2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5b337e5f-4810-4cbe-bb0e-4b79950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:38:23.000Z" ,
"modified" : "2018-08-14T12:38:23.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b337e5f-4810-4cbe-bb0e-4b79950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:38:23.000Z" ,
"modified" : "2018-08-14T12:38:23.000Z" ,
"name" : "OSINT - RedAlpha: New Campaigns Discovered Targeting the Tibetan Community" ,
"published" : "2018-08-14T12:39:56Z" ,
"object_refs" : [
"observed-data--5b337e8c-cee4-4d6d-b810-4276950d210f" ,
"url--5b337e8c-cee4-4d6d-b810-4276950d210f" ,
"observed-data--5b337edb-8318-4ec6-a18f-48db950d210f" ,
"url--5b337edb-8318-4ec6-a18f-48db950d210f" ,
"x-misp-attribute--5b337fa8-09a0-4771-b1cc-2f80950d210f" ,
"indicator--5b605b1e-d01c-4031-8026-4d1e950d210f" ,
"indicator--5b606297-aa30-4385-853f-41f9950d210f" ,
"indicator--5b606297-8378-4d8c-8df2-4705950d210f" ,
"indicator--5b6062db-b7c4-4424-a0cc-40fa950d210f" ,
"indicator--5b61896c-d2a0-4f40-94a5-4215950d210f" ,
"indicator--5b61896c-cc28-4b71-be77-4c17950d210f" ,
"indicator--5b6195cb-7940-40be-ba96-46b1950d210f" ,
"indicator--5b61a5d7-5810-45cb-a80d-4a7d950d210f" ,
"indicator--5b61bc3b-c298-44cf-85f7-4624950d210f" ,
"indicator--5b68544e-a118-4b18-a3a1-8674950d210f" ,
"indicator--5b696185-abd8-4c4a-a7c0-4d3c950d210f" ,
"indicator--5b696186-2ba0-4bdb-8835-4fa4950d210f" ,
"indicator--5b696187-3674-4d2b-af94-40c7950d210f" ,
"indicator--5b696816-b788-4c94-ad87-4f9d950d210f" ,
"indicator--5b696816-05d4-4748-8410-46d8950d210f" ,
"indicator--5b696817-66d0-439e-b619-4269950d210f" ,
"indicator--5b696817-0fa0-4020-bf22-4a1a950d210f" ,
"indicator--5b696818-c060-4f3c-9a48-4054950d210f" ,
"indicator--5b696818-0924-4d39-847b-4a71950d210f" ,
"indicator--5b697d88-0db0-4536-a89e-436d950d210f" ,
"indicator--5b697d89-1520-42cb-a2cc-4ad1950d210f" ,
"indicator--5b697d8a-3054-4ae5-9c06-4b72950d210f" ,
"indicator--5b697f5f-3324-436c-93e1-4532950d210f" ,
"indicator--5b69801a-f90c-4c6e-952e-41fb950d210f" ,
"x-misp-object--5b33808f-c060-4227-891c-2f80950d210f" ,
"indicator--5b605571-86c8-4306-806d-495f950d210f" ,
"indicator--5b6063f0-5f28-4309-9719-4bf1950d210f" ,
"indicator--951dbf05-efee-46a0-b2aa-89e5c6d0c898" ,
"x-misp-object--4d6cc362-fb2b-4576-919d-8d66294873be" ,
"x-misp-object--af9cbff4-9e65-4a79-a1ec-e88133cdfb98" ,
"indicator--5b61631b-a13c-4dc0-b949-4342950d210f" ,
"indicator--5b618e15-2084-466a-8f5c-44df950d210f" ,
"indicator--5b619ae6-dff0-4f29-bc32-471a950d210f" ,
"indicator--5b619c3f-9644-4d94-a4ac-4d40950d210f" ,
"indicator--5b619eb3-4dac-4efa-b562-43ab950d210f" ,
"indicator--5b61a1be-f9ec-428a-aede-468e950d210f" ,
"indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"indicator--5b61b964-b078-4a41-9a1e-48e3950d210f" ,
"indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"indicator--5b62c621-9d58-40e1-9105-4272950d210f" ,
"indicator--5b62c650-8358-49b9-9064-4ce8950d210f" ,
"indicator--5b62cb24-ebc0-4131-aa65-425b950d210f" ,
"indicator--b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0" ,
"x-misp-object--a51ea5b5-2181-4905-bda3-b2b1698c7c27" ,
"indicator--d2ec20b7-d689-47e6-9228-01a281f3ad02" ,
"x-misp-object--100f1a8d-1bc3-4000-92fe-bce0b793b222" ,
"indicator--5510fbf8-41c8-4a11-bcf0-42aa4303742e" ,
"x-misp-object--578b25b7-97b8-4d39-8537-323e64ffc399" ,
"indicator--db3a215c-d9b8-4d91-952a-af20cfe86d4a" ,
"x-misp-object--bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6" ,
"indicator--3ec440df-26e1-4883-94d8-cf5a44d48bbd" ,
"x-misp-object--c4f40e78-f5a3-449f-b8e0-bcb250e3da27" ,
"x-misp-object--c0793ff5-50a6-4817-8df9-8c28ab90f3d1" ,
"indicator--03b1be01-e7f1-41d2-bbeb-8c965ddd63d5" ,
"x-misp-object--62a6d635-11fb-43df-b01e-c38b5a08489f" ,
"x-misp-object--ab089f9c-349f-46f0-a2b2-ecfb3da24370" ,
"x-misp-object--db693d26-2826-4534-9718-84cf465571bc" ,
"x-misp-object--bc18676c-a419-4493-882b-dbffc94fae97" ,
"x-misp-object--4c400be1-7bc4-4c3e-ad25-0c0056e9a6da" ,
"x-misp-object--90f35bd9-30a9-467b-9f6e-7ed7648b7119" ,
"x-misp-object--2e9f7a81-d071-4fa8-bb22-eae520f03d51" ,
"indicator--5b67f371-c338-4728-8972-40ad950d210f" ,
"indicator--5b67f468-6ce0-48a4-9f9e-4e4f950d210f" ,
"indicator--5b67f49b-b550-450a-aabc-4439950d210f" ,
"indicator--5b67f783-02e0-44e8-8d8f-493f950d210f" ,
"indicator--5b67fc1a-9a38-404f-adcb-4b3a950d210f" ,
"indicator--5b67fc4f-381c-4dbd-b49e-4e8b950d210f" ,
"indicator--5b67fc62-4c2c-4fd6-b2a3-410e950d210f" ,
"indicator--5b680069-22b0-45f4-aba4-427d950d210f" ,
"indicator--5b68016d-a668-4301-8f51-4c52950d210f" ,
"indicator--5b680c7c-77a0-4e19-814b-4245950d210f" ,
"indicator--5b681333-943c-4633-9a90-45cd950d210f" ,
"indicator--5b681452-d5fc-45b4-af6f-4457950d210f" ,
"indicator--5b681a0a-4ab0-4f37-a19f-4726950d210f" ,
"indicator--5b681a2a-0324-4910-a7eb-415d950d210f" ,
"indicator--5b681a4c-0d40-4247-8c55-45c7950d210f" ,
"indicator--5b681d2e-bd1c-4726-882d-406e950d210f" ,
"indicator--5b681e31-67a8-4296-8fb7-433c950d210f" ,
"indicator--5b681f1f-e07c-416a-8a29-4057950d210f" ,
"indicator--5b682066-abf8-46ca-9b9b-484d950d210f" ,
"indicator--5b6820cb-7730-4294-af2c-4a2f950d210f" ,
"indicator--5b6821e7-aad4-4228-910a-4d8a950d210f" ,
"indicator--5b6822a7-f514-4918-a494-4246950d210f" ,
"indicator--5b6826c5-14a8-476f-9cf6-4867950d210f" ,
"indicator--5b6826e4-a924-400b-b8e4-44d5950d210f" ,
"indicator--5b682945-f85c-4fce-a9a0-45ef950d210f" ,
"indicator--5b682ab7-6624-450d-8b75-46cc950d210f" ,
"indicator--5b682b68-c684-4e35-9dd8-4f73950d210f" ,
"indicator--5b683107-e504-49db-9aed-4ce8950d210f" ,
"indicator--5b68311f-a2b0-440f-b8c9-446e950d210f" ,
"indicator--5b683145-03a4-424b-bae8-4737950d210f" ,
"indicator--5b68315c-a318-4645-86cb-448f950d210f" ,
"indicator--5b683b3b-9bd8-4fa9-8352-4e8b950d210f" ,
"indicator--5b683c0c-ef74-4489-a7b6-5955950d210f" ,
"indicator--5b683cd5-0a60-4246-8575-4fd1950d210f" ,
"indicator--5b68462b-45c4-4b41-9f65-41b2950d210f" ,
"indicator--5b6852b5-70f4-475c-8caa-8673950d210f" ,
"indicator--5b68552f-fc28-4fb4-b80b-c103950d210f" ,
"indicator--5b6855be-76a8-40dc-bfe2-494e950d210f" ,
"indicator--5b68564a-409c-43d2-a63b-c086950d210f" ,
"indicator--5b694c8d-d2d0-4373-83a1-4223950d210f" ,
"indicator--5b6950dc-d308-4352-ab07-474b950d210f" ,
"indicator--5b6951da-54fc-4427-a661-4464950d210f" ,
"indicator--5b6957dc-9424-494b-964a-49ed950d210f" ,
"x-misp-object--5b695c81-e640-449a-a7c7-4a0e950d210f" ,
"x-misp-object--5b695d6f-e188-4826-9b69-4ecb950d210f" ,
"indicator--5b695fae-b2a4-4cf6-8334-4e93950d210f" ,
"indicator--5b695fe3-aadc-45f7-ac2b-4416950d210f" ,
"indicator--5b696006-2e38-4f9f-a314-480f950d210f" ,
"indicator--5b69602f-90e8-466d-aa74-4a12950d210f" ,
"indicator--5b696072-e840-4ab7-8f2b-4eec950d210f" ,
"indicator--5b6960a5-8d20-405e-a193-4e1d950d210f" ,
"indicator--5b6960bf-e118-455d-a813-0b55950d210f" ,
"indicator--5b6960dc-86ec-4f89-b8dd-4088950d210f" ,
"indicator--5b6960f7-3ba8-42cc-a2f7-402d950d210f" ,
"indicator--5b696124-92cc-4823-9c30-40ab950d210f" ,
"indicator--5b69613b-db30-4ec1-852f-44bc950d210f" ,
"indicator--5b696150-9900-466c-8b82-45a8950d210f" ,
"indicator--5b69642b-02cc-49b3-b97c-44f5950d210f" ,
"indicator--5b6965c9-39b4-47c1-9084-46f2950d210f" ,
"x-misp-object--5b69670b-b290-44f4-a9fc-42e4950d210f" ,
"x-misp-object--5b6968ac-71ec-4a55-887d-47b7950d210f" ,
"x-misp-object--5b696957-9e2c-49d6-8bdb-4ffa950d210f" ,
"x-misp-object--5b69698a-8dd8-4aab-95b3-444e950d210f" ,
"indicator--5b697015-cc1c-4720-8f44-442a950d210f" ,
"indicator--5b697026-b170-41b0-937d-48cb950d210f" ,
"x-misp-object--8f903648-f534-497c-8096-7eba34dfcdd4" ,
"x-misp-object--280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63" ,
"x-misp-object--e0407f5c-72da-4b58-8ae9-627189b8808d" ,
"x-misp-object--5c696617-e214-4531-a91a-45aee2b893ed" ,
"indicator--b0e324d4-65be-418a-a8f8-735564d00606" ,
"x-misp-object--a9c8e203-1200-4950-8f13-6732275ea6ad" ,
"indicator--6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8" ,
"x-misp-object--21992a3f-2d25-4b0d-847d-154ab2829796" ,
"x-misp-object--8b4dbb0e-58a1-4630-be3d-83e95966a6cf" ,
"indicator--d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f" ,
"x-misp-object--7771644b-6de2-4a18-bc5f-c30dad0bd508" ,
"indicator--304084df-e41e-4456-88e4-353baeb7d839" ,
"x-misp-object--40e4d320-c62e-4322-ae15-b20e3369832d" ,
"x-misp-object--589e9254-4f90-490a-bc8c-fdea36be01b3" ,
"x-misp-object--71e73500-e019-4027-8696-5f48e8e0fd38" ,
"x-misp-object--7e3abe32-cfe8-485f-a22b-7e2989d16ffa" ,
"x-misp-object--6c1f2aee-af3d-4af0-a272-8aef0d5da562" ,
"x-misp-object--4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e" ,
"x-misp-object--bf7d4471-6524-4cdd-821d-63b550a8d3c7" ,
"x-misp-object--b5a9119a-4fae-4d63-8679-c0fcbe967f1c" ,
"x-misp-object--3ed9a824-86f6-44c8-addb-00ba19e4b915" ,
"indicator--5b605736-14d8-416e-beb0-4c30950d210f" ,
"indicator--5b605b02-8624-40ab-99a1-4f5c950d210f" ,
"indicator--5b6165b7-2d18-4189-bffe-4096950d210f" ,
"indicator--5b6182d4-67b8-4785-ba0e-4d23950d210f" ,
"indicator--5b618916-06bc-4a4b-971e-49dc950d210f" ,
"indicator--5b61a522-1fe8-431f-8471-4467950d210f" ,
"indicator--5b61bc26-8bb0-4860-8e09-4e88950d210f" ,
"indicator--5b62cb45-8260-4632-b14e-4a07950d210f" ,
2023-06-24 09:36:52 +00:00
"relationship--9783fe82-b41e-44c8-9e2f-55c590c10a96" ,
"relationship--11e26c9d-d10a-4edc-a19b-ab8b00694508" ,
"relationship--e80cac47-be58-4c3a-8169-799b37fcad48" ,
"relationship--834a7a91-8760-472e-9f8f-738fea465dab" ,
"relationship--cf00871c-b50f-43e7-b0fd-6c87fa4fe587" ,
"relationship--dd41e100-899c-4ba5-ab51-44ca92b4c61a" ,
"relationship--c8460c10-4f44-41b8-be7b-b8bf7e7e12eb" ,
"relationship--a249694e-2e09-41fe-90b9-5160b2a42b0c" ,
"relationship--e2cba456-cab8-486b-967b-58c666eb6f67" ,
"relationship--e8568b8e-0fda-4562-887c-4208ccc25ad3" ,
"relationship--5856292b-923b-48ca-942d-cc41aa2ea314" ,
"relationship--f0bf17fe-99e3-44d9-803d-917604fd101e" ,
"relationship--a6d8268d-bb6f-4533-8a6b-926c85354071" ,
"relationship--d8d084b8-da66-49ef-ae77-3e22fe82a5a1" ,
"relationship--2a85c2d8-6f54-43eb-a9ea-db3c7d3de569" ,
"relationship--d6767b67-6fe6-43d9-9222-220eb8d613ce" ,
"relationship--2be5a2a2-8154-4679-b2d7-31200d9344bd" ,
"relationship--537b3658-861e-42c3-adb3-1955a66d0564" ,
"relationship--6954c7f6-6d4f-498e-a296-caf8fbdec132" ,
"relationship--31e78857-3030-4310-81c8-e7ddccc72ddb" ,
"relationship--913c14a9-d958-4ebc-b51f-13e5f8cf4755" ,
"relationship--a1aa68c0-6e97-410d-8222-8b0e24971c05" ,
"relationship--809b154a-ead0-45e2-9055-82a4ea148b00" ,
"relationship--f2723126-0fa8-4c9e-aa10-5a6a9d726994" ,
"relationship--4f5d67ee-d6f4-4a8c-a7ed-309e5d203095" ,
"relationship--bf4df414-46e7-4005-a1a2-b9d170552cf5" ,
"relationship--4d47cce5-ed60-4844-a3c1-3db261252847" ,
"relationship--36b1f960-6135-4f57-bd2f-cc4b2ed0283c" ,
"relationship--a0cb5673-91ee-4459-bae4-fc642486dd39" ,
"relationship--8606065c-2450-4434-9866-f177f279b6fd" ,
"relationship--a4db881a-5baf-4630-9ad0-99f1be60574c" ,
"relationship--c6838f4f-dee2-43ca-b47f-adbcf7509e99" ,
"relationship--fbe3dcda-55b3-4423-b6ca-84689f2921f6"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:rat=\"NJRat\"" ,
"misp-galaxy:tool=\"njRAT\"" ,
"misp-galaxy:threat-actor=\"RedAlpha\"" ,
"misp-galaxy:sector=\"NGO\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b337e8c-cee4-4d6d-b810-4276950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T12:09:48.000Z" ,
"modified" : "2018-06-27T12:09:48.000Z" ,
"first_observed" : "2018-06-27T12:09:48Z" ,
"last_observed" : "2018-06-27T12:09:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b337e8c-cee4-4d6d-b810-4276950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
2023-04-21 13:25:09 +00:00
"type" : "url" ,
2023-06-14 17:31:25 +00:00
"spec_version" : "2.1" ,
"id" : "url--5b337e8c-cee4-4d6d-b810-4276950d210f" ,
2023-04-21 13:25:09 +00:00
"value" : "https://www.recordedfuture.com/redalpha-cyber-campaigns/"
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b337edb-8318-4ec6-a18f-48db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T12:11:07.000Z" ,
"modified" : "2018-06-27T12:11:07.000Z" ,
