8fad-5c20-428f-ae2f-97dc1a84a1b6"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--0ca66f17-55e3-4ac5-8476-f24f70271a2d",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--2826ff14-cad5-43cd-b6cd-6820a2d11785",
|
||
|
"target_ref": "x-misp-object--30b8618d-3d37-49c8-b5ce-d9b0b60bd069"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2fc1837e-5a64-45cf-9f2b-0fb98792b57e",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
|
||
|
"target_ref": "x-misp-object--d97fb25c-3f24-4bab-acb7-2cb440918538"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--77ed040b-160c-44e9-8993-8b0b8cf10e5b",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
|
||
|
"target_ref": "x-misp-object--122483b1-248c-4166-84bf-bf59cf4a598f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--63776d42-befd-4f06-aa92-bafe04c98ac4",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ab826329-510d-44a0-9899-82e9d734561e",
|
||
|
"target_ref": "x-misp-object--c98a3166-c9c2-4b97-b669-d844f7a15b50"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c0c3ff45-8cad-49ad-b3b8-ed9f0fc0c863",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--8edf4809-f353-4a04-b77e-3e84960327b5",
|
||
|
"target_ref": "x-misp-object--b33073cd-b85f-46a3-929c-d7893547e63d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a4b64dce-499d-49cb-b437-2a2a3737b0b1",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
|
||
|
"target_ref": "x-misp-object--c2aaa9d9-db45-4eab-9ca8-e285a677dc05"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7a551870-f2c2-4326-8130-0235ad0ad140",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
|
||
|
"target_ref": "x-misp-object--8f375dd5-8169-46db-9da5-c71686b424b1"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--559d7440-4c85-4b56-b74b-570238c0b286",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ade3118a-0418-44f4-9967-524ba203ee24",
|
||
|
"target_ref": "x-misp-object--b70df9f5-45ab-4369-a434-263514e9a1a5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--08e5074a-9c6c-4f80-81af-7a320343ce85",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--e23b9b62-4226-4fd2-be50-d37fb7b643ea",
|
||
|
"target_ref": "x-misp-object--43bfebb6-83a2-48c1-8872-47102ef582aa"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e666ded5-84e3-4547-8372-2cb8bbe6bd2b",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--27704985-ae7f-4621-bfdb-e6b92e3eabff",
|
||
|
"target_ref": "x-misp-object--5475eb79-4664-4ee7-967d-5c8c1d19b715"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7522add7-e586-41d8-97aa-72c626c885be",
|
||
|
"created": "2019-04-11T08:54:42.000Z",
|
||
|
"modified": "2019-04-11T08:54:42.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--847b7779-1090-43be-9436-9c851a0777d5",
|
||
|
"target_ref": "x-misp-object--e5f252bc-b462-4792-9999-ea950b1f633b"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|