misp-circl-feed/feeds/circl/misp/5cbf6a0e-bfa4-458c-9b40-416a02de0b81.json

1564 lines
178 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5cbf6a0e-bfa4-458c-9b40-416a02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:53:18.000Z",
"modified": "2019-04-23T19:53:18.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cbf6a0e-bfa4-458c-9b40-416a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:53:18.000Z",
"modified": "2019-04-23T19:53:18.000Z",
"name": "OSINT - FINTEAM: Trojanized TeamViewer Against Government Targets",
"published": "2019-04-23T19:53:39Z",
"object_refs": [
"x-misp-attribute--5cbf6a30-2d74-406a-bf99-47c702de0b81",
"observed-data--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81",
"url--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81",
"observed-data--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"file--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"indicator--5cbf6b93-a6f4-4209-8988-464202de0b81",
"indicator--5cbf6b93-d258-45f6-98f7-4d7402de0b81",
"indicator--5cbf6b93-8084-4076-ae2f-4a0302de0b81",
"indicator--5cbf6b93-a7ec-4978-8a41-45cf02de0b81",
"indicator--5cbf6b93-8134-4e33-a650-442902de0b81",
"indicator--5cbf6b93-2ad4-442c-a2e9-4f4802de0b81",
"indicator--5cbf6b93-0bec-4fce-9d79-4b2902de0b81",
"indicator--5cbf6b93-6384-4770-b866-4ba202de0b81",
"indicator--5cbf6b93-255c-43ca-b72d-4de402de0b81",
"indicator--5cbf6b93-088c-4d83-9c6d-480f02de0b81",
"indicator--5cbf6ba6-9694-417a-aaec-43d402de0b81",
"indicator--5cbf6ba6-07d0-4fe2-89b3-416902de0b81",
"indicator--5cbf6bb9-24bc-42bd-9f62-461702de0b81",
"indicator--5cbf6bb9-81a8-4146-a75d-4cdb02de0b81",
"indicator--5cbf6bb9-9fb0-4ed7-bf1f-419f02de0b81",
"indicator--5cbf6bb9-56bc-4939-b104-4a2402de0b81",
"indicator--5cbf6bb9-fae4-40e3-8c27-43d902de0b81",
"indicator--5cbf6bb9-d18c-41ee-a107-4a4002de0b81",
"indicator--5cbf6bb9-963c-49d3-85d9-42fc02de0b81",
"indicator--5cbf6bb9-fe58-4761-8fc5-497d02de0b81",
"indicator--5cbf6bd1-c00c-4b4e-a3d0-456d02de0b81",
"x-misp-attribute--5cbf6c46-0a70-4531-a13f-46a602de0b81",
"x-misp-attribute--5cbf6c66-ffe0-4a8c-9824-47fe02de0b81",
"x-misp-attribute--5cbf6c8b-a614-4dd5-8ac6-4f0302de0b81",
"indicator--5cbf6b2c-3ab8-4c16-8a67-489a02de0b81",
"indicator--844728a6-db55-4b98-aac5-2958c52b5690",
"x-misp-object--d91efdf2-3005-4924-922f-9ce8b309d20d",
"indicator--dd76b439-cce9-4957-9a55-13d1eb572e3b",
"x-misp-object--b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4",
"indicator--4a680b06-e200-4a0c-83d3-89b373ef8503",
"x-misp-object--5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e",
"indicator--a98ac785-a670-485e-8de9-81be78a84acd",
"x-misp-object--b0818f5a-42aa-495c-a1c5-b486770e1093",
"indicator--72399b1b-24f0-4118-96a3-5ad99ec976bb",
"x-misp-object--d2fb9c7b-488e-4065-8473-56f9fea46380",
"indicator--b806bdf8-c5e7-45f9-8e37-444ee7c09c2d",
"x-misp-object--61f76b3b-866f-4009-82f3-60fb8d0d8324",
"indicator--01581d8a-6268-4e99-963b-a4b8dae4f91b",
"x-misp-object--81f1f4ef-811f-4d46-8ade-0ab42c570b53",
"indicator--9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a",
"x-misp-object--01589ece-7e55-4ff5-8089-0e3c79e3bc60",
"indicator--df884a16-5a27-4416-99db-3e9912ebca78",
"x-misp-object--3b6a92d0-719d-4a15-a595-3074f0540e6c",
"indicator--9e33914c-3535-460f-9164-a5708f650474",