"first_observed" : "2018-06-27T12:11:07Z" ,
"last_observed" : "2018-06-27T12:11:07Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b337edb-8318-4ec6-a18f-48db950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b337edb-8318-4ec6-a18f-48db950d210f" ,
"value" : "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b337fa8-09a0-4771-b1cc-2f80950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T12:14:32.000Z" ,
"modified" : "2018-06-27T12:14:32.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Scope Note: Recorded Future analyzed new malware targeting the Tibetan community. This report includes a detailed analysis of the malware itself and associated infrastructure. Sources include Recorded Future\u00e2\u20ac\u2122s platform, VirusTotal, ReversingLabs, and third-party metadata, as well as common OSINT and network metadata enrichments, such as DomainTools Iris and PassiveTotal, and researcher collaboration.1 The impetus of this research is twofold: to provide indicators to leverage for protection for likely victims and to raise awareness of a possible shift in adversary TTPs."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b605b1e-d01c-4031-8026-4d1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T12:50:38.000Z" ,
"modified" : "2018-07-31T12:50:38.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'doc.internetdocss.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T12:50:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b606297-aa30-4385-853f-41f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T13:22:31.000Z" ,
"modified" : "2018-07-31T13:22:31.000Z" ,
"pattern" : "[url:value = 'http://doc.internetdocss.com/nethelpx86.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T13:22:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b606297-8378-4d8c-8df2-4705950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T13:22:31.000Z" ,
"modified" : "2018-07-31T13:22:31.000Z" ,
"pattern" : "[file:name = '\\\\%WINDIR\\\\%\\\\nethelp.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T13:22:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6062db-b7c4-4424-a0cc-40fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T13:23:39.000Z" ,
"modified" : "2018-07-31T13:23:39.000Z" ,
"pattern" : "[url:value = 'http://doc.internetdocss.com/audiox86.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T13:23:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61896c-d2a0-4f40-94a5-4215950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T10:20:28.000Z" ,
"modified" : "2018-08-01T10:20:28.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'www.hktechy.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T10:20:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61896c-cc28-4b71-be77-4c17950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T10:20:28.000Z" ,
"modified" : "2018-08-01T10:20:28.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'index.ackques.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T10:20:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6195cb-7940-40be-ba96-46b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T11:13:15.000Z" ,
"modified" : "2018-08-01T11:13:15.000Z" ,
"pattern" : "[url:value = 'index.acques.com/index.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T11:13:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61a5d7-5810-45cb-a80d-4a7d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T12:21:43.000Z" ,
"modified" : "2018-08-01T12:21:43.000Z" ,
"pattern" : "[domain-name:value = 'striker.internetdocss.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T12:21:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61bc3b-c298-44cf-85f7-4624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T13:57:15.000Z" ,
"modified" : "2018-08-01T13:57:15.000Z" ,
"pattern" : "[url:value = 'http://doc.internetdocss.com/index?']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T13:57:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68544e-a118-4b18-a3a1-8674950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T13:59:42.000Z" ,
"modified" : "2018-08-06T13:59:42.000Z" ,
"description" : "C2" ,
"pattern" : "[url:value = 'http://220.218.70.160/sec.hta']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T13:59:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696185-abd8-4c4a-a7c0-4d3c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:08:21.000Z" ,
"modified" : "2018-08-07T09:08:21.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.84.146']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:08:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696186-2ba0-4bdb-8835-4fa4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:08:22.000Z" ,
"modified" : "2018-08-07T09:08:22.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.245.22.117']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:08:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696187-3674-4d2b-af94-40c7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:08:23.000Z" ,
"modified" : "2018-08-07T09:08:23.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.245.22.124']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:08:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696816-b788-4c94-ad87-4f9d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:36:22.000Z" ,
"modified" : "2018-08-07T09:36:22.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.30.7.76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:36:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696816-05d4-4748-8410-46d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:36:22.000Z" ,
"modified" : "2018-08-07T09:36:22.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.30.7.77']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:36:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696817-66d0-439e-b619-4269950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:36:23.000Z" ,
"modified" : "2018-08-07T09:36:23.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.192.59']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:36:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696817-0fa0-4020-bf22-4a1a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:36:23.000Z" ,
"modified" : "2018-08-07T09:36:23.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.195.140']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:36:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696818-c060-4f3c-9a48-4054950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:36:24.000Z" ,
"modified" : "2018-08-07T09:36:24.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.192.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:36:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696818-0924-4d39-847b-4a71950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:36:24.000Z" ,
"modified" : "2018-08-07T09:36:24.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.192.248']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:36:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b697d88-0db0-4536-a89e-436d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T11:07:52.000Z" ,
"modified" : "2018-08-07T11:07:52.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.62.249']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T11:07:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b697d89-1520-42cb-a2cc-4ad1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T11:07:53.000Z" ,
"modified" : "2018-08-07T11:07:53.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.126.179.156']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T11:07:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b697d8a-3054-4ae5-9c06-4b72950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T11:07:54.000Z" ,
"modified" : "2018-08-07T11:07:54.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.126.179.160']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T11:07:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b697f5f-3324-436c-93e1-4532950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T11:15:43.000Z" ,
"modified" : "2018-08-07T11:15:43.000Z" ,
"description" : "2017 Campaign" ,
"pattern" : "[import \"pe\"\r\nrule apt_ZZ_RedAlpha_2017Campaign_Dropper\r\n{\r\n meta:\r\n desc = \"RedAlpha 2017 Campaign, Dropper\"\r\n author = \"JAG-S, Insikt Group, RecordedFuture\"\r\n TLP = \"White\"\r\n md5_x86 = \"cb71f3b4f08eba58857532ac90bac77d\"\r\n md5_x64 = \"1412102eda0c2e5a5a85cb193dbb1524\"\r\n strings:\r\n $drops1 = \"http://doc.internetdocss.com/nethelp x86.dll\" ascii wide\r\n $drops2 = \"http://doc.internetdocss.com/audio x86.exe\" ascii wide\r\n $drops3 = \"http://doc.internetdocss.com/nethelp x64.dll\" ascii wide\r\n $drops4 = \"http://doc.internetdocss.com/audio x64.exe\" ascii wide\r\n $source1 = \"http://doc.internetdocss.com/word x86.exe\" ascii wide\r\n $source2 = \"http://doc.internetdocss.com/word x64.exe\" ascii wide\r\n $path1 = \"\\\\Programs\\\\Startup\\\\audio.exe\" ascii wide\r\n $path2 = \"c:\\\\Windows\\\\nethelp.dll\" ascii wide\r\n $persistence1 = \"SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\svchost\" ascii\r\nwide\r\n $persistence2 = \"%SystemRoot%\\\\system32\\\\svchost.exe -k \" ascii wide\r\n $persistence3 = \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\\" ascii wide\r\n $persistence4 = \"Parameters\" ascii wide\r\n $persistence5 = \"ServiceDll\" ascii wide\r\n $persistence6 = \"NetHelp\" ascii wide\r\n $persistence7 = \"Windows Internet Help\" ascii wide\r\n condition:\r\n uint16(0)==0x5A4D\r\n and\r\n filesize < 500KB\r\n and\r\n (\r\n (pe.imphash() == \"3697a1f9150de181026ce089c10657c3\" or pe.imphash() ==\r\n\"e6e566fc8a1dee3019821e84c5ad58cc\")\r\n or\r\n (\r\n any of ($drops*)\r\n or\r\n any of ($source*)\r\n or\r\n any of ($path*)\r\n or\r\n 6 of ($persistence*)\r\n )\r\n )\r\n}\r\n\r\nrule apt_ZZ_RedAlpha_2017Campaign_nethelp\r\n{\r\nmeta:\r\ndesc = \"RedAlpha 2017 Campaign, NetHelp Drop\"\r\nauthor = \"JAG-S, Insikt Group, RecordedFuture\"\r\nTLP = \"White\"\r\nmd5_x86 = \"42256b4753724f7feb411bc9912155fd\"\r\nmd5_x86 = \"6d1d6987d0677f40e473befab121ab1b\"\r\nmd5_x64 = \"8f0fe2620f8dadf93eee285834e35655\"\r\nmd5_x64 = \"cd32ce54ed94dfbde7fb85930a16597d\"\r\nmd5_x64_striker = \"6dd1be1e491d5bf9cd14686c185c3009\"\r\nstrings:\r\n$postreq1 = \"POST /index.html HTTP/1.1\" ascii wide\r\n$postreq2 = \"Host: index.ackques.com\" ascii wide\r\n$postreq3 = \"User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101\r\nChrome /53.0\" ascii wide\r\n$postreq4 = \"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*\" ascii\r\nwide\r\n$postreq5 = \"Accept-Language: en-US;q=0.5,en;q=0.3\" ascii wide\r\n$postreq6 = \"Accept-Encoding: gzip, deflate\" ascii wide\r\n$postreq7 = \"Content-Type: application/x-www-form-urlencoded\" ascii wide\r\n$postreq8 = \"Content-Length: %d\" ascii wide\r\n$postreq9 = \"Connection: keep-alive\" ascii wide\r\n$postreq10 = \"Upgrade-Insecure-Requests: 1\" ascii wide\r\n$cnc1 = \"index.ackques.com\" ascii wide\r\n$cnc2 = \"www.hktechy.com\" ascii wide\r\n $cnc3 = \"striker.internetdocss.com\" ascii wide\r\n$service1 = \"Windows Internet Help\" ascii wide\r\n$service2 = \"Client.dll\" ascii wide\r\n$service3 = \"ServiceMain\" ascii wide\r\ncondition:\r\nuint16(0)==0x5A4D\r\nand\r\nfilesize < 500KB\r\nand\r\n(\r\n(pe.imphash() == \"bc902a5e56cbbaa82f4af26cf9f4567e\"\r\nor pe.imphash() == \"af5487e77c16d987ca02d59bdcf38489\"\r\nor pe.imphash() == \"6e109cbbd181ad567b90463d48302c72\"\r\nor pe.imphash() == \"df09df6d5ae774f280c43e3cc0e4a142\"\r\n)\r\nor\r\n(\r\nall of ($postreq*)\r\nor\r\nany of ($cnc*)\r\nor\r\nall of ($service*)\r\n)\r\n)\r\n}]" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T11:15:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b69801a-f90c-4c6e-952e-41fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T11:18:50.000Z" ,
"modified" : "2018-08-07T11:18:50.000Z" ,
"description" : "2018 Campaign" ,
