misp-circl-feed/feeds/circl/misp/5af14f0e-3778-4a34-8cab-8659950d210f.json

1221 lines
346 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5af14f0e-3778-4a34-8cab-8659950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:57.000Z",
"modified": "2018-05-08T12:28:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5af14f0e-3778-4a34-8cab-8659950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:57.000Z",
"modified": "2018-05-08T12:28:57.000Z",
"name": "OSINT - \u00e2\u20ac\u0153Cyber Conflict\u00e2\u20ac\u009d Decoy Document Used In Real Cyber Conflict",
"published": "2018-05-08T12:29:19Z",
"object_refs": [
"observed-data--5af14f39-0310-4038-8195-89ee950d210f",
"url--5af14f39-0310-4038-8195-89ee950d210f",
"x-misp-attribute--5af16d3e-86f0-4bf2-b3a5-4e4b950d210f",
"observed-data--5af17136-817c-464f-9279-4311950d210f",
"file--5af17136-817c-464f-9279-4311950d210f",
"artifact--5af17136-817c-464f-9279-4311950d210f",
"observed-data--5af17145-c94c-4497-951b-411b950d210f",
"file--5af17145-c94c-4497-951b-411b950d210f",
"artifact--5af17145-c94c-4497-951b-411b950d210f",
"observed-data--5af1715d-0250-4124-81df-bc75950d210f",
"file--5af1715d-0250-4124-81df-bc75950d210f",
"artifact--5af1715d-0250-4124-81df-bc75950d210f",
"observed-data--5af173ac-a6d4-4f96-b4ac-5a17950d210f",
"windows-registry-key--5af173ac-a6d4-4f96-b4ac-5a17950d210f",
"observed-data--5af1754a-aa0c-46de-a87a-45e5950d210f",
"mutex--5af1754a-aa0c-46de-a87a-45e5950d210f",
"indicator--5af1764b-e398-4941-83b0-423d950d210f",
"indicator--5af17259-2c04-4ffc-9fb7-4848950d210f",
"indicator--5af17269-f3bc-4264-bd4c-4391950d210f",
"indicator--5af174a8-3934-4a04-994d-89b8950d210f",
"indicator--5af18d58-4168-49b7-9f76-d121950d210f",
"indicator--5af18d6e-218c-465e-a8b5-48ca950d210f",
"indicator--5af18d82-ca68-45eb-bde2-4956950d210f",
"indicator--5af18ecd-932c-4679-ad81-42b2950d210f",
"indicator--5af18eea-b254-48be-9965-420a950d210f",
"indicator--d01a1f56-520d-43dd-a8dc-128ea3686b56",
"x-misp-object--f06f0463-2e37-478d-b082-8d44e89bd6d1",
"indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"x-misp-object--1d43848d-7842-4357-8161-4f692dbe6364",
"indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"x-misp-object--5f6c2742-b8c2-4538-80fa-402df8bc6f3d",
"indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"x-misp-object--8f43be07-b484-4985-a388-2150078f89b2",
"indicator--2d06f66e-76ae-473b-9561-bd22199dbd80",
"x-misp-object--09e5ec0c-0ae8-4654-ad36-b23fdd405bb2",
"indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"x-misp-object--0ba9aa23-ed52-4caf-b6ae-9415d8006bee",
"x-misp-object--afb022c9-8751-4226-8cb9-110026ddc73c",
"x-misp-object--5a6ce1ca-0ce4-4112-acf0-f759f554e4d3",
"x-misp-object--9e68a641-1e38-4f66-9db2-7d29d978a9dd",
"x-misp-object--86e9947c-958f-4a76-9314-9eafcbcb9de5",
"x-misp-object--483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20",
"x-misp-object--0f9c57e5-2917-4305-b828-df759cfe478b",
2023-06-24 09:36:52 +00:00
"relationship--2a53a555-bd4e-43a8-83fc-d96ef095899a",
"relationship--f1fa327b-012d-47bd-997a-91310b712761",
"relationship--392ee048-b017-47f0-a8d6-31bdbc5c03fc",
"relationship--48372305-fd9a-495b-b19d-6b5e68d2b0fd",
"relationship--acd59767-e0ea-46b6-9322-640ceac7501b",
"relationship--49f9f7c6-f441-45ae-b3e6-36eb3301961c",
"relationship--4dce83eb-888f-459f-940c-1925a6c8d197",
"relationship--c457915e-01d9-4e44-8e15-312a5d154307",
"relationship--f9efa3ee-709a-42e6-8298-29705fb43fbe",
"relationship--58ebbab3-1448-494f-8c77-30590262cf19",
"relationship--805252f2-cf7c-4b9a-b404-bd4b545424c8",
"relationship--c9e31d14-41a9-457c-a6df-a2aa17c470fc",
"relationship--6d1e3c8c-2910-4310-8e09-ab9719a56218"
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:tool=\"GAMEFISH\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"",
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"",
"osint:source-type=\"blog-post\"",
"workflow:todo=\"add-tagging\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af14f39-0310-4038-8195-89ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:36.000Z",
"modified": "2018-05-08T12:28:36.000Z",
"first_observed": "2018-05-08T12:28:36Z",
"last_observed": "2018-05-08T12:28:36Z",
"number_observed": 1,
"object_refs": [
"url--5af14f39-0310-4038-8195-89ee950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5af14f39-0310-4038-8195-89ee950d210f",