"x-misp-object--069666d4-4b61-4682-b4a8-15e1157809b1",
"indicator--a8cbfe77-303e-4ed5-a426-8eef04f8c90f",
"x-misp-object--ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617",
2023-06-24 09:36:52 +00:00
"relationship--369bd837-0404-454e-818a-8f6f32ff3e54",
"relationship--28a0a897-c021-4514-8da3-2d03afbd8d7f",
"relationship--1c97fae6-bbb5-412a-9b01-e6605785b60b",
"relationship--40c9391f-448e-4bb2-83ea-8cb7cab1c3c6",
"relationship--a5f3bf93-28e4-4acc-a20f-b5ec4077fc7b",
"relationship--687a1305-bc86-4151-8d68-36f7a311935a",
"relationship--88855fb4-419c-4b30-acb0-f1e88f9161b8",
"relationship--1e2c1a19-25d7-4cc8-a271-cdea1edadf87",
"relationship--78e34923-c63f-4418-aafa-9dbccf19128f",
"relationship--a965888c-3eea-4119-b45f-bd54e94b6ac2",
"relationship--c83e5927-0002-4bb0-9281-5433a98b4fee"
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cbf6a30-2d74-406a-bf99-47c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:40:32.000Z",
"modified": "2019-04-23T19:40:32.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer.\r\n\r\nBy investigating the entire infection chain and attack infrastructure, we were able to track previous operations that share many characteristics with this attack\u00e2\u20ac\u2122s inner workings. We also came across an online avatar of a Russian speaking hacker, who seems to be in charge of the tools developed and used in this attack.\r\n\r\nIn this article, we will discuss the infection chain, those targeted, the tools used and a possible attribution to one of the hackers behind the attack."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:40:46.000Z",
"modified": "2019-04-23T19:40:46.000Z",
"first_observed": "2019-04-23T19:40:46Z",
"last_observed": "2019-04-23T19:40:46Z",
"number_observed": 1,
"object_refs": [
"url--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81",
"value": "https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:45:44.000Z",
"modified": "2019-04-23T19:45:44.000Z",
"first_observed": "2019-04-23T19:45:44Z",
"last_observed": "2019-04-23T19:45:44Z",
"number_observed": 1,
"object_refs": [
"file--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"name": "fig2-2.png",
"content_ref": "artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABQMAAALuCAYAAAAaOgCIAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAh1QAAIdUBBJy0nQAA/7JJREFUeF7snQeYXFX9sP8WUEAEpSrdBhZAyoeoiFgQBRFQpEkRBBEEBZUmndB7753QQg299xpCEwi9JJAeWhISIOV8+56dM9y9uTO7szu7M7v7vs/ze5KduX3OLee9v3PO/wURERERERERERHpFygDRURERERERERE+gnKQBERERERERERkX6CMlBERERERERERKSfoAwUERERERERERHpJygDRURERERERERE+gnKQBERERERERERkX6CMlBERERERERERKSfoAwUERERERERERHpJ/RrGThixIhwzz339JkYMmRImDhxYmnvRERERERERERE2tJvZeAHH3wQtt566/DpT386/N///V+fiEUWWSScccYZcd9ERERERERERETy9FsZ+PDDD4c555yzUKr15vjGN74RBg0aVNpLERERERERERGRT+i3MpAMuiTQPvvZz4bvfve7YcMNNwwbbbRRr4l11lknzDvvvG1kIPGd73wn3H///aU9FRERERERERERaaXfysDjjjuuLM/IEPznP/8ZXnzxxfD666/3mrj77rujxMyKwBSrrbZaePLJJ0t7KyIiIiIiIiIiogyMMddcc4X99tsvfPTRR6VvewcvvfRSWGGFFdpIwBSzzTZbWHfddcPLL79cmlpERERERERERPo7ysCW6IsykJhjjjnClltuGd58880wc+bM0lwiIiIiIiIiItJfUQa2RF+VgcTcc88dm0CPHj1aISgiIiIiIiIi0s9RBrZEX5aBxAILLBAOPvjgMGHChNKcIiIiIiIiIiLSH1EGtkRfl4HE4osvHk477bQwadKk0twiIiIiIiIiItLfUAa2RH+QgcTSSy8dLr300l63nyIiIiIiIiIiUh+UgS3RX2Qgseyyy4bbbruttAQREREREREREelPKANboj/JwE996lNhpZVWCsOGDSstRURERERERERE+gvKwJboTzKQ+PSnPx1+85vfhDfffLO0JBERERERERER6Q8oA1uiv8lA4nOf+1zYdNNNw+jRo8PMmTNLSxQRERERERERkb6MMrAl+qMMJL7whS+EnXfeOYwZM6a0RBERERERERER6csoA1uiv8pAYsEFFwwDBgwIEyZMKC1VRERERERERET6KsrAlujPMpBYYoklwsknnxzee++90pJFRERERERERKQvogxsif4uA4llllkmXHzxxWHKlCmlpYuIiIiIiIiISF9DGdgSysD/C5/61Kfism699dYwbdq00hpERERERERERKQvoQxsCWVga3zmM58JP/jBD8JTTz1VWoOIiIiIiIiIiPQllIEtoQz8JBCCP/vZz8L48eNLaxERERERERERkb6CMrAllIFt49Of/nTYeOONw8SJE0trEhERERERERGRvoAysCV6qwx8+eWXw8orr9xG5NUrFlhggXDDDTeU1iQiIiIiIiIiIn0BZWBLVJKBDKRB9t1jjz0Whg4d2ql4/PHHw5NPPtmleOKJJwqXff3114dVVlmljcSrV3zpS18KF1xwQelIiIiIiIiIiIhIX0AZ2BKVZODbb78d/v73v4eNNtoobL/99uGvf/1rTbHddtuF9dZbL/zwhz/sUvzmN78J22yzzSzL/8tf/hK/QwgWBYOBLLvssuGrX/1qWHXVVcPaa68dpy+KtdZaKyy66KKxibAyUERERERERESkb6IMrCIDR48eHdZff/1w+OGHh3vvvTfcc889NcXNN98cttxyy/J6OhOf+tSn4oAe11xzTeE67r///vDAAw8UxoMPPhjOPffcsOGGG4aLLroovPjii+GFF16YJfj8mWeeCX/4wx/CbLPNFterDBQRERERERER6XsoA1uimgzcZJNNwo033lj6pDYYgGPfffctr6czgQxkMI8xY8aUllobNHEmq/Guu+4qfVLM1KlTY/bh7LPPHterDBQRERERERER6XsoA1uiPRnY2YE0mkUG0qRYGSgiIiIiIiIiIsrAllAGKgNFRERERERERPoDysCWUAYqA0VERERERERE+gPKwJaoJgMZSfiyyy6LIwtPmDChphg+fHjYbbfdyuvpTCADGcTk+eefL1xHtWCbkYDbbrutMlBERERERERERJSBRDUZuPbaa4fNNtssHHzwweHAAw+sKVjmGmusEeacc84w33zzdSq++MUvhmWXXTbsvvvu4aCDDipcT6UYMGBA2GGHHcI666wTRx6uhjJQRERERERERKTvowysIgNpmotIQ5Ide+yx4ZhjjqkpDj300CgTiRNOOKHmOP7448N2220XfvjDH4b999+/cB3txS677BJ+97vfKQNFREREREREREQZWE0Gpj4Db7zxxtIntfH+++9HIUhGX2eYPn16uO6668L2228fRo4cWfq0NuwzUEREREREREREEsrADsjAzg4gUg8ZOHjwYGWgiIiIiIiIiIjUBWWgMjCiDBQRERERERER6fsoA5WBEWWgiIiIiIiIiEjfRxnYARl4/fXXhxkzZkQ5V0u8++674ZBDDokysOj79uLjjz8O1157bZR5b775Zs3bwPRDhgxRBoqIiIiIiIiISEQZ2I4MXG+99cKAAQPCHXfcEW655ZaaAom49dZbhy233DLcfPPNnQpGEWY04ssuuyzceuuthdNUCqY/9dRTw8Ybbxzuvvvu0l4VowwUEREREREREen7KAOryMAxY8aENddcM6yxxhrhz3/+c5R6tcSf/vSnsNxyy4XPfe5z4Ytf/GKnYs4554yCbu655y78vr1g/pVXXjncd999pb0qRhkoIiIiIiIiItL3UQZWkYFkBv7xj38Ml1xySRg/fnwYO3ZsTfHGG2+Ef/3rX+X1NCqUgSIiIiIiIiIiAsrAluiuAUQmTpwY9t133/J6GhXKQBERERERERERAWVgSygDlYEiIiIiIiIiIv0BZWBLKAOVgSIiIiIiIiIi/QFlYEsoA5WBIiIiIiIiIiL9AWVgS7Q3gAhS7K233qo5XnzxxbDrrruW19OoUAaKiIiIiIiIiAgoA1uikgwcM2ZMWHPNNcPqq68eNt9887DZZpvVFGQVLrfccmH++ecPSy+9dM3xrW99KyyyyCJhnnnmCV//+tcLp2kvllhiifDjH/843HvvvaW9KkYZKCIiIiIiIiLS91EGVpGBZAaut9564cADDwy33HJLuOmmm2qKq6++Ovz5z3+Occcdd9Qct912WxgwYED47W9/GwYNGlQ4TXtx+umnRyl59913l/aqGGWgiIiIiIiIiEjfRxnYjgxEpN14442lT2rj/fffD4cddlgUep1h+vTp4brrrgt/+9vfwqhRo0qf1sbQoUPD9ttvH+66667SJ8UoA0VERERERERE+j7KwA7IwM4OIIIMPPTQQ8NBBx1U+qQ2kIGDBw+OMm/kyJGlT2vjscceC3/961+VgSIiIiIiIiIiogxUBrZSJAPPPfHU8P5VD4QJh11mGD0Th18W3jnlujDlgefCzCltz0cRERERERER6TrKQGVgpEgGnnP0iWHCMVeGtzY+xDB6LEZudlgY889Tw5SHhpVKp4iIiIiIiIjUC2VgOzJw4403jv328V2tMWHChHDwwQeHAw44oPD79mLKlClxEJLtttsuDB8+vHCa9uLhhx9WBhq9LzY5JLw/6L4w86NppRIqIiIiIiIiIvVAGVhFBo4ZMyZssMEGUZIdeeSRcTCQWgIRyEjAa6+9duH3HYmtt946/OQnPwn77LNPOPzwwwunqRRMv8suu4Q//OEP4b777ivtVTHKQKPZ4v1L7gozP/y4VEJFREREREREpB4oA6vIwMmTJ4czzjgj/Oc//wm77bZbp2LPPfeMUfRdR2KPPfYIe+21V9h9990Lv+9InHjiieH1118v7VUxlfsMvL+4bzfDqHOM3PJIZaCIiIiIiIhIN6MMrCID+xNFMtDRhKUnGf2PU5WBIiIiIiIiIt2MMlAZGFEGSqNRBoqIiIiIiIh