"pattern" : "[import \"pe\"\r\nrule apt_ZZ_RedAlpha_Dropper\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n tlp = \"White\"\r\n md5 = \"e6c0ac26b473d1e0fa9f74fdf1d01af8\"\r\n md5 = \"e28db08b2326a34958f00d68dfb034b0\"\r\n md5 = \"c94a39d58450b81087b4f1f5fd304add\"\r\n md5 = \"3a2b1a98c0a31ed32759f48df34b4bc8\"\r\n desc = \"RedAlpha Dropper\"\r\n version = \"1.0\"\r\n strings:\r\n $cnc = \"http://doc.internetdocss.com/index?\"\r\n condition:\r\n uint16(0) == 0x5A4D\r\n and filesize < 500KB\r\n and\r\n (pe.imphash() == \"17030637d18335c7267d09ec0ebc637c\" or pe.imphash() ==\r\n\"617fd4619e215a00dae98de5980a4210\")\r\n and\r\n all of them\r\n}\r\nrule apt_ZZ_RedAlpha_njRat\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n TLP = \"White\"\r\n md5 = \"c74608c70a59371cbf016316bebfab06\"\r\n date = \"04-14-2018\"\r\n desc = \"Second-stage njRAT, RedAlpha config\"\r\n version = \"1.1\"\r\n strings:\r\n $installName = \"serverdo.exe\" wide\r\n $port = \"9527\" wide\r\n $version = \"0.7d\" wide\r\n $c2 = \"doc.internetdocss.com\" wide\r\n condition:\r\n uint16(0) == 0x5A4D and filesize < 50KB\r\n and\r\n pe.imphash() == \"f34d5f2d4577ed6d9ceec516c1f5a744\"\r\n and\r\n all of them\r\n}]" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T11:18:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b33808f-c060-4227-891c-2f80950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T12:20:09.000Z" ,
"modified" : "2018-06-27T12:20:09.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "Based on links to #malware used by Chinese APTs, our research team makes assessments about who exactly is behind the newly discovered RedAlpha campaigns: (link: http://bit.ly/2KaCeS0) bit.ly/2KaCeS0 #Analysis" ,
"category" : "Other" ,
"uuid" : "5b33808f-96b0-4315-aceb-2f80950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5b338090-97ac-4266-af6a-2f80950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://mobile.twitter.com/RecordedFuture/status/1011675584198529024" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b338090-7bc0-4dc3-8e93-2f80950d210f"
} ,
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://t.co/D1MIxdpuBK?amp=1" ,
"category" : "External analysis" ,
"to_ids" : true ,
"uuid" : "5b338092-51b8-45b2-b1f6-2f80950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://www.recordedfuture.com/redalpha-cyber-campaigns/" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5b338092-8fdc-46a8-91f2-2f80950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2018-06-26T20:20:00" ,
"category" : "Other" ,
"uuid" : "5b338093-a724-4628-9d75-2f80950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "@RecordedFuture" ,
"category" : "Other" ,
"uuid" : "5b338093-7b6c-4274-9555-2f80950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b605571-86c8-4306-806d-495f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"description" : "PE32 executable (GUI) Intel 80386, for MS Windows\r\n2017 Audio dropper. Also observed being\r\ndeployed from Japanese IP\r\n220.218.70.160" ,
"pattern" : "[file:hashes.MD5 = 'cb71f3b4f08eba58857532ac90bac77d' AND file:hashes.SHA1 = '3142029872c39f393e765d59d68cf4f912170629' AND file:hashes.SHA256 = 'e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e' AND file:name = 'wordx86.exe\u00e2\u20ac\u009d' AND file:name = 'audiox86.exe\u00e2\u20ac\u009d' AND file:size = '93000' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6063f0-5f28-4309-9719-4bf1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:08.000Z" ,
"modified" : "2018-08-02T10:03:08.000Z" ,
"description" : "PE32+ executable (GUI) x86-64, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '1412102eda0c2e5a5a85cb193dbb1524' AND file:name = 'wordx64.exe' AND file:name = 'audiox64.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--951dbf05-efee-46a0-b2aa-89e5c6d0c898" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T14:57:38.000Z" ,
"modified" : "2018-07-31T14:57:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '1412102eda0c2e5a5a85cb193dbb1524' AND file:hashes.SHA1 = 'f243d9d60dbae71ef36c0200372835f5093e954c' AND file:hashes.SHA256 = 'da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T14:57:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4d6cc362-fb2b-4576-919d-8d66294873be" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T14:57:36.000Z" ,
"modified" : "2018-07-31T14:57:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:21" ,
"category" : "Other" ,
"uuid" : "cdc06ac9-6db1-4e66-afc7-5f284c4b0d71"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/" ,
"category" : "External analysis" ,
"uuid" : "f625803b-9836-40a9-8fc4-badb7641d32a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/67" ,
"category" : "Other" ,
"uuid" : "39deaf89-4d50-41f0-94a8-231614288d89"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--af9cbff4-9e65-4a79-a1ec-e88133cdfb98" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T14:57:37.000Z" ,
"modified" : "2018-07-31T14:57:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:55:00" ,
"category" : "Other" ,
"uuid" : "c07ff68e-441d-4c99-95ef-3442a02573da"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/" ,
"category" : "External analysis" ,
"uuid" : "fb7703c7-c989-4040-9e80-20cbefe11bad"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/67" ,
"category" : "Other" ,
"uuid" : "cbecb56f-21ab-4fa0-8932-db8eeee8f165"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61631b-a13c-4dc0-b949-4342950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"description" : "NetHelp Infostealer" ,
"pattern" : "[file:hashes.MD5 = '42256b4753724f7feb411bc9912155fd' AND file:hashes.SHA1 = '7e7d38b1687c5949528d35d8e405d995ac15d1b2' AND file:hashes.SHA256 = '293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3' AND file:name = 'nethelpx86.dll' AND file:name = 'nethelp.dll' AND file:name = 'audiox86.exe' AND file:size = '198000' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b618e15-2084-466a-8f5c-44df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T10:40:21.000Z" ,
"modified" : "2018-08-01T10:40:21.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'www.hktechy.com') AND network-traffic:dst_port = '80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T10:40:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b619ae6-dff0-4f29-bc32-471a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T11:35:02.000Z" ,
"modified" : "2018-08-01T11:35:02.000Z" ,
"description" : "PE32 executable (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '6d1d6987d0677f40e473befab121ab1b' AND file:name = 'audiox86' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T11:35:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b619c3f-9644-4d94-a4ac-4d40950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"description" : "PE32+ executable (DLL) (GUI) x86-64, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '8f0fe2620f8dadf93eee285834e35655' AND file:name = 'nethelp\\\\%20x64.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b619eb3-4dac-4efa-b562-43ab950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"description" : "PE32+ executable (GUI) x86-64, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = 'cd32ce54ed94dfbde7fb85930a16597d' AND file:name = 'audio\\\\%20x64.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61a1be-f9ec-428a-aede-468e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"description" : "PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '6dd1be1e491d5bf9cd14686c185c3009' AND file:hashes.SHA1 = '1e9a0a147198b8dfb4a33fc5bb1406635bfbe514' AND file:hashes.SHA256 = 'd0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec' AND file:name = 'nethelp.dll' AND file:size = '254000' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"pattern" : "[file:hashes.MD5 = '5228914b534a437eb7985702e78772be' AND file:hashes.SHA1 = '83d7ceb2e55ae3d6bbf0936376e82fe5bc97a963' AND file:hashes.SHA256 = '02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef' AND file:size = '798000' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61b964-b078-4a41-9a1e-48e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e6c0ac26b473d1e0fa9f74fdf1d01af8' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e28db08b2326a34958f00d68dfb034b0' AND file:hashes.SHA1 = '28bc84813b9dec660fe95d590ef33e574fe16254' AND file:hashes.SHA256 = '50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81' AND file:name = 'winlogon.exe' AND file:size = '274000' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62c621-9d58-40e1-9105-4272950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"description" : "PE32 executable (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = 'c94a39d58450b81087b4f1f5fd304add' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62c650-8358-49b9-9064-4ce8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"description" : "PE32 executable (console) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '3a2b1a98c0a31ed32759f48df34b4bc8' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62cb24-ebc0-4131-aa65-425b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:08.000Z" ,
"modified" : "2018-08-02T10:03:08.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c74608c70a59371cbf016316bebfab06' AND file:hashes.SHA1 = 'e781aa54be06e010f1096fcc39a95df144659bd3' AND file:hashes.SHA256 = '1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c' AND file:name = 'serverdo.exe' AND file:size = '24000' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:08.000Z" ,
"modified" : "2018-08-02T10:03:08.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cd32ce54ed94dfbde7fb85930a16597d' AND file:hashes.SHA1 = 'da9c4aad7e38b904106a059b9b6318746fa6175d' AND file:hashes.SHA256 = 'b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a51ea5b5-2181-4905-bda3-b2b1698c7c27" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:07.000Z" ,
"modified" : "2018-08-02T10:03:07.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:06" ,
"category" : "Other" ,
"uuid" : "4b9cdbc3-8039-4f5f-a5d8-0c044c4db001"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/" ,
"category" : "External analysis" ,
"uuid" : "01bc974e-812b-4c2a-aff4-6edd4e5fe0db"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/68" ,
"category" : "Other" ,
"uuid" : "c6aed43c-f6d9-4dec-948e-0a007f83ae47"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d2ec20b7-d689-47e6-9228-01a281f3ad02" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:11.000Z" ,
"modified" : "2018-08-02T10:03:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '8f0fe2620f8dadf93eee285834e35655' AND file:hashes.SHA1 = '84b80f942683d1b29180861664ec31d56321b975' AND file:hashes.SHA256 = '25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--100f1a8d-1bc3-4000-92fe-bce0b793b222" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:10.000Z" ,
"modified" : "2018-08-02T10:03:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:46" ,
"category" : "Other" ,
"uuid" : "03525361-029b-45e1-901d-d638b67da8d0"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/" ,
"category" : "External analysis" ,
"uuid" : "c20c3051-7431-47f5-8e07-9f8cb38f4503"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/66" ,
"category" : "Other" ,
"uuid" : "c48f0741-4780-4a4a-9228-e16aa95cdcb2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5510fbf8-41c8-4a11-bcf0-42aa4303742e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:14.000Z" ,
"modified" : "2018-08-02T10:03:14.000Z" ,
"pattern" : "[file:hashes.MD5 = '6d1d6987d0677f40e473befab121ab1b' AND file:hashes.SHA1 = 'ba977849cde0836a10da99cbb952f672b360a311' AND file:hashes.SHA256 = 'e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--578b25b7-97b8-4d39-8537-323e64ffc399" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:12.000Z" ,
"modified" : "2018-08-02T10:03:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:53:56" ,
"category" : "Other" ,
"uuid" : "39d6d6c8-ce32-4e70-9f88-a969ff043882"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/" ,
"category" : "External analysis" ,