"value": "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5af16d3e-86f0-4bf2-b3a5-4e4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:39.000Z",
"modified": "2018-05-08T12:28:39.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u00e2\u20ac\u00a6). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. CyCon US is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af17136-817c-464f-9279-4311950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:39.000Z",
"modified": "2018-05-08T12:28:39.000Z",
"first_observed": "2018-05-08T12:28:39Z",
"last_observed": "2018-05-08T12:28:39Z",
"number_observed": 1,
"object_refs": [
"file--5af17136-817c-464f-9279-4311950d210f",
"artifact--5af17136-817c-464f-9279-4311950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5af17136-817c-464f-9279-4311950d210f",
"name": "screen1.png",
"content_ref": "artifact--5af17136-817c-464f-9279-4311950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5af17136-817c-464f-9279-4311950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABAIAAAK+CAIAAAC3mivWAAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7J15YBPF/sC/s0nvK0ApLVdTLrkpIHIINKAo6u9BQVDg6aOoIKhIUVBRkCKIKCp4PEEOLR6AglKoj0OlTaFKAaUph9yQlhbaQmHTM+fO749NtmmOzWaTtmmZz+PV3dk5vrM7u/l+Z74zg8rLywEAADSV1UAgEAgEAoFAIBDuAqSeJGYYLCQaRSFPSiEQCAQCgUAgEAjepY4Z8MWP59KUhdVak8tkGFsZADxKfl0zASHx9kBwoCRR0f6FJ7pbBzIMc/168R1aIzrb+qaFLKJt22iKohpbEAKBQCAQCAQCoZZaM+Cz7ed+/C2/95gHdEYK83bz115FdaLVMQ0cKvy4TigSPEqAKBQgZbYdOGhiYO4UsyXAMEzR9WKa1jwyRiEwn4Zn329KDNCOWAIEAoFAIBAIBF8CcXMDBv57dxfFKF2N0aQ3Ygy2PfkWLOMAVlex1YAAG+zstG7R5v+4HiJACIHEXxoQJL2kzMz4cgwbajKZ/jl7wZdtAJZ9vyl79ugmkUgaWxACgUAgEAgEAsFM7WiA3sDo9EZ9jdZkMNbp2LfC1gbAAAhxkW3S2Gr3XEzkIJYLYwAhiUkKkkC9geHCGIbhSeFTMAxDzAACgUAgEAgEQn3zT37V3xcr8kv1BaUlANAxKiQ2Kmhg15Y9YyNsYtaZG8AY9IxRzxgMzvLFGNexAVgcqvcA2DoKqnuCsVVsQZYAQgxjqONX07TMgMYWgUAgEAgEAoHQnCml9Qf+un34dHmbluEQ6N+mUwcA0Gnh2BU4/PeFEf0iHx4cE9UikItfxwwwmYwmo95kdGwG1BkKwAgQBkAYs/7+CAN24EbEXgOzEcAaCwhYG6COZQAuBwQobDLVkRY7GbLwQZqQqAQCgUAgEAiEJkcprd/1x63CMuqeTuEAMgCQRwMAqItpkAHIOhwroG9pC6cmtI+2WAJ1RwNcmwEYABBG2KL2I9YAYEcErByEajEPBLCKP7akRgDYZowA+C0BCjMmfxuBBN0VX6AJiUogEAgEAoFAaGoc+Ot2YRklk8kAIL47JA6RWa7IlCo6LYeWyWRXSuk9R2/MGhvHXrAZDTCYjAajUe8wd4sZYOnct+jwnBFQZ65wbTJzTIRYQ8FCrXUAYB5JQLxmAJhMdewTR6MPPkoTEpVAIBAIBAKB0LT4J7/q8OnyezqFAwAEmm0AlRpU5+gkhUwRL1OrQVVMywJlB/OuDbmnZd+4CACo422PGSOD9QxT5x9mDLb/TAbMGBiTAZsMDGNkDNpTGx86vXHM6U1jTm8cYzLoTHrd6Y1jTHqdyaA7vWkMY9BhxsiYjJhNYjJgkwEbDZgxYKMBTAZsMtqXYiMGg/WYMYq+O/+a9DTPqU8xZfLj7D9v5eaVfHjy967AUJ8y+87d8O4d8wUcVoenjtwl+wOfQlwL95G62IvBhviIeAQCgUDgYeeuPXNfeWPnrj1CIv99saJNS7MvULwcAEClhtT9apWaVp6jAUAuB9ACAPgHheWcv82mcnsXYcR6uCDzngEIg8lkAoDYid8ioJBUEhAQDIA6T/3JT+qPMQMAJqNR6i8B1h8IMEKAkdl/yNoriMCyfcdPUyY/vn3HT40tiFA4UZuW2PWEkLvRXG+UTb34dU37O+Cz90REC/fZurD4uHgEAoFA2LlrT9bhP7d+tW7aM3MAYNKEcfzx80v1EGh2nledo5XnaFbpB4B4uXlkAABoAFkgXCmoYS/VjgYghDBmGBNmTIz1P5PJZGJMJsbE2IAZBjCDTawZQPn5SwODpP4BiEIY4cvbHscIsyvksNFNRuPprx858/WjRpMRMwzDYIwZBjOMicFWubJlmdgC6/zDGDOe7EPsjH9Nepr95zDE5pLDkPqD67qz0ahsQuxPrQMbuOPZYdepwy5VgYLZJLSvqcNCHd4Q4YV6F3v5bUKcSctz1dkddpjKYUhDwv+AbEJc1lFEK/I6/G3SmYT8TdTrsH0K1qWwBoCPiEcgEAgEh3A2AABs/Wpd1uE/XY4JFJSWgHneL02DueNfLpOtnS2XySBNSavVNG2OK7t6o4o9qjtFmMEMZhjMIM7Hn/1v7RJBtQv+ADsbAGN2/uvVH55kU3Sfno5NJgBgTCaurx9j5tw342If34oA1D9N6/Gf3SCRAMZczhgwAMa4tmSrhUkxADCYYRjsYO6BYBzq7v+a9HT6zm/tj9kDLoTnoL6x/uW2OXAWgSdyA8Avg7XCIVBCl32xDivuMJ9G6Ya3qamNGAIfn/CrQiLUE9ZVYw+4x+1uh7rLO+BWbl5H+I1txDdRCD4uHoFAINyFWNsALMLHBKxtAABITpQBwNo0iw1gDqe52LVmAEIIA2CMLLq2ZTl/y2UMmF3Nx7xrGOvQQyGQSACgfeI3lERCSaQBAUFcDpjtvEcUO2KQ/9M0NjMTZiRIanEsYstgAANmZwmzmxgja0uAFQyQB3aAtdbuSXd+A88rcOg7Ya/2uUxVfzhU9dxK6FZMrvq+qbjY3w1wVVP+xyfu4dqk8oXb5VaPsnDfmwaol8tnyt8meWI2QEt2WUrjikcgEAgEG6xtgGnPzOHGBKY9M4fHDOgYFaLTAh1YawMAAK0FtRrq2gBAayEuJoQ9thoNYJf0RKh2OR/WBQchy0UErFc/WELN+wgjAAgIDpJK/IFClEQKBgMAIAohjNkDNr8OE7+jEACiAkNCEUUhdrVRDAhhAApjQMBaAZbVRXHt6AMg5GIpoYaiYQYB+LH5bW7cH2mb0h06HghJ6AzhGfoCDkUVONwh4qrwVA2jz3EjAKJbhbgS67VeIp6puJiNgo+LRyAQCHct056ZkzBiGGcJ8BMbFXTsCsii6wSmpKrBuvMfAIAGLXSKC2JP6o4GIAAEmO3p57T+2lEBjBDCrNqPEaaAYlf5lFAAIPUP8AsIAgDAwDAmAEBSCmEEAJREwqryAcHBUqkUEEX5SRCSmGcJY3ZcgbFMPraMBmAECGPLcqSAACMAqvHNAIJoGsuHu+ELJX2o9UdjWYPkmRIIBAKhAWBVf/aA7f7nTnlSDeza8vDfF0DWoTZIC2uT5QCQtEptCaJBC/qaiiE9Y9jzOmYAQhJAEoQk5m55c6DZJrCMAiCz/5D5AjBGKQBQEqlEKmWnDUgYIwBQlJ85Z4kUIdRl2s+Xtk5kQ3rP/h1REku/PwMMooDBGFGsxs9utoUxxhghMG9UjCQISbw+GpC+81vOyUdIN7+78UXATTHkWWcGrPrwHHpgczjrna0/bGYl2shgLSqP2NYyO8uQ/w7wF9qQjvICH5CIq86i2adqyDbgsBT7hygiW/sH2iht2+EddmYk8MdsyCEal8+lscQjEAgEgjWTJoyzdv6xOXVGz9iIEf0ijxXQ7PZhrAsQXWcggAYt0Fp4YEBk384RbBAqLy9nj/o/9UtEj27a8gqj3mBW/5G1GcDuAQYIIcpiJWAEFCCDXquvqfYPDvHzDwQABGDQ63Q1VQFBIRjAUFPlFxQikUqNep2+upphGImfJCAoTCr1Y1iXIEAYmNodii2A2RAA9v9Sf7/AsLDy8xcy141mBa6pqb50Of+RMQqPbnb9s+83ZZfOsUFBwY0tiE/gLa2CaCd3M+TpEwgEAoFgQ+kd7fdZhVdKjbJAGXC+QNy0YC3QWhgQJ536QPvoluZFhaxHAwABBUhqdvyx2ACIQgiB5X8YUQgBohCF2XkCiPKXUH7SQMpfQlESc1aUxM8vgJJSgJG/NICSSiiKkvpJ/fz8McMAkkj9/ICiKLa/HxADjPnQrPpjzADGGCGzGYAZDEiKEOXJFGFCY2EzB9EruREt8G7Du62IQCAQCIRmRlSLwKkJ7fccvXEw75p/UJgsEAB
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af17145-c94c-4497-951b-411b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:38.000Z",
"modified": "2018-05-08T12:28:38.000Z",
"first_observed": "2018-05-08T12:28:38Z",
"last_observed": "2018-05-08T12:28:38Z",
"number_observed": 1,
"object_refs": [
"file--5af17145-c94c-4497-951b-411b950d210f",
"artifact--5af17145-c94c-4497-951b-411b950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5af17145-c94c-4497-951b-411b950d210f",
"name": "screen2.png",
"content_ref": "artifact--5af17145-c94c-4497-951b-411b950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5af17145-c94c-4497-951b-411b950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABAMAAAK/CAIAAACTBJNNAAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7J15YBPF/sC/s0nvK0ApLVdTLrkpIHIItOBDUX8PCoICTx9FBUFFioKKghRBxOuBxxPk0OIBKCiF+jhU2hSqFFCacsgNaWmhFAqbnjl3fn9sst3m2OwmaZuW+Txe3Z2d4zu7M5Pvd05UXl4OANrKaiAQCAQCgUAgEAh3B+1j2sjdDswwWIw3ikJuJ0EgEAgEAoFAIBDqiVpL4PMfzqariqp1ZpdhMObZAAJ6fl1LASH3TYLgQFlSYvvnH+/Od2QY5tq1kju01u1o65sWioi2baMpimpsQQgEAoFAIBAIBFsslsCn287+8GtB7zEP6E0UFuzsr32K6nirYx041PlxHVckeqwAUShAzmzdf8DMwNwpFmOAYZjiayU0rX14TKLIeBqevb+qMEA7YgwQCAQCgUAgEHwPxK4TGPivXV0SR+lrTGaDCWOw7c+3Yh0N4D3FvGEB1tnZbd10Lf9xPVCAEAKZvzwgSH5RlZX5xRjW1Ww2/33mvC+bASx7f1X17NFNJpM1tiAEAoFAIBAIBEIttesEDEZGbzAZanRmo6lO9z4PWzMAAyDEebYJY6vgcz6RA18u7AGEZGY5yAINRoZzYxhGIIRPwTAMsQQIBAKBQCAQCPXN3wVVf12oKCg1FJbeAICOUSGxUUEDu7bsGRvh0H/tOgHGaGBMBsZodBY1xriOGcDiUMMHwHwvqO4NxjzfoowBhBjGWGeCTdOyBBpbBAKBQCAQCARCc6aUNuz/8/ahU+VtWoZDoH+bTh0AQK+Do5fh0F/nR/SLfGhwTFSLQJtQtZaA2Wwymwxmk2NLoM6AAEaAMADCmJ37jzBgB/OJ2GdgsQNYewEBawbUMQ7A5bAAhc3mOtscYScDFz5IExKVQCAQCAQCgdDkKKUNO3+/VVRG3dMpHEABAMpoAABNCQ0KAEWHo4X0LV3R1IT20XWNAd6YgGtLAAMAwghbNX/E2gDsuABvplAtluEAVvfH1tAIANuMFICwMUBhxuxvI5Drt+IjNCFRCQQCgUAgEAhNjf1/3i4qoxQKBQDEd4ekIQrrE4VKTafn0gqF4nIpvfvI9Vlj4/gB+WMCRrPJaDIZHCZgtQSsXfxWNZ6zA+osHa4NZvGJEGsrWKk1EAAs4wlI0BIAs7mOieJoDMJHaUKiEggEAoFAIBCaFn8XVB06VX5Pp3AAgECLGaDWgPosnZyoSIxXaDSgLqEVgYoD+VeH3NOyb1ztmoHayfeYMTHYwDB1/mHGaPvPbMSMkTEbsdnIMCbGqDu54cFTG8ac2jjm1IYxZqPebNCf2jDGbNCbjfpTG8cwRj1mTIzZhNkgZiM2G7HJiBkjNhnBbMRmk30qNmIw2IAZk9sv6J+TnhK49SmmTH6M/eet2LwSj0D83hUY6lNm33kb3n1jvoDD7AjkkXtkf+FTuFfCfSQv9mKwLj4iHoFAIBAE2LFz99yXX9+xc7cYz39dqGjT0jIpKF4JAKDWQNo+jVpDq87SAKBUAugAAPyDwnLP3eaHlXbGMGKnuiDLWQIIg9lsBoDYid8goJBcFhAQDIA6T/3RT+6PMQMAZpNJ7i8DdmIQYIQAI8tEIv70IALLtu0/Tpn82LbtPza2IGLhRG1aYtcTYt5Gc31RNvkSVjft34DPvhM3SrjP5oXFx8UjEAgEwo6du7MP/bHly7XTnp4DAJMmjBP2X1BqgEDLLHr1WVp1lmb1fgCIV1rGBwCABlAEwuXCGn5Yy5gAQghjhjFjxszw/5nNZjNjNjNmxgbMMIAZbGYtAcrPXx4YJPcPQBTCCF/a+hhGmN0zh/VuNplOffXw6a8eMZlNmGEYBmPMMJhhzAzmxcqmZWYTrPMPY8x4ckqxM/456Sn2n0MXm0cOXeoPrgPPRqmycbG/5Ts2cPezww5Uhx2rIgWzCWifU4eJOnwh4hP1Lvby27g4k1bgqbM37DCUQ5eGRPgD2bi4zKMbpcjrCJdJZxIKF1Gvw3Yr8FNhbQAfEY9AIBAIDuHMAADY8uXa7EN/uBwZKCy9AZZlwDQNlu5/pUKxZrZSoYB0Fa3R0LTFr+LK9Sp+WN6KYQYzmGEwg7j5/ux/azcNqt0CCNiVARizy2GvfP8EG6L79AxsNgMAYzZzPf4YM2e/Hhf72BYEoPlxWo9/7wKZDDDmYsaAATDGtSnzdivFAMBghmGwg3UIonGovv9z0lMZO76xv2YvOBeBi/qG/+Ntc+HMg4DnBkBYBr7OIVJClz2yDjPuMJ5G6Yy3yamNGCI/n/inYjzUE/yssRfc55bare7yDUiKzeuIf7GNWBPF4OPiEQgEwl0I3wxgET8ywDcDACAlSQEAa9KtZoDFnbYJY7EEEEIYAGNkVbet2/xbH2PA7P4+lgPF2Jk9FAKZDADaJ31NyWSUTB4QEMTFgNkufESx4wYFP05jIzNjRobk1hlGbBoMYMDsomH2iGPENwZYwQB5YArwFXdPOvUbeI2Bw0kU9pqfy1D1h0NtT1JAST657Pum7mL/NsBVToU/n3sf1yaUL7wuSf3K4ifhNEC+XH5T4TIp4LMBSrLLVBpXPAKBQCDYwDcDpj09hxsZmPb0HAFLoGNUiF4HdGCtGQAAtA40GqhrBgCtg7iYEH5Y65gAu88nQrUb/LBzcRCyPkTAzvAHq6vllGEEAAHBQXKZP1CIksnBaAQARCGEMXvBxtdh4rcUAkBUYEgooijEbkGKASEMQGEMCFhDwLrlKK4dgwCEXGwu1FA0zFCAMDY/z437O22TusMZCGICOkN8hL6AQ1FFDnq48VR8qIZR6bhxALdLhXsp1mu+3Pim7vlsFHxcPAKBQLhrmfb0nIQRwzhjQJjYqKCjl0ERXccxNU0DtkMANOigU1wQ34k3JoAAEGC2v59T/