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-a6f4-4209-8988-464202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '013e87b874477fcad54ada4fa0a274a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-d258-45f6-98f7-4d7402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '799ab035023b655506c0d565996579b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-8084-4076-ae2f-4a0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = 'e1167cb7f3735d4edec5f7219cea64ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-a7ec-4978-8a41-45cf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '6cc0218d2b93a243721b088f177d8e8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-8134-4e33-a650-442902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = 'aad0d93a570e6230f843dcdf20041e1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-2ad4-442c-a2e9-4f4802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '1e741ebc08af09edc69f017e170b9852']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-0bec-4fce-9d79-4b2902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = 'c6ae889f3bee42cc19a728ba66fa3d99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-6384-4770-b866-4ba202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '1675cdec4c0ff49993a1fcbdfad85e56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-255c-43ca-b72d-4de402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '72de32fa52cc2fab2b0584c26657820f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b93-088c-4d83-9c6d-480f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:27.000Z",
"modified": "2019-04-23T19:46:27.000Z",
"description": "DLL",
"pattern": "[file:hashes.MD5 = '44038b936667f6ce2333af80086f877f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6ba6-9694-417a-aaec-43d402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:46.000Z",
"modified": "2019-04-23T19:46:46.000Z",
"description": "Document",
"pattern": "[file:hashes.MD5 = '4acf624ad87609d476180ecc4c96c355']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6ba6-07d0-4fe2-89b3-416902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:46:46.000Z",
"modified": "2019-04-23T19:46:46.000Z",
"description": "Document",
"pattern": "[file:hashes.MD5 = '4dbe9dbfb53438d9ce410535355cd973']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:46:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-24bc-42bd-9f62-461702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '1c-ru.net/check/license']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-81a8-4146-a75d-4cdb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = 'intersys32.com/3307/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-9fb0-4ed7-bf1f-419f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '146.0.72.180/3307/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-56bc-4939-b104-4a2402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '146.0.72.180/newcpanel_gate/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-fae4-40e3-8c27-43d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '185.70.186.145/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-d18c-41ee-a107-4a4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '185.70.186.145/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-963c-49d3-85d9-42fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '193.109.69.5/3307/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bb9-fe58-4761-8fc5-497d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:05.000Z",