"uuid" : "1b5c3a81-7820-4538-98eb-3e4805a6d9bb"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/67" ,
"category" : "Other" ,
"uuid" : "684a278f-7203-49ac-981d-e5fe53e016d2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--db3a215c-d9b8-4d91-952a-af20cfe86d4a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:16.000Z" ,
"modified" : "2018-08-02T10:03:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '3a2b1a98c0a31ed32759f48df34b4bc8' AND file:hashes.SHA1 = 'e86204a1c55448eb61c1d03895cf1aecf6c4ce07' AND file:hashes.SHA256 = '30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:15.000Z" ,
"modified" : "2018-08-02T10:03:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-01T23:46:03" ,
"category" : "Other" ,
"uuid" : "1521fa81-70ac-4209-8ac0-020efaaf2b5c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533167163/" ,
"category" : "External analysis" ,
"uuid" : "be25cd41-41af-469a-ab3a-72b7edd67d5e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/67" ,
"category" : "Other" ,
"uuid" : "ee0ba7fa-de9b-4ed1-9dc1-4a7b1ade08f0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3ec440df-26e1-4883-94d8-cf5a44d48bbd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:19.000Z" ,
"modified" : "2018-08-02T10:03:19.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c94a39d58450b81087b4f1f5fd304add' AND file:hashes.SHA1 = 'e15ed8a83c9e1745497fbf33aa9af3b19b2ecbda' AND file:hashes.SHA256 = 'd4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c4f40e78-f5a3-449f-b8e0-bcb250e3da27" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:17.000Z" ,
"modified" : "2018-08-02T10:03:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-02T00:06:12" ,
"category" : "Other" ,
"uuid" : "f949f8be-c2c5-4941-a83c-e59cfb47047a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533168372/" ,
"category" : "External analysis" ,
"uuid" : "41e31e37-9f2e-4fe9-9753-79101bd04941"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/66" ,
"category" : "Other" ,
"uuid" : "9d3bc97d-e36a-4746-ac96-c0a60d5e503f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c0793ff5-50a6-4817-8df9-8c28ab90f3d1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:18.000Z" ,
"modified" : "2018-08-02T10:03:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:21" ,
"category" : "Other" ,
"uuid" : "7daa5c0a-a5aa-4e39-a7c2-9cb774d3f09a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/" ,
"category" : "External analysis" ,
"uuid" : "eb42bd66-492e-4c88-893a-09743596dbb6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/67" ,
"category" : "Other" ,
"uuid" : "bf156d11-ec98-4904-9dbf-60d340f38d3c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--03b1be01-e7f1-41d2-bbeb-8c965ddd63d5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:22.000Z" ,
"modified" : "2018-08-02T10:03:22.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e6c0ac26b473d1e0fa9f74fdf1d01af8' AND file:hashes.SHA1 = 'acf58d62cdee49cacd253bc759b043d883aad30a' AND file:hashes.SHA256 = 'd5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T10:03:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--62a6d635-11fb-43df-b01e-c38b5a08489f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:21.000Z" ,
"modified" : "2018-08-02T10:03:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-31T23:56:41" ,
"category" : "Other" ,
"uuid" : "a38f4d5e-021b-42cc-90bc-bb3e8532c5cf"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533081401/" ,
"category" : "External analysis" ,
"uuid" : "867b2ea8-5a62-4fa1-a78c-749209dd6e40"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/66" ,
"category" : "Other" ,
"uuid" : "730bccdd-09f3-49be-9abc-151632bee2ee"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ab089f9c-349f-46f0-a2b2-ecfb3da24370" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:22.000Z" ,
"modified" : "2018-08-02T10:03:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:55:00" ,
"category" : "Other" ,
"uuid" : "b040a225-fc25-4c02-b728-f603912b7697"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/" ,
"category" : "External analysis" ,
"uuid" : "88fb41f1-a0d8-4613-a27c-127fdd79f71b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/67" ,
"category" : "Other" ,
"uuid" : "5c49008c-9f4f-46be-936b-b3e89bcedefa"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--db693d26-2826-4534-9718-84cf465571bc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:23.000Z" ,
"modified" : "2018-08-02T10:03:23.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-01T23:49:09" ,
"category" : "Other" ,
"uuid" : "a6f08c8a-389b-443f-8392-d683577b8359"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533167349/" ,
"category" : "External analysis" ,
"uuid" : "23854605-57d3-4c4c-b52e-e0f76fcc54b0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/59" ,
"category" : "Other" ,
"uuid" : "46b9e96e-856d-4886-b317-f31a71f1e201"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bc18676c-a419-4493-882b-dbffc94fae97" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:25.000Z" ,
"modified" : "2018-08-02T10:03:25.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-31T23:56:33" ,
"category" : "Other" ,
"uuid" : "4b3fd073-64b5-4d98-88b3-9b10f1b6a899"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533081393/" ,
"category" : "External analysis" ,
"uuid" : "8f213639-c885-4015-9237-dcb58587a00d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/68" ,
"category" : "Other" ,
"uuid" : "5a1325fe-8172-4afc-8a53-9a6fcb44c68e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4c400be1-7bc4-4c3e-ad25-0c0056e9a6da" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:26.000Z" ,
"modified" : "2018-08-02T10:03:26.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-02T00:05:39" ,
"category" : "Other" ,
"uuid" : "815bce8f-9090-45ec-9b75-d1d992b21665"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533168339/" ,
"category" : "External analysis" ,
"uuid" : "f729015f-82c7-4ce3-82ca-29c870f12df8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "61/68" ,
"category" : "Other" ,
"uuid" : "c058fdbf-c051-4377-9a58-e99faff08177"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--90f35bd9-30a9-467b-9f6e-7ed7648b7119" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:27.000Z" ,
"modified" : "2018-08-02T10:03:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:53:51" ,
"category" : "Other" ,
"uuid" : "d5f94bd5-fc5a-4aee-a7d6-f51eeda67291"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/" ,
"category" : "External analysis" ,
"uuid" : "1ffceaf7-f028-4f96-bf93-a2e29e09a4a0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/66" ,
"category" : "Other" ,
"uuid" : "7eb90641-2c5d-4785-b834-92e79e6fa703"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2e9f7a81-d071-4fa8-bb22-eae520f03d51" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T10:03:28.000Z" ,
"modified" : "2018-08-02T10:03:28.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:11" ,
"category" : "Other" ,
"uuid" : "fefb306a-a08f-44c8-b831-2f868d3d74da"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/" ,
"category" : "External analysis" ,
"uuid" : "07a85360-c323-45e7-aeac-b520d8ac5626"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/67" ,
"category" : "Other" ,
"uuid" : "21dc7abb-a099-458c-9512-a670a6a4f220"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67f371-c338-4728-8972-40ad950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T08:02:14.000Z" ,
"modified" : "2018-08-06T08:02:14.000Z" ,
"description" : "Japanese IP (Ucom-Corp)" ,
"pattern" : "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2017-06-28T00:00:00' AND domain-name:x_misp_last_seen = '2017-09-14T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T08:02:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67f468-6ce0-48a4-9f9e-4e4f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T07:20:52.000Z" ,
"modified" : "2018-08-06T07:20:52.000Z" ,
"description" : "Japanese IP" ,
"pattern" : "[domain-name:value = '220x218x70x160.ap220.ftth.ucom.ne.jp' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2016-10-27T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T07:20:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67f49b-b550-450a-aabc-4439950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T07:21:13.000Z" ,
"modified" : "2018-08-06T07:21:13.000Z" ,
"description" : "Japanese IP" ,
"pattern" : "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2017-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-08T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T07:21:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67f783-02e0-44e8-8d8f-493f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T07:23:47.000Z" ,
"modified" : "2018-08-06T07:23:47.000Z" ,
"description" : "Chinese IP belonging to Chinese VPS provider VPSQuan LLC." ,
"pattern" : "[domain-name:value = 'hktechy.com' AND domain-name:resolves_to_refs[*].value = '198.44.172.97' AND domain-name:x_misp_first_seen = '2017-06-19T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T07:23:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67fc1a-9a38-404f-adcb-4b3a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"description" : "2017 campaign dropper variant. Also\r\nobserved being deployed from Japanese IP\r\n220.218.70[.]160" ,
"pattern" : "[file:hashes.MD5 = '1412102eda0c2e5a5a85cb193dbb1524' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67fc4f-381c-4dbd-b49e-4e8b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T07:44:15.000Z" ,
"modified" : "2018-08-06T07:44:15.000Z" ,
"description" : "Observed being deployed from Japanese IP\r\n220.218.70[.]160. Sample not available at\r\ntime of research in malware multiscanner\r\nrepositories. Possible variant of 2017\r\ninfostealer or dropper." ,
"pattern" : "[file:hashes.MD5 = '1b67183acc18d7641917f4fe07c1b053' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T07:44:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b67fc62-4c2c-4fd6-b2a3-410e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"description" : "2017 NetHelp infostealer variant" ,
"pattern" : "[file:hashes.MD5 = '6d1d6987d0677f40e473befab121ab1b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b680069-22b0-45f4-aba4-427d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T08:01:45.000Z" ,
"modified" : "2018-08-06T08:01:45.000Z" ,
"description" : "SG IP (Choopa LLC)" ,
"pattern" : "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-30T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-25T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T08:01:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68016d-a668-4301-8f51-4c52950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T08:06:05.000Z" ,
"modified" : "2018-08-06T08:06:05.000Z" ,
"description" : "HK IP (Cloudie Limited)" ,
"pattern" : "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '122.10.84.146' AND domain-name:x_misp_first_seen = '2018-02-08T00:00:00' AND domain-name:x_misp_last_seen = '2018-03-27T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T08:06:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b680c7c-77a0-4e19-814b-4245950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T08:53:16.000Z" ,
"modified" : "2018-08-06T08:53:16.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'item.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-23T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-01T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T08:53:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681333-943c-4633-9a90-45cd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T09:21:55.000Z" ,
"modified" : "2018-08-06T09:21:55.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'cfr.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-17T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T09:21:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681452-d5fc-45b4-af6f-4457950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T09:26:42.000Z" ,