GvHBjBCCLOaP0aYAord+lNGAYDcP8AvIAgAAAPDmAEAySmEEQBQMhmrzQcEB8vlckAU5SdDSGZZNIzZ0QXGuhbZOiaAESCMrXuUAgKMAKjGtwQIbtNY87kbPlHSk1p/NJZBSL4pgUAgEBoAVvtnL9hBAO5WINTAri0P/XUeFB1qnXSwJkUJAMmrNFYnGnRgqKkY0jOGH7bWEkBIBkiGkMzSOW9xtJgF1rEAZJlIZHkAjEkOAJRMLpPL2SUEMsYEABTlZ4lZJkcIdZn208UtE1mX3rN/Q5TM2vvPAIMoYDBGFKv0s+dwYYwxRggsxxgjGUIyr48JZOz4hpvtI6azX6p/N+BWHArsPAO8njyHs7E5nPXR1h82ixRtZOCLKiA2X2ZnEQq/AeFEG3LSvMgP5MZTZ97sQzVkGXCYiv1HdCNa+w/aKGXb4Rt2ZicI+2zIgRqX36WxxCMQCAQCn0kTxvFnAdncOqNnbMSIfpFHC2n2ZDF2LhBdZziABh3QOnhgQGTfzhH8B6i8vBwA+j/5c0SPbrryCpPBaLEAEN8SYI8HA4QQZTUUMAIKkNGgM9RU+weH+PkHAgACMBr0+pqqgKAQDGCsqfILCpHJ5SaD3lBdzTCMzE8WEBQml/sx7NwgQBiY2vOLrYDFFgD2/3J/v8CwsPJz57PWjmblrqmpvnip4OExie6/7AZh76+qLp1jg4KCG1sQn8BbigVRUO5myNcnEAgEAsGG0ju677KLLpeaFIEK4CYFcauEdUDrYECcfOoD7aNbBnKh2se04cYEAAEFSG6ZAWQ1AxCFEALr/zCiEAJEIQqzawYQ5S+j/OSBlL+MomSWqCiZn18AJacAI395ACWXURQl95P7+fljhgEkk/v5AUVRbK8/IAYYy6VF+8eYAYwxQhZLADMYkBwhypMVw4TGwmZJoldiI4rg3YZ3SxGBQCAQCM2MqBaBUxPa7z5y/UD+Vf+
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af1715d-0250-4124-81df-bc75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:38.000Z",
"modified": "2018-05-08T12:28:38.000Z",
"first_observed": "2018-05-08T12:28:38Z",
"last_observed": "2018-05-08T12:28:38Z",
"number_observed": 1,
"object_refs": [
"file--5af1715d-0250-4124-81df-bc75950d210f",
"artifact--5af1715d-0250-4124-81df-bc75950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5af1715d-0250-4124-81df-bc75950d210f",
"name": "screen3.png",
"content_ref": "artifact--5af1715d-0250-4124-81df-bc75950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5af1715d-0250-4124-81df-bc75950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA3wAAATxCAIAAADr/wb9AAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7N27dqrO28Dx4bf+l4IpXF4BXAGmsbK1gxKbdJZ2aaDUzpYqTaB+C7wCV4oM98JbcBqOHiIxO/l+mr0VmROIT54ZRUvTVAAAAABj+u/RDQAAAMDvR9AJAACA0d0edEaOpmmaE92xMb9I4puak9Qem37S/3oAAIBfrQo6E98xtYzp+M7ZcNLapaF9S5V+Uc21MettgVsS1Tr2PYFf9LoW3otePaG7m9n6lQgdAAD8UUXQGTmrj0WcpmmapnIjgv14VbpxmqapZxie5522/ngVCSFE5EzmwXQjy45NviHhmPjbvb1x9dqT1ou935LsBAAAf1MedCafp+PpM8lCIt3abfIcZuKbmqblcVqS5yjr6ckqQ3pFHjHxA7F0XXcpgnKfoboS39S0yfp4XE+KJGkteIx8xyxaYTpRWaQzP3kydi296FgcztavUZ5tdaKoJwlaPV/bki0pMB2lyx3Jy+Q9ONoLq/m0vrCPwTtRJwAA+IvyoFN3Y7n8WK2KUOpzIXdW/rxniPJFaXNKfT9ficUhy5AeFmJ1WR4xel3PNq4QQp10HqpLd+M0lZ5heFnOMk3TuMwkRo759vQS53na+LB4W2WxYPJ+MpbNhOPC3r9FbpyGtthv3xaHvMD4pWq877wVfUrTNH55es3jTmuXSs84nj6mhzRNUymXp3k77JQfR2M6afd6MjWOwfsFwwMAAPDbVGs6dXeXx23ysPiYTy5bbmmHZR5R6NaFCxejt5P3kmUCrRfv9Pa1pY7R22n5YlWhpW7tlqeLJrLtzc7Six11dzML3hMhEj/Y7+dlRlXTJvP9Xg0WjeUui2R1/WnWUezn6Qu9AQAA+I3yoLP2FR1dt1484/R5U4GdOb6axN/uq2nyyfo42lJH/Xl2DBplR2/7jqnv3PFDCiGEUBKqZV718mo7I1EAAIC/rMx0HtcrPynXQr4HYvmc/V9/mhVLEZPId7b1rxjt56ZfLKFMfGd7Wj7Xp7NbktdgFtYCunBWLHUcrksIIfKoMIl8U8t/k8hazILXqAotk8gJZtnXePRdOFtPyhYmkWPOyySrEPutE1V99rfZJt3dzIJVtTBUJJGjmVd84WkyNYrotUZ+HI1iVAEAAP6WLO7zDMPz7GJBpTBsNSysVloadujZQghhePmTdijL/Qy7lSBsqEoSeQ3Vss0su9hdVxme2tVWTyqVhVXjDcMO1WZIdZuyKbSHGh/WRqPYVLbW8GTzUaObdj2wTtNU2h0ZVAAAgD9BS//qvdcjR3tbpLu+mfYvF76dylj9ElPkaNvpVdP0AAAAvwa3wRyF9eKJ9WvtjkTbk3cg4gQAAH/UH810+qa2Pmb/Nbx6RhIAAAB390eDTgAAAHwnptcBAAAwOoJOAAAAjI6gEwAAAKMj6AQAAMDoCDoBAAAwOoJOAAAAjO7bg87I0dquubP5HSW+afrJ+dcBAADga7496LR2qfQMw6vuxKnckB0AAAC/0iOn11uJxiIL6kTNB9lWs0qNOvUMZaJsNB3H1JxIiMQ3NU3Lq8gelMUlvqlpk/XxuJ5U6dZEaUl/XQAAALjWg4LO41rTtEl2J0rdjePspuTWToa2IYrEpyEMO5Q7SwghhO+8LQ5ldjR+eXotY8HEN1fKxsNimj2vu3GVRdXdOE1DW6gPpWcYnizLLG+GOVAXAAAAbvCgoNPwuufVdWsXy42Ya5o2Py1lvLOyQDDxg/1+XiYlNW0y3++D92yn90AsXyy9KsON0zxUvcVgXQAAALjBI6fXdTeusoulRL7thWEYQnxINb2o5CTL1ORYLfvOugAAAP6AH/GTSeXaziRyzMlWhDKOY7kR24npRIkQQujuZhas8gf5K8vvvD8vRbDylU2+UxSoP82OwXtSPL3dt+r+kMVOpqY5ybm6AAAAcIv0m1XLKlWGJ5VNdpg2H6VpmoaeXc7HG3YtGSnVTYYdSmVLuUTUDj27rKxojaEUqJQ4UBcAAACupaVpeq/4FQAAAOj0I6bXAQAA8LsRdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARne/oDNyNE3TnOhuBX5T2QAAABjdf0IUMV3DtXcbt3Y9t7jskPiOWVTj+M7ZcPKasgEAAPDj/CeEENYulZ5heNXdMas7lo8gclYfizivaCOC/XhVAQAA4CdoTq8nvmn6SfU4S4KaTpmaNGtZyVrKMvq8qMrk83Q8fSZZJbq129hl1Zqm5bVnD5pT6onSDLWVAAAA+NGUoPO41jRtsj4KIYTuxrErRJEEPZ4+poc0TVMpl6d5EQgmvrkSi0OeHD0s3i7LWepuLJcfq1URPX4u5M7Kny8TrLobp80p9f28qu6wECuTuBMAAODfoASdhtc7r24sd64uhBC6/jQrnkzeg9nGtfT8oZKzPEt3d3E2vy4Pi4/55LKvCNlhXFanW+5mtn7lq0UAAAD/gub0uu7Gsat3vvReahP4um69eMbpson5JmM6uVurAAAAMJ7en0xqrO3soD8vT1s/Kl6URM72wq8EHdcrPyn3ew/E8jkv8ml2DN6zRZ2R3yxvPzfL6hLf2Z6Wz+OGxwAAALiP4ieTJuvjca3+YlK2trPaZPqJEJGjzfdiP88e6W58EG/52kxt9bZY2tm2c5Ua3vJjNSn2+9hUuVXrxRPriaZp2mT7UZaX+KY23ws7rKpbfUwPY6dkAQAAcCdamqaPbgMAAAB+OW6DCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNHdI+iMHE1zojsU9NsxUAAA4K8i04k7iRxN+7FBdRI5ppZptzByhhqe+KbmJNULv7+L1zY+8U3TT76vfT+LcryKx394NADgJ8mDzuzTtGI6V1ymrV2a7qw7Nei+HxHNfvV9ct/JmcbfdaB6W/CFI/kl1i4N7fMvax+S0UOCyNEmW7GRMk3T1hFIfHN+Moz+nV/XwnvRhRAXd/Gubmi87m5m69frTnL1vLnD++MLR/mLVwD1eAkhbhsNAMAY8qAz+zS1wzR3WHysfmjO6irNfqXp90cN30p348aRnAaTH5XosXap9AzDqw7IMpiMea5FzvzkyXhn6Xp7Y+Kv1sI7bGY9Oyf+dm9v3I49v8eNjbde7P32qqPuxmmapp5heJ532vq3tzhvwHcf5Vzn8bp+NAAAY+iZXtetxWz/FglR5c6cqJzlM50ou4JXebXW/F6VNamSHvmLEt8xi+2m40eJutdkfTyuJ13pkWqO8bb8nZpAyRqYP656mNeT11DUZzY6pzTEdBwz22+48X0DlVVYjYdZDu3ZZlxId+OwSvQMjWF3vwZamHXMqQ5l9Fnr1mXHKxFCGNOJUl7XudHVQGV8B+qK3vqjxsRfrWdh3B9TJu/B0V60ktOJclCUyn5Q4/WFfQzer3yPJH4glq7rLkUwfGpc/1dM7Sjnb4a8lOL64ERfvwL0HK+bRgMAcHdqBrDKj8lGfjC0hRCG4YUy7dBMJmZF2Eb5pPQMw6t2lbL8v/Qa+zZeWvJsW61chrbd9bLOxhVqBTcqqnffM4SRly+lZ4haT5SGyFDd2Nv4zkqKp9TyUhnWh62nGed63D2kA2M40K/+FkpPPSVkaBuirHnoeEmvNiFcL7733AhtYXjFVhna1VCfqcvw0tA28qrqh7zqY/f
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af173ac-a6d4-4f96-b4ac-5a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:38.000Z",
"modified": "2018-05-08T12:28:38.000Z",
"first_observed": "2018-05-08T12:28:38Z",
"last_observed": "2018-05-08T12:28:38Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5af173ac-a6d4-4f96-b4ac-5a17950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5af173ac-a6d4-4f96-b4ac-5a17950d210f",
"key": "HKCU\\Environment\\UserInitMprLogonScript"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af1754a-aa0c-46de-a87a-45e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:37.000Z",
"modified": "2018-05-08T12:28:37.000Z",
"first_observed": "2018-05-08T12:28:37Z",
"last_observed": "2018-05-08T12:28:37Z",
"number_observed": 1,
"object_refs": [
"mutex--5af1754a-aa0c-46de-a87a-45e5950d210f"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5af1754a-aa0c-46de-a87a-45e5950d210f",
"name": "FG00nxojVs4gLBnwKc7HhmdK0h"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af1764b-e398-4941-83b0-423d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:37.000Z",
"modified": "2018-05-08T12:28:37.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'myinvestgroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:28:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af17259-2c04-4ffc-9fb7-4848950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T09:48:58.000Z",
"modified": "2018-05-08T09:48:58.000Z",
"description": "payload",
"pattern": "[file:name = 'netwf.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T09:48:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af17269-f3bc-4264-bd4c-4391950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T09:49:26.000Z",
"modified": "2018-05-08T09:49:26.000Z",
"pattern": "[file:name = 'netwf.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T09:49:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af174a8-3934-4a04-994d-89b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T09:58:03.000Z",
"modified": "2018-05-08T09:58:03.000Z",
"pattern": "[file:hashes.SHA1 = 'e338d49c270baf64363879e5eecb8fa6bdde8ad9' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T09:58:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af18d58-4168-49b7-9f76-d121950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T11:43:20.000Z",
"modified": "2018-05-08T11:43:20.000Z",
"description": "Office Documents:",
"pattern": "[file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T11:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af18d6e-218c-465e-a8b5-48ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T11:43:42.000Z",
"modified": "2018-05-08T11:43:42.000Z",
"description": " Office Documents",
"pattern": "[file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T11:43:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af18d82-ca68-45eb-bde2-4956950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T11:44:02.000Z",
"modified": "2018-05-08T11:44:02.000Z",
"description": " Office Documents",
"pattern": "[file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T11:44:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af18ecd-932c-4679-ad81-42b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T11:49:33.000Z",