"modified": "2019-04-23T19:47:05.000Z",
"description": "C&C",
"pattern": "[url:value = '193.109.69.5/9125/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6bd1-c00c-4b4e-a3d0-456d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:47:29.000Z",
"modified": "2019-04-23T19:47:29.000Z",
"pattern": "[rule \"TeamViwer_backdoor\"\r\n{\r\n\r\nmeta:\r\ndate = \"2019-04-14\"\r\ndescription = \"Detects malicious TeamViewer DLLs\"\r\n\r\nstrings:\r\n\r\n// PostMessageW hook function\r\n$x1 = {55 8b ec 8b 45 0c 3d 12 01 00 00 75 05 83 c8 ff eb 12 8b 55 14 52 8b 55 10 52 50 8b 45 08 50 e8}\r\n\r\ncondition:\r\nuint16(0) == 0x5a4d and $x1\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:47:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cbf6c46-0a70-4531-a13f-46a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:49:26.000Z",
"modified": "2019-04-23T19:49:26.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "Banks being targeted on compromised system",
"x_misp_type": "comment",
"x_misp_value": "bankofamerica.com,pacwestbancorp.com,alipay.com,cbbank.com,firstrepublic.com,chase.com\r\ncitibank.com,bankamerica.com,wellsfargo.com,citicorp.com,pncbank.com,us.hsbc.com,bnymellon.com\r\nusbank.com,suntrust.com,statestreet.com,capitalone.com,bbt.com,tdbank.com,rbs.com,regions.com\r\n53.com,ingdirect.com,keybank.com,ntrs.com,www4.bmo.com,usa.bnpparibas.com,mufg.jp,aibgroup.com\r\ncomerica.com,zionsbank.com,mibank.com,bbvabancomerusa.com,huntington.com,bank.etrade.com,synovus.com\r\nbancopopular.com,navyfcu.org,schwab.com,rbcbankusa.com,colonialbank.com,hudsoncitysavingsbank.com,db.com\r\npeoples.com,ncsecu.org,associatedbank.com,bankofoklahoma.com,mynycb.com,firsthorizon.com,firstcitizens.com\r\nastoriafederal.com,firstbankpr.com,commercebank.com,cnb.com,websterbank.com,fbopcorporation.com\r\nfrostbank.com,guarantygroup.com,amtrust.com,nypbt.com,wbpr.com,fult.com,penfed.org,tcfbank.com,lehman.com\r\nbancorpsouthonline.com,valleynationalbank.com,thesouthgroup.com,whitneybank.com,susquehanna.net,citizensonline.com\r\nucbh.com,raymondjames.com,firstbanks.com,wilmingtontrust.com,bankunited.com,thirdfederal.com,wintrustfinancial.com\r\nsterlingsavingsbank.com,boh.com,arvest.com,eastwestbank.com,efirstbank.com,theprivatebank.com,flagstar.com\r\nbecu.org,umb.com,firstmerit.com,corusbank.com,svb.com,prosperitybanktx.com,washingtonfederal.com\r\nucbi.com,metlife.com,ibc.com,cathaybank.com,trustmark.com,centralbancompany.com,umpquabank.com\r\npcbancorp.com,schoolsfirstfcu.org,mbfinancial.com,natpennbank.com,fnbcorporation.com,fnfg.com,golden1.com\r\nhancockbank.com,firstcitizensonline.com,ubsi-wv.com,firstmidwest.com,oldnational.com,ottobremer.org\r\nfirstinterstatebank.com,northwestsavingsbank.com,easternbank.com,suncoastfcu.org,santander.com\r\neverbank.com,bostonprivate.com,firstfedca.com,english.leumi.co.il,aacreditunion.org,rabobank.com\r\nparknationalbank.com,provbank.com,alliantcreditunion.org,capitolbancorp.com,newalliancebank.com\r\njohnsonbank.com,doralbank.com,fcfbank.com,pinnaclebancorp.net,providentnj.com,oceanbank.com\r\nssfcu.org,capfed.com,iberiabank.com,sdccu.com,americafirst.com,hncbank.com,bfcfinancial.com\r\namcore.com,nbtbank.com,centralpacificbank.com,banksterling.com,bannerbank.com,firstmerchants.com,communitybankna.com\r\nhsbc.com,rbs.co.uk,bankofinternet.com,ally.com,bankofindia.co.in,boi.com.sg,unionbankofindia.co.in,bankofindia.uk.com\r\nunionbankonline.co.in,hdfcbank.com,axisbank.com,icicibank.com,paypal.com,pnm.com,wmtransfer.com,skrill.com,neteller.com\r\npayeer.com,westernunion.com,payoneer.com,capitalone.com,moneygram.com,payza.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cbf6c66-ffe0-4a8c-9824-47fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:49:58.000Z",