"modified" : "2018-08-06T09:26:42.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'tootopia.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-23T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T09:26:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681a0a-4ab0-4f37-a19f-4726950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T09:51:06.000Z" ,
"modified" : "2018-08-06T09:51:06.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'oc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-06T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T09:51:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681a2a-0324-4910-a7eb-415d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T09:51:38.000Z" ,
"modified" : "2018-08-06T09:51:38.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'thewire.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-02-05T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T09:51:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681a4c-0d40-4247-8c55-45c7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T09:52:12.000Z" ,
"modified" : "2018-08-06T09:52:12.000Z" ,
"description" : "SG IP" ,
"pattern" : "[domain-name:value = 'tibet.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T09:52:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681d2e-bd1c-4726-882d-406e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:04:30.000Z" ,
"modified" : "2018-08-06T10:04:30.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'savetibet.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:04:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681e31-67a8-4296-8fb7-433c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:08:49.000Z" ,
"modified" : "2018-08-06T10:08:49.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'blog.tibetcul.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:08:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b681f1f-e07c-416a-8a29-4057950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:12:47.000Z" ,
"modified" : "2018-08-06T10:12:47.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'rediff.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:12:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b682066-abf8-46ca-9b9b-484d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:18:14.000Z" ,
"modified" : "2018-08-06T10:18:14.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'ndtv.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:18:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6820cb-7730-4294-af2c-4a2f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:19:55.000Z" ,
"modified" : "2018-08-06T10:19:55.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'business.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:19:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6821e7-aad4-4228-910a-4d8a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:24:39.000Z" ,
"modified" : "2018-08-06T10:24:39.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'apple.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:24:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6822a7-f514-4918-a494-4246950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:27:51.000Z" ,
"modified" : "2018-08-06T10:27:51.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'chinaaid.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-25T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:27:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6826c5-14a8-476f-9cf6-4867950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:45:25.000Z" ,
"modified" : "2018-08-06T10:45:25.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'epochtimes.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-21T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-16T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:45:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6826e4-a924-400b-b8e4-44d5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:45:56.000Z" ,
"modified" : "2018-08-06T10:45:56.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'artvoice.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-17T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-16T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:45:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b682945-f85c-4fce-a9a0-45ef950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T10:56:05.000Z" ,
"modified" : "2018-08-06T10:56:05.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'docs.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-02-05T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-16T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T10:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b682ab7-6624-450d-8b75-46cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T11:02:15.000Z" ,
"modified" : "2018-08-06T11:02:15.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'www.apple.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-25T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-25T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T11:02:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b682b68-c684-4e35-9dd8-4f73950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T11:05:12.000Z" ,
"modified" : "2018-08-06T11:05:12.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'www.doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-23T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-23T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T11:05:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b683107-e504-49db-9aed-4ce8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T11:29:11.000Z" ,
"modified" : "2018-08-06T11:29:11.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-16T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T11:29:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68311f-a2b0-440f-b8c9-446e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T11:29:35.000Z" ,
"modified" : "2018-08-06T11:29:35.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'vot.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-01-14T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T11:29:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b683145-03a4-424b-bae8-4737950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T11:30:13.000Z" ,
"modified" : "2018-08-06T11:30:13.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'video.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-01-10T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T11:30:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68315c-a318-4645-86cb-448f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T11:30:36.000Z" ,
"modified" : "2018-08-06T11:30:36.000Z" ,
"description" : "SG IP " ,
"pattern" : "[domain-name:value = 'my.anti-spammail.services' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2017-12-28T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-07T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T11:30:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b683b3b-9bd8-4fa9-8352-4e8b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T12:12:43.000Z" ,
"modified" : "2018-08-06T12:12:43.000Z" ,
"description" : "China IP (Shenzhen Katherine Heng Technology Information Co., Ltd.)" ,
"pattern" : "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '144.48.220.167' AND domain-name:x_misp_first_seen = '2107-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2017-09-07T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T12:12:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b683c0c-ef74-4489-a7b6-5955950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T12:16:12.000Z" ,
"modified" : "2018-08-06T12:16:12.000Z" ,
"description" : "Hong Kong IP (Forewin Telecom Group Isp)" ,
"pattern" : "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '27.126.179.158' AND domain-name:x_misp_first_seen = '2017-09-07T00:00:00' AND domain-name:x_misp_last_seen = '2017-09-07T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T12:16:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b683cd5-0a60-4246-8575-4fd1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T12:19:33.000Z" ,
"modified" : "2018-08-06T12:19:33.000Z" ,
"description" : "Japan IP (UCom Corp)" ,
"pattern" : "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2017-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-08T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T12:19:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68462b-45c4-4b41-9f65-41b2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T12:59:23.000Z" ,
"modified" : "2018-08-06T12:59:23.000Z" ,
"description" : "South Korean IP (Korea Telecom)" ,
"pattern" : "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '211.44.63.39' AND domain-name:x_misp_first_seen = '2017-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-27T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T12:59:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6852b5-70f4-475c-8caa-8673950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T13:52:53.000Z" ,
"modified" : "2018-08-06T13:52:53.000Z" ,
"pattern" : "[file:hashes.MD5 = '1929db297c9d7d88a6427b8603a7145b' AND file:name = 'Microsoft_Word_97_-_2003___1.doc' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T13:52:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68552f-fc28-4fb4-b80b-c103950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T14:03:27.000Z" ,
"modified" : "2018-08-06T14:03:27.000Z" ,
"description" : "HK IP (Forewin Telecom Group Limited)." ,
"pattern" : "[domain-name:value = 'striker.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '27.126.179.157']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T14:03:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6855be-76a8-40dc-bfe2-494e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T14:05:50.000Z" ,
"modified" : "2018-08-06T14:05:50.000Z" ,
"description" : "SSL cert was observed on all Forewin Telecom registered IPs in the range 27.126.179[.]156 \u00e2\u20ac\u201d 27.126.179[.]160." ,
"pattern" : "[file:hashes.SHA1 = 'c8e61a4282589c93774be2cddc109599316087b7' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T14:05:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b68564a-409c-43d2-a63b-c086950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-06T14:08:10.000Z" ,
"modified" : "2018-08-06T14:08:10.000Z" ,
"description" : "SSL cert was active on the 27.126.179[.]159 Forewin IP when it had tk.u2xu2[.]com pointing to it" ,
"pattern" : "[file:hashes.SHA1 = 'dd3f4da890fa00b0b6032d1141f54490c093c297' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-06T14:08:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b694c8d-d2d0-4373-83a1-4223950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T07:38:53.000Z" ,
"modified" : "2018-08-07T07:38:53.000Z" ,
"pattern" : "[domain-name:value = 'http.ackques.com' AND domain-name:resolves_to_refs[*].value = '7.126.179.159']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T07:38:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6950dc-d308-4352-ab07-474b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T07:58:32.000Z" ,
"modified" : "2018-08-07T07:58:32.000Z" ,
"pattern" : "[domain-name:value = 'sp.u2xu2.com' AND domain-name:resolves_to_refs[*].value = '122.10.84.146' AND domain-name:x_misp_first_seen = '2018-03-23T00:00:00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T07:58:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6951da-54fc-4427-a661-4464950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T08:01:30.000Z" ,
"modified" : "2018-08-07T08:01:30.000Z" ,
"description" : "alternate\r\nMD5 should be 3a2b1a98c0a31ed32759f48df34b4bc8\u00e2\u20ac\u2039\r\nfirst-stage validator that includes a second stage payload that drops njRAT." ,
"pattern" : "[file:name = 'qww.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T08:01:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6957dc-9424-494b-964a-49ed950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"description" : "version of njRAT (also\r\nknown as Bladibindi) hosted on the same 122.10.84.146 Hong Kong IP \r\nLikely related to the \u00e2\u20ac\u0153qww.exe\u00e2\u20ac\u009d validator." ,