"modified": "2018-05-08T11:49:33.000Z",
"description": "Seduploader Dropper",
"pattern": "[file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T11:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af18eea-b254-48be-9965-420a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T11:50:02.000Z",
"modified": "2018-05-08T11:50:02.000Z",
"description": "Sedupload Payload",
"pattern": "[file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T11:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d01a1f56-520d-43dd-a8dc-128ea3686b56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:48.000Z",
"modified": "2018-05-08T12:19:48.000Z",
"pattern": "[file:hashes.MD5 = '2163a33330ae5786d3e984db09b2d9d2' AND file:hashes.SHA1 = 'e338d49c270baf64363879e5eecb8fa6bdde8ad9' AND file:hashes.SHA256 = 'c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:19:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f06f0463-2e37-478d-b082-8d44e89bd6d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:47.000Z",
"modified": "2018-05-08T12:19:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-01T10:29:11",
"category": "Other",
"uuid": "5af195e3-f254-4d01-9051-44bc02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/67",
"category": "Other",
"uuid": "5af195e3-6334-4c64-8542-40f102de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead/analysis/1519900151/",
"category": "External analysis",
"uuid": "5af195e4-b494-46fa-8f97-445302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:51.000Z",
"modified": "2018-05-08T12:19:51.000Z",
"pattern": "[file:hashes.MD5 = '94b288154e3d0225f86bb3c012fa8d63' AND file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:19:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1d43848d-7842-4357-8161-4f692dbe6364",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:49.000Z",
"modified": "2018-05-08T12:19:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:14:43",
"category": "Other",
"uuid": "5af195e6-6af8-4405-9fee-424802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "5af195e6-1aa8-44b3-afdd-410002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/",
"category": "External analysis",
"uuid": "5af195e6-99cc-45e1-b188-434d02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:54.000Z",
"modified": "2018-05-08T12:19:54.000Z",
"pattern": "[file:hashes.MD5 = 'f52ea8f238e57e49bfae304bd656ad98' AND file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:19:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5f6c2742-b8c2-4538-80fa-402df8bc6f3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:52.000Z",
"modified": "2018-05-08T12:19:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:23:54",
"category": "Other",
"uuid": "5af195e8-c8c0-4b43-8b1b-427702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/59",
"category": "Other",
"uuid": "5af195e8-2698-4bc6-9a24-4faa02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/",
"category": "External analysis",
"uuid": "5af195e8-c930-43ab-b99a-4f9402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:56.000Z",
"modified": "2018-05-08T12:19:56.000Z",
"pattern": "[file:hashes.MD5 = '60bc999ff14ee2f359130d6c1375b033' AND file:hashes.SHA1 = '142f524121fe16e1c67031f12015be4adec42bb7' AND file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:19:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8f43be07-b484-4985-a388-2150078f89b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:54.000Z",
"modified": "2018-05-08T12:19:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-01T22:15:25",
"category": "Other",
"uuid": "5af195ea-4d40-4c07-bd52-481402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5af195eb-72e0-4311-b125-495a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/",
"category": "External analysis",
"uuid": "5af195eb-304c-4a12-a080-4b9802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2d06f66e-76ae-473b-9561-bd22199dbd80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:58.000Z",
"modified": "2018-05-08T12:19:58.000Z",
"pattern": "[file:hashes.MD5 = 'fc7d4cde5d2266082966d80f5f1566b9' AND file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:19:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--09e5ec0c-0ae8-4654-ad36-b23fdd405bb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:56.000Z",