"modified": "2019-04-23T19:49:58.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "Bitcoin market targeted on compromised system",
"x_misp_type": "comment",
"x_misp_value": "blockchain.info,cryptonator.com,bitpay.com,bitcoinpay.com,binance.com,bitfinex.com,okex.com\r\nhuobi.pro,bitflyer.jp,bitstamp.net,kraken.com,zb.com,upbit.com,bithumb.com,bittrex.com,bitflyer.jp\r\netherdelta.com,hitbtc.com,poloniex.com,coinone.co.kr,wex.nz,gate.io,exmo.com,exmo.me,yobit.net\r\nkorbit.co.kr,kucoin.com,livecoin.net,cex.io,c-cex.com,localbitcoins.net,localbitcoins.com,luno.com\r\nallcoin.com,anxpro.com,big.one,mercatox.com,therocktrading.com,okcoin.com,bleutrade.com,exchange.btcc.com\r\nbitkonan.com,coinbase.com,bitgo.com,greenaddress.it,strongcoin.com,xapo.com\r\nelectrum.org,etherscan.io,myetherwallet.com,bitcoin.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cbf6c8b-a614-4dd5-8ac6-4f0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:50:35.000Z",
"modified": "2019-04-23T19:50:35.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "Online services targeted on the compromised system",
"x_misp_type": "comment",
"x_misp_value": "ebay,amazon,wish.com,aliexpress,flipkart.com,rakuten.com,walmart.com\r\ntarget.com,bestbuy.com,banggood.com,tinydeal.com,dx.com,zalando,jd.com\r\njd.id,gearbest.com,lightinthebox.com,miniinthebox.co"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbf6b2c-3ab8-4c16-8a67-489a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:44:44.000Z",
"modified": "2019-04-23T19:44:44.000Z",
"description": "The infection flow starts with an XLSM document with malicious macros, which is sent to potential victims via e-mail under the subject \u00e2\u20ac\u0153Military Financing Program\u00e2\u20ac\u009d",
"pattern": "[file:hashes.SHA256 = 'efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12' AND file:name = 'Military Financing.xlsm' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:44:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--844728a6-db55-4b98-aac5-2958c52b5690",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:07.000Z",
"modified": "2019-04-23T19:51:07.000Z",
"pattern": "[file:hashes.MD5 = '1e741ebc08af09edc69f017e170b9852' AND file:hashes.SHA1 = '6f7dfdcfd999c965f5f55fa96a62760f2e1821a7' AND file:hashes.SHA256 = '68f543331aee74b8da5cb4351ef46d8102e912e44f9bd602a1d6a945e65492a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d91efdf2-3005-4924-922f-9ce8b309d20d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:08.000Z",
"modified": "2019-04-23T19:51:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:40:32",
"category": "Other",
"comment": "DLL",
"uuid": "a18a10e1-06c4-4742-a841-0e35bcbea718"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/68f543331aee74b8da5cb4351ef46d8102e912e44f9bd602a