"pattern" : "[file:hashes.MD5 = 'c74608c70a59371cbf016316bebfab06' AND file:name = 'serverdo7468.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b695c81-e640-449a-a7c7-4a0e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T08:46:57.000Z" ,
"modified" : "2018-08-07T08:46:57.000Z" ,
"labels" : [
"misp:name=\"whois\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "whois-registrant-email" ,
"object_relation" : "registrant-email" ,
"value" : "steven-jain@outlook.com" ,
"category" : "Attribution" ,
"uuid" : "5b695c81-92b0-492b-902f-4abb950d210f"
} ,
{
"type" : "domain" ,
"object_relation" : "domain" ,
"value" : "ktechy.com" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b695c82-a494-49a2-8702-4395950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "whois"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b695d6f-e188-4826-9b69-4ecb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T08:50:55.000Z" ,
"modified" : "2018-08-07T08:50:55.000Z" ,
"labels" : [
"misp:name=\"whois\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "whois-registrant-email" ,
"object_relation" : "registrant-email" ,
"value" : "steven-jain@outlook.com" ,
"category" : "Attribution" ,
"uuid" : "5b695d6f-bd1c-4571-a75c-4c1b950d210f"
} ,
{
"type" : "domain" ,
"object_relation" : "domain" ,
"value" : "angtechy.com" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b695d70-7270-4afc-859c-4e30950d210f"
} ,
{
"type" : "ip-src" ,
"object_relation" : "ip-address" ,
"value" : "15.126.39.107" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b695d71-305c-4846-a468-4554950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2017-06-20T00:00:00" ,
"category" : "Other" ,
"uuid" : "5b695d71-d858-4785-a9e1-452a950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "whois"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b695fae-b2a4-4cf6-8334-4e93950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:00:30.000Z" ,
"modified" : "2018-08-07T09:00:30.000Z" ,
"description" : "Spoofed Organization: China National Hotel Education Network (cqledi.org)" ,
"pattern" : "[domain-name:value = 'cqledu.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:00:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b695fe3-aadc-45f7-ac2b-4416950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:01:23.000Z" ,
"modified" : "2018-08-07T09:01:23.000Z" ,
"description" : "Spoofed Organization: AOL webmail (mail.aol.com)" ,
"pattern" : "[domain-name:value = 'mail-aol.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:01:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696006-2e38-4f9f-a314-480f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:03:23.000Z" ,
"modified" : "2018-08-07T09:03:23.000Z" ,
"description" : "Spoofed Organization: Google Drive (drive.google.com)" ,
"pattern" : "[domain-name:value = 'drlve-gooog1e.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:03:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b69602f-90e8-466d-aa74-4a12950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:02:39.000Z" ,
"modified" : "2018-08-07T09:02:39.000Z" ,
"description" : "Spoofed Organization: Microsoft Live (login.live.com)" ,
"pattern" : "[domain-name:value = 'login-live.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:02:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696072-e840-4ab7-8f2b-4eec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:03:46.000Z" ,
"modified" : "2018-08-07T09:03:46.000Z" ,
"description" : "Spoofed Organization: Department of Special Investigations, Ministry of Justice of Thailand (mail.dsi.go.th)" ,
"pattern" : "[domain-name:value = 'mail-dsi-go.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:03:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6960a5-8d20-405e-a193-4e1d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:04:37.000Z" ,
"modified" : "2018-08-07T09:04:37.000Z" ,
"description" : "Spoofed Organization: Epoch Times, founded by Chinese-American Falun Gong practitioners (mail.epochtimes.com)" ,
"pattern" : "[domain-name:value = 'mail-epochtimes.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6960bf-e118-455d-a813-0b55950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:05:03.000Z" ,
"modified" : "2018-08-07T09:05:03.000Z" ,
"description" : "Spoofed Organization: Sri Lankan Ministry of Defence (mail.defence.lk)" ,
"pattern" : "[domain-name:value = 'mail-defense.tk' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:05:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6960dc-86ec-4f89-b8dd-4088950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:05:32.000Z" ,
"modified" : "2018-08-07T09:05:32.000Z" ,
"description" : "Spoofed Organization: Official website of His Holiness the Dalai Lama (webmail.dalailama.com)" ,
"pattern" : "[domain-name:value = 'webmail-dalailama.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:05:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6960f7-3ba8-42cc-a2f7-402d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:05:59.000Z" ,
"modified" : "2018-08-07T09:05:59.000Z" ,
"description" : "Spoofed Organization: Youxinpai (Beijing) Information Technology Co., Ltd. (Chinese used car auction site)" ,
"pattern" : "[domain-name:value = 'mail.youxinpai.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:05:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696124-92cc-4823-9c30-40ab950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:06:44.000Z" ,
"modified" : "2018-08-07T09:06:44.000Z" ,
"description" : "Spoofed Organization: Possibly a reference to \u00e2\u20ac\u2039GALVmed\u00e2\u20ac\u2122s\u00e2\u20ac\u2039 \u00e2\u20ac\u0153protecting livestock, saving human life\u00e2\u20ac\u009d mission statement. GALVmed stands for the Global Alliance for Livestock Veterinary Medicines." ,
"pattern" : "[domain-name:value = 'plshl.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:06:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b69613b-db30-4ec1-852f-44bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:07:07.000Z" ,
"modified" : "2018-08-07T09:07:07.000Z" ,
"description" : "Spoofed Organization: Webmail login for Myanmar Posts and Telecommunications (webmail.mpt.net.mm)" ,
"pattern" : "[domain-name:value = 'webmail-mpt.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:07:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b696150-9900-466c-8b82-45a8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:07:28.000Z" ,
"modified" : "2018-08-07T09:07:28.000Z" ,
"description" : "Spoofed Organization: Likely impersonating a website for exiled Chinese billionaire, Guo Wengui, who has made allegations of corruption against high-ranking individuals in the Communist Party of China." ,
"pattern" : "[domain-name:value = 'wengiguowengui.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:07:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b69642b-02cc-49b3-b97c-44f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:23:49.000Z" ,
"modified" : "2018-08-07T09:23:49.000Z" ,
"pattern" : "[domain-name:value = 'tk.u2xu2.com' AND domain-name:resolves_to_refs[*].value = '27.126.179.159' AND domain-name:resolves_to_refs[*].value = '103.20.193.156']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:23:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6965c9-39b4-47c1-9084-46f2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:26:33.000Z" ,
"modified" : "2018-08-07T09:26:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '83ffd697edd0089204779f5bfb031023' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T09:26:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b69670b-b290-44f4-a9fc-42e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:31:55.000Z" ,
"modified" : "2018-08-07T09:31:55.000Z" ,
"labels" : [
"misp:name=\"whois\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "whois-registrant-email" ,
"object_relation" : "registrant-email" ,
"value" : "13316874955@163.com" ,
"category" : "Attribution" ,
"uuid" : "5b69670b-06c0-434e-a8f5-423b950d210f"
} ,
{
"type" : "ip-src" ,
"object_relation" : "ip-address" ,
"value" : "103.20.193.156" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b69670b-6d2c-43e0-940a-47ef950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "whois"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b6968ac-71ec-4a55-887d-47b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:38:52.000Z" ,
"modified" : "2018-08-07T09:38:52.000Z" ,
"labels" : [
"misp:name=\"whois\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "domain" ,
"object_relation" : "domain" ,
"value" : "cqyrxy.com" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b6968ac-d304-45e9-9141-4b83950d210f"
} ,
{
"type" : "ip-src" ,
"object_relation" : "ip-address" ,
"value" : "115.126.39.107" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b6968ac-1118-427b-b30b-4a82950d210f"
} ,
{
"type" : "whois-registrant-name" ,
"object_relation" : "registrant-name" ,
"value" : "ren minjie" ,
"category" : "Attribution" ,
"uuid" : "5b6968ad-c7d4-4c30-a301-4b78950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "whois"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b696957-9e2c-49d6-8bdb-4ffa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:41:43.000Z" ,
"modified" : "2018-08-07T09:41:43.000Z" ,
"labels" : [
"misp:name=\"whois\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "whois-registrant-email" ,
"object_relation" : "registrant-email" ,
"value" : "6060841@qq.com" ,
"category" : "Attribution" ,
"uuid" : "5b696957-8c18-4cd2-9113-4a5c950d210f"
} ,
{
"type" : "domain" ,
"object_relation" : "domain" ,
"value" : "drive-mail-google.com" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b696957-8560-4a7d-a84c-4392950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "whois"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b69698a-8dd8-4aab-95b3-444e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T09:42:34.000Z" ,
"modified" : "2018-08-07T09:42:34.000Z" ,
"labels" : [
"misp:name=\"whois\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "whois-registrant-email" ,
"object_relation" : "registrant-email" ,
"value" : "6060841@qq.com" ,
"category" : "Attribution" ,
"uuid" : "5b69698a-8e20-4a08-bb7c-4a5b950d210f"
} ,
{
"type" : "domain" ,
"object_relation" : "domain" ,
"value" : "drive-accounts-gooogle.com" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b69698b-20c4-49c4-ba14-4437950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "whois"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b697015-cc1c-4720-8f44-442a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T10:10:29.000Z" ,
"modified" : "2018-08-07T10:10:29.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6e336550bd1c087ee2a211781fd9280' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T10:10:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b697026-b170-41b0-937d-48cb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-07T10:10:46.000Z" ,
"modified" : "2018-08-07T10:10:46.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd4ea9027edca1d01c62d9f43a2975d30' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-07T10:10:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8f903648-f534-497c-8096-7eba34dfcdd4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:29.000Z" ,
"modified" : "2018-08-14T12:36:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:06" ,
"category" : "Other" ,
"uuid" : "75b563cb-40ff-4062-bcd1-d850e8b003b2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/" ,
"category" : "External analysis" ,
"uuid" : "471715ec-3776-45f7-8724-492559aa6773"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/68" ,
"category" : "Other" ,
"uuid" : "afa8f64a-5c41-4303-a067-340cee586424"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:30.000Z" ,