"modified": "2018-05-08T12:19:56.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:25:24",
"category": "Other",
"uuid": "5af195ec-c700-4cd3-8577-469302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5af195ed-cc5c-44e2-be4b-4e0902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/",
"category": "External analysis",
"uuid": "5af195ed-5830-47ac-8e98-49a402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:20:00.000Z",
"modified": "2018-05-08T12:20:00.000Z",
"pattern": "[file:hashes.MD5 = '085be1b8b8f3e90be00f6a3bcea2879f' AND file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:20:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0ba9aa23-ed52-4caf-b6ae-9415d8006bee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:19:59.000Z",
"modified": "2018-05-08T12:19:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:01:00",
"category": "Other",
"uuid": "5af195ef-0ee0-46ed-a80d-467302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "5af195ef-a244-422c-ad06-418202de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/",
"category": "External analysis",
"uuid": "5af195ef-1c20-4075-8090-4bff02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--afb022c9-8751-4226-8cb9-110026ddc73c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:40.000Z",
"modified": "2018-05-08T12:28:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-01T10:29:11",
"category": "Other",
"uuid": "5af197f8-9f34-43c2-86c1-4dee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/67",
"category": "Other",
"uuid": "5af197f8-e498-43b8-aabf-4f1802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead/analysis/1519900151/",
"category": "External analysis",
"uuid": "5af197f8-0a44-4d11-a7bd-48fc02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a6ce1ca-0ce4-4112-acf0-f759f554e4d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:41.000Z",
"modified": "2018-05-08T12:28:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:14:43",
"category": "Other",
"uuid": "5af197f9-11d4-451d-b851-4d9102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "5af197f9-3798-4061-b5ec-4a2002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/",
"category": "External analysis",
"uuid": "5af197f9-de3c-42eb-9871-4cdb02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9e68a641-1e38-4f66-9db2-7d29d978a9dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:42.000Z",
"modified": "2018-05-08T12:28:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:23:54",
"category": "Other",
"uuid": "5af197fa-ed74-4a1f-a551-48a002de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/59",
"category": "Other",
"uuid": "5af197fa-a36c-41ac-b100-4fc602de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/",
"category": "External analysis",
"uuid": "5af197fa-9648-4feb-8949-42b702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--86e9947c-958f-4a76-9314-9eafcbcb9de5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:42.000Z",
"modified": "2018-05-08T12:28:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-01T22:15:25",
"category": "Other",
"uuid": "5af197fb-98ec-4c87-9a05-447402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5af197fb-d9ec-4d0f-bf82-4a7502de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/",
"category": "External analysis",
"uuid": "5af197fb-23d0-4566-aed8-408602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:43.000Z",
"modified": "2018-05-08T12:28:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:25:24",
"category": "Other",
"uuid": "5af197fb-5300-493b-96aa-437002de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5af197fc-cffc-44fb-a9ae-421502de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/",
"category": "External analysis",
"uuid": "5af197fc-4c84-427b-8c03-4cd302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0f9c57e5-2917-4305-b828-df759cfe478b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:28:44.000Z",
"modified": "2018-05-08T12:28:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08T00:01:00",
"category": "Other",
"uuid": "5af197fc-ece0-48dd-a063-447602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "5af197fd-f858-44f4-a74a-497102de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/",
"category": "External analysis",
"uuid": "5af197fd-53e4-4acc-b695-453002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--2a53a555-bd4e-43a8-83fc-d96ef095899a",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T09:49:23.000Z",
"modified": "2018-05-08T09:49:23.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "executed-by",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5af17269-f3bc-4264-bd4c-4391950d210f",
"target_ref": "indicator--5af17259-2c04-4ffc-9fb7-4848950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--f1fa327b-012d-47bd-997a-91310b712761",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:28:45.000Z",
"modified": "2018-05-08T12:28:45.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5af174a8-3934-4a04-994d-89b8950d210f",
"target_ref": "x-misp-object--afb022c9-8751-4226-8cb9-110026ddc73c"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--392ee048-b017-47f0-a8d6-31bdbc5c03fc",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:19:59.000Z",
"modified": "2018-05-08T12:19:59.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--d01a1f56-520d-43dd-a8dc-128ea3686b56",
"target_ref": "x-misp-object--f06f0463-2e37-478d-b082-8d44e89bd6d1"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--48372305-fd9a-495b-b19d-6b5e68d2b0fd",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:20:00.000Z",
"modified": "2018-05-08T12:20:00.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"target_ref": "x-misp-object--1d43848d-7842-4357-8161-4f692dbe6364"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--acd59767-e0ea-46b6-9322-640ceac7501b",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:28:46.000Z",
"modified": "2018-05-08T12:28:46.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"target_ref": "x-misp-object--5a6ce1ca-0ce4-4112-acf0-f759f554e4d3"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--49f9f7c6-f441-45ae-b3e6-36eb3301961c",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:20:00.000Z",
"modified": "2018-05-08T12:20:00.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"target_ref": "x-misp-object--5f6c2742-b8c2-4538-80fa-402df8bc6f3d"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--4dce83eb-888f-459f-940c-1925a6c8d197",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:28:46.000Z",
"modified": "2018-05-08T12:28:46.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"target_ref": "x-misp-object--9e68a641-1e38-4f66-9db2-7d29d978a9dd"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--c457915e-01d9-4e44-8e15-312a5d154307",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:20:00.000Z",
"modified": "2018-05-08T12:20:00.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"target_ref": "x-misp-object--8f43be07-b484-4985-a388-2150078f89b2"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--f9efa3ee-709a-42e6-8298-29705fb43fbe",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:28:46.000Z",
"modified": "2018-05-08T12:28:46.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"target_ref": "x-misp-object--86e9947c-958f-4a76-9314-9eafcbcb9de5"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--58ebbab3-1448-494f-8c77-30590262cf19",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:20:00.000Z",
"modified": "2018-05-08T12:20:00.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--2d06f66e-76ae-473b-9561-bd22199dbd80",
"target_ref": "x-misp-object--09e5ec0c-0ae8-4654-ad36-b23fdd405bb2"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--805252f2-cf7c-4b9a-b404-bd4b545424c8",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:28:46.000Z",
"modified": "2018-05-08T12:28:46.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--2d06f66e-76ae-473b-9561-bd22199dbd80",
"target_ref": "x-misp-object--483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--c9e31d14-41a9-457c-a6df-a2aa17c470fc",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:20:00.000Z",
"modified": "2018-05-08T12:20:00.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"target_ref": "x-misp-object--0ba9aa23-ed52-4caf-b6ae-9415d8006bee"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--6d1e3c8c-2910-4310-8e09-ab9719a56218",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T12:28:46.000Z",
"modified": "2018-05-08T12:28:46.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"target_ref": "x-misp-object--0f9c57e5-2917-4305-b828-df759cfe478b"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}