"modified" : "2018-08-14T12:36:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:46" ,
"category" : "Other" ,
"uuid" : "ac377751-3114-40cb-81b4-acfaa910e898"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/" ,
"category" : "External analysis" ,
"uuid" : "c2e4a91e-cd71-4894-8da1-b955fcabc837"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/66" ,
"category" : "Other" ,
"uuid" : "06841d51-e4b1-477b-8385-bf774915accc"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e0407f5c-72da-4b58-8ae9-627189b8808d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:31.000Z" ,
"modified" : "2018-08-14T12:36:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:29:46" ,
"category" : "Other" ,
"uuid" : "a32635f7-ed70-4cb9-8b8e-99865d2631aa"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533688186/" ,
"category" : "External analysis" ,
"uuid" : "22d24b16-6991-437a-9d86-e487cc42a4e6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/68" ,
"category" : "Other" ,
"uuid" : "c6aac747-6dd5-4712-a7b8-2ed5a0526323"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c696617-e214-4531-a91a-45aee2b893ed" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:32.000Z" ,
"modified" : "2018-08-14T12:36:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:48:00" ,
"category" : "Other" ,
"uuid" : "4cf28e26-60e2-4d7b-a15f-39b145132431"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533689280/" ,
"category" : "External analysis" ,
"uuid" : "e15793af-bb6d-4a2d-a804-4c95fa23d290"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/68" ,
"category" : "Other" ,
"uuid" : "90b0702d-0975-4f6a-b449-a80d8493d9d9"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b0e324d4-65be-418a-a8f8-735564d00606" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:36.000Z" ,
"modified" : "2018-08-14T12:36:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6e336550bd1c087ee2a211781fd9280' AND file:hashes.SHA1 = 'ebedaa84b473d939ba91e2dff7b47e8c0d5716b2' AND file:hashes.SHA256 = '7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a9c8e203-1200-4950-8f13-6732275ea6ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:35.000Z" ,
"modified" : "2018-08-14T12:36:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:51" ,
"category" : "Other" ,
"uuid" : "778d6594-3b6f-4855-b1de-cf1221a1b205"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14/analysis/1530788091/" ,
"category" : "External analysis" ,
"uuid" : "4530a287-d37f-41e5-8a0e-2f5666455b9a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/67" ,
"category" : "Other" ,
"uuid" : "7b7b3c82-0a1a-4738-a570-ba1bb99065b2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:39.000Z" ,
"modified" : "2018-08-14T12:36:39.000Z" ,
"pattern" : "[file:hashes.MD5 = '1929db297c9d7d88a6427b8603a7145b' AND file:hashes.SHA1 = 'f3ebba32e13b355e301d310cc63fbd799787f6c2' AND file:hashes.SHA256 = 'aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--21992a3f-2d25-4b0d-847d-154ab2829796" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:37.000Z" ,
"modified" : "2018-08-14T12:36:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:25:06" ,
"category" : "Other" ,
"uuid" : "82312aee-19bb-46da-8cf8-9d180b42ae54"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd/analysis/1533687906/" ,
"category" : "External analysis" ,
"uuid" : "89a63c2c-369a-4ebf-8a4d-aef203be5d31"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/60" ,
"category" : "Other" ,
"uuid" : "bef9095d-e1a6-4490-afed-46a607ef4ada"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8b4dbb0e-58a1-4630-be3d-83e95966a6cf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:38.000Z" ,
"modified" : "2018-08-14T12:36:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:53:56" ,
"category" : "Other" ,
"uuid" : "777aad28-4b29-4948-95a3-1299b7d2071e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/" ,
"category" : "External analysis" ,
"uuid" : "6f7d201e-e079-4834-a62a-4239770943f4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/67" ,
"category" : "Other" ,
"uuid" : "72c46566-7c5f-412c-83ed-f69f6c0a5ce7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:43.000Z" ,
"modified" : "2018-08-14T12:36:43.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd4ea9027edca1d01c62d9f43a2975d30' AND file:hashes.SHA1 = '0163c73acebe691907f4100321dbbefc95a0da49' AND file:hashes.SHA256 = '8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7771644b-6de2-4a18-bc5f-c30dad0bd508" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:41.000Z" ,
"modified" : "2018-08-14T12:36:41.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-25T21:34:14" ,
"category" : "Other" ,
"uuid" : "98d5ca3c-7c60-4fde-a810-07b50e3432bd"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d/analysis/1532554454/" ,
"category" : "External analysis" ,
"uuid" : "5183e393-9731-466d-9aa0-837301040fd9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/61" ,
"category" : "Other" ,
"uuid" : "dc6a8dd9-5875-4eea-9ff1-a01509cc81ef"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--304084df-e41e-4456-88e4-353baeb7d839" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:45.000Z" ,
"modified" : "2018-08-14T12:36:45.000Z" ,
"pattern" : "[file:hashes.MD5 = '83ffd697edd0089204779f5bfb031023' AND file:hashes.SHA1 = 'c2862a30d486297a005915421f75703ae9b35223' AND file:hashes.SHA256 = '9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-14T12:36:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--40e4d320-c62e-4322-ae15-b20e3369832d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:43.000Z" ,
"modified" : "2018-08-14T12:36:43.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-23T12:02:40" ,
"category" : "Other" ,
"uuid" : "33d0f34d-43c8-4cb4-9b8a-689c381d498d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907/analysis/1532347360/" ,
"category" : "External analysis" ,
"uuid" : "dcf618e1-7785-4bec-92e0-c53e9a9554b3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/68" ,
"category" : "Other" ,
"uuid" : "aebf6ce8-ce50-465c-a45f-128529204545"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--589e9254-4f90-490a-bc8c-fdea36be01b3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:44.000Z" ,
"modified" : "2018-08-14T12:36:44.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:21" ,
"category" : "Other" ,
"uuid" : "bf1f3939-4ec3-4333-a357-2fea7066bcbb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/" ,
"category" : "External analysis" ,
"uuid" : "026a9339-6f67-4387-9edf-194aea014a88"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/67" ,
"category" : "Other" ,
"uuid" : "9aa50299-3e3e-4f06-bba1-c9a42b6b1289"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--71e73500-e019-4027-8696-5f48e8e0fd38" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:45.000Z" ,
"modified" : "2018-08-14T12:36:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:46:50" ,
"category" : "Other" ,
"uuid" : "daa79b42-ca0d-4e2b-ab63-11a84ee71104"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533689210/" ,
"category" : "External analysis" ,
"uuid" : "cb2216af-140c-4ca2-8286-8c27cd5055c8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "56/67" ,
"category" : "Other" ,
"uuid" : "3f2ba997-79c0-4973-90f8-280d414805f1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7e3abe32-cfe8-485f-a22b-7e2989d16ffa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:46.000Z" ,
"modified" : "2018-08-14T12:36:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:52:12" ,
"category" : "Other" ,
"uuid" : "a4c73e44-0dac-4016-a40c-6c422ce1041b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533689532/" ,
"category" : "External analysis" ,
"uuid" : "05f75ddc-2a93-4453-a9af-d3d9e6b8139a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/67" ,
"category" : "Other" ,
"uuid" : "551d7e5c-1f9b-4c34-85f6-8bd7bc16df9c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6c1f2aee-af3d-4af0-a272-8aef0d5da562" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:47.000Z" ,
"modified" : "2018-08-14T12:36:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-03T00:10:07" ,
"category" : "Other" ,
"uuid" : "deffbcff-7552-4ba9-a3de-2c2d42dd124e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1533255007/" ,
"category" : "External analysis" ,
"uuid" : "903ad04e-95ce-4294-a54d-619a30d55c09"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/67" ,
"category" : "Other" ,
"uuid" : "451dbe9e-271c-4fd7-9f0e-fd0f5312e2c7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:48.000Z" ,
"modified" : "2018-08-14T12:36:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:51:25" ,
"category" : "Other" ,
"uuid" : "54d361e2-c296-49da-a4be-a50848f24982"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533689485/" ,
"category" : "External analysis" ,
"uuid" : "c2563df5-adf7-421b-87c9-cfdd9a5cd842"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/67" ,
"category" : "Other" ,
"uuid" : "c45c27d0-e143-4d53-b466-6baf239f345d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bf7d4471-6524-4cdd-821d-63b550a8d3c7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:49.000Z" ,
"modified" : "2018-08-14T12:36:49.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-08T00:32:51" ,
"category" : "Other" ,
"uuid" : "60642d41-e70f-4883-a8de-19c025106808"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533688371/" ,
"category" : "External analysis" ,
"uuid" : "f19c2bd6-eb00-43ee-9aa5-9b9986ecce34"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/60" ,
"category" : "Other" ,
"uuid" : "60267fd9-e404-424b-8019-da9bc7560f51"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b5a9119a-4fae-4d63-8679-c0fcbe967f1c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:50.000Z" ,
"modified" : "2018-08-14T12:36:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:53:51" ,
"category" : "Other" ,
"uuid" : "aa3de294-1dc1-41bd-b1f4-370ca5bf2fd6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/" ,
"category" : "External analysis" ,
"uuid" : "7f22d474-a70c-470a-9ac9-c8631ca9848f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/66" ,
"category" : "Other" ,
"uuid" : "39546021-dba9-455b-bc52-7c06b92d3707"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3ed9a824-86f6-44c8-addb-00ba19e4b915" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-14T12:36:51.000Z" ,
"modified" : "2018-08-14T12:36:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-05T10:54:11" ,
"category" : "Other" ,
"uuid" : "03c95ebb-bf6d-424e-8f1d-bdd3efeaab83"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/" ,
"category" : "External analysis" ,
"uuid" : "6630d978-a6e1-4ea1-be98-527448caba04"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/67" ,
"category" : "Other" ,
"uuid" : "8484bea3-c438-41ff-a461-458d1b85d880"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b605736-14d8-416e-beb0-4c30950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T12:33:58.000Z" ,
"modified" : "2018-07-31T12:33:58.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = '3697a1f9150de181026ce089c10657c3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'wordx86.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T06:40:50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T12:33:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b605b02-8624-40ab-99a1-4f5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T12:50:10.000Z" ,
"modified" : "2018-07-31T12:50:10.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'audiox86.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T06:40:50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T12:50:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6165b7-2d18-4189-bffe-4096950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T09:44:51.000Z" ,
"modified" : "2018-08-01T09:44:51.000Z" ,
"description" : "PE32 executable (DLL) (console) Intel 80386, for MS Windows" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = 'bc902a5e56cbbaa82f4af26cf9f4567e' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'nethelpx86.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T03:18:30']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T09:44:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6182d4-67b8-4785-ba0e-4d23950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T09:52:20.000Z" ,
"modified" : "2018-08-01T09:52:20.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = 'bc902a5e56cbbaa82f4af26cf9f4567e' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'nethelp.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T03:18:30' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T09:52:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b618916-06bc-4a4b-971e-49dc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T10:19:02.000Z" ,
"modified" : "2018-08-01T10:19:02.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = 'bc902a5e56cbbaa82f4af26cf9f4567e' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'audiox86.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T03:18:30' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T10:19:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61a522-1fe8-431f-8471-4467950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T12:18:42.000Z" ,
"modified" : "2018-08-01T12:18:42.000Z" ,
"description" : "PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = '9098d75f516f191276ef1836aecc30d4' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'nethelp.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-07-06T02:14:08' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T12:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b61bc26-8bb0-4860-8e09-4e88950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-01T13:56:54.000Z" ,
"modified" : "2018-08-01T13:56:54.000Z" ,
"description" : "PE32 executable (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = '17030637d18335c7267d09ec0ebc637c' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'winlogon.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2018-01-07T23:13:23']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-01T13:56:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62cb45-8260-4632-b14e-4a07950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T09:13:41.000Z" ,
"modified" : "2018-08-02T09:13:41.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = 'f34d5f2d4577ed6d9ceec516c1f5a744' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'serverdo.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2018-03-06T01:16:01']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T09:13:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--9783fe82-b41e-44c8-9e2f-55c590c10a96" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-07-31T14:57:38.000Z" ,
"modified" : "2018-07-31T14:57:38.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b605571-86c8-4306-806d-495f950d210f" ,
"target_ref" : "x-misp-object--af9cbff4-9e65-4a79-a1ec-e88133cdfb98"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--11e26c9d-d10a-4edc-a19b-ab8b00694508" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:29.000Z" ,
"modified" : "2018-08-02T10:03:29.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b605571-86c8-4306-806d-495f950d210f" ,
"target_ref" : "x-misp-object--ab089f9c-349f-46f0-a2b2-ecfb3da24370"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--e80cac47-be58-4c3a-8169-799b37fcad48" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-07T12:42:17.000Z" ,
"modified" : "2018-08-07T12:42:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "derived-from" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b605571-86c8-4306-806d-495f950d210f" ,
"target_ref" : "indicator--5b605736-14d8-416e-beb0-4c30950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--834a7a91-8760-472e-9f8f-738fea465dab" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:52.000Z" ,
"modified" : "2018-08-14T12:36:52.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b605571-86c8-4306-806d-495f950d210f" ,
"target_ref" : "x-misp-object--6c1f2aee-af3d-4af0-a272-8aef0d5da562"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--cf00871c-b50f-43e7-b0fd-6c87fa4fe587" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:29.000Z" ,
"modified" : "2018-08-02T10:03:29.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b6063f0-5f28-4309-9719-4bf1950d210f" ,
"target_ref" : "x-misp-object--c0793ff5-50a6-4817-8df9-8c28ab90f3d1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--dd41e100-899c-4ba5-ab51-44ca92b4c61a" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-07-31T14:57:39.000Z" ,
"modified" : "2018-07-31T14:57:39.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--951dbf05-efee-46a0-b2aa-89e5c6d0c898" ,
"target_ref" : "x-misp-object--4d6cc362-fb2b-4576-919d-8d66294873be"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--c8460c10-4f44-41b8-be7b-b8bf7e7e12eb" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:29.000Z" ,
"modified" : "2018-08-02T10:03:29.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61631b-a13c-4dc0-b949-4342950d210f" ,
"target_ref" : "x-misp-object--2e9f7a81-d071-4fa8-bb22-eae520f03d51"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--a249694e-2e09-41fe-90b9-5160b2a42b0c" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:52.000Z" ,
"modified" : "2018-08-14T12:36:52.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61631b-a13c-4dc0-b949-4342950d210f" ,
"target_ref" : "x-misp-object--3ed9a824-86f6-44c8-addb-00ba19e4b915"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--e2cba456-cab8-486b-967b-58c666eb6f67" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:52.000Z" ,
"modified" : "2018-08-14T12:36:52.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b619c3f-9644-4d94-a4ac-4d40950d210f" ,
"target_ref" : "x-misp-object--280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--e8568b8e-0fda-4562-887c-4208ccc25ad3" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b619eb3-4dac-4efa-b562-43ab950d210f" ,
"target_ref" : "x-misp-object--8f903648-f534-497c-8096-7eba34dfcdd4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--5856292b-923b-48ca-942d-cc41aa2ea314" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61a1be-f9ec-428a-aede-468e950d210f" ,
"target_ref" : "x-misp-object--90f35bd9-30a9-467b-9f6e-7ed7648b7119"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--f0bf17fe-99e3-44d9-803d-917604fd101e" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61a1be-f9ec-428a-aede-468e950d210f" ,
"target_ref" : "x-misp-object--b5a9119a-4fae-4d63-8679-c0fcbe967f1c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--a6d8268d-bb6f-4533-8a6b-926c85354071" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"target_ref" : "x-misp-object--db693d26-2826-4534-9718-84cf465571bc"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--d8d084b8-da66-49ef-ae77-3e22fe82a5a1" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"target_ref" : "x-misp-object--bf7d4471-6524-4cdd-821d-63b550a8d3c7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--2a85c2d8-6f54-43eb-a9ea-db3c7d3de569" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61b964-b078-4a41-9a1e-48e3950d210f" ,
"target_ref" : "x-misp-object--7e3abe32-cfe8-485f-a22b-7e2989d16ffa"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--d6767b67-6fe6-43d9-9222-220eb8d613ce" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"target_ref" : "x-misp-object--bc18676c-a419-4493-882b-dbffc94fae97"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--2be5a2a2-8154-4679-b2d7-31200d9344bd" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"target_ref" : "x-misp-object--4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--537b3658-861e-42c3-adb3-1955a66d0564" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b62c621-9d58-40e1-9105-4272950d210f" ,
"target_ref" : "x-misp-object--5c696617-e214-4531-a91a-45aee2b893ed"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--6954c7f6-6d4f-498e-a296-caf8fbdec132" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b62c650-8358-49b9-9064-4ce8950d210f" ,
"target_ref" : "x-misp-object--e0407f5c-72da-4b58-8ae9-627189b8808d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--31e78857-3030-4310-81c8-e7ddccc72ddb" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b62cb24-ebc0-4131-aa65-425b950d210f" ,
"target_ref" : "x-misp-object--4c400be1-7bc4-4c3e-ad25-0c0056e9a6da"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--913c14a9-d958-4ebc-b51f-13e5f8cf4755" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0" ,
"target_ref" : "x-misp-object--a51ea5b5-2181-4905-bda3-b2b1698c7c27"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--a1aa68c0-6e97-410d-8222-8b0e24971c05" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--d2ec20b7-d689-47e6-9228-01a281f3ad02" ,
"target_ref" : "x-misp-object--100f1a8d-1bc3-4000-92fe-bce0b793b222"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--809b154a-ead0-45e2-9055-82a4ea148b00" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5510fbf8-41c8-4a11-bcf0-42aa4303742e" ,
"target_ref" : "x-misp-object--578b25b7-97b8-4d39-8537-323e64ffc399"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--f2723126-0fa8-4c9e-aa10-5a6a9d726994" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:30.000Z" ,
"modified" : "2018-08-02T10:03:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--db3a215c-d9b8-4d91-952a-af20cfe86d4a" ,
"target_ref" : "x-misp-object--bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--4f5d67ee-d6f4-4a8c-a7ed-309e5d203095" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:31.000Z" ,
"modified" : "2018-08-02T10:03:31.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--3ec440df-26e1-4883-94d8-cf5a44d48bbd" ,
"target_ref" : "x-misp-object--c4f40e78-f5a3-449f-b8e0-bcb250e3da27"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--bf4df414-46e7-4005-a1a2-b9d170552cf5" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-02T10:03:31.000Z" ,
"modified" : "2018-08-02T10:03:31.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--03b1be01-e7f1-41d2-bbeb-8c965ddd63d5" ,
"target_ref" : "x-misp-object--62a6d635-11fb-43df-b01e-c38b5a08489f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--4d47cce5-ed60-4844-a3c1-3db261252847" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b67fc1a-9a38-404f-adcb-4b3a950d210f" ,
"target_ref" : "x-misp-object--589e9254-4f90-490a-bc8c-fdea36be01b3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--36b1f960-6135-4f57-bd2f-cc4b2ed0283c" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b67fc62-4c2c-4fd6-b2a3-410e950d210f" ,
"target_ref" : "x-misp-object--8b4dbb0e-58a1-4630-be3d-83e95966a6cf"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--a0cb5673-91ee-4459-bae4-fc642486dd39" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5b6957dc-9424-494b-964a-49ed950d210f" ,
"target_ref" : "x-misp-object--71e73500-e019-4027-8696-5f48e8e0fd38"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--8606065c-2450-4434-9866-f177f279b6fd" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b0e324d4-65be-418a-a8f8-735564d00606" ,
"target_ref" : "x-misp-object--a9c8e203-1200-4950-8f13-6732275ea6ad"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--a4db881a-5baf-4630-9ad0-99f1be60574c" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8" ,
"target_ref" : "x-misp-object--21992a3f-2d25-4b0d-847d-154ab2829796"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--c6838f4f-dee2-43ca-b47f-adbcf7509e99" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:53.000Z" ,
"modified" : "2018-08-14T12:36:53.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f" ,
"target_ref" : "x-misp-object--7771644b-6de2-4a18-bc5f-c30dad0bd508"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--fbe3dcda-55b3-4423-b6ca-84689f2921f6" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-08-14T12:36:54.000Z" ,
"modified" : "2018-08-14T12:36:54.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--304084df-e41e-4456-88e4-353baeb7d839" ,
"target_ref" : "x-misp-object--40e4d320-c62e-4322-ae15-b20e3369832d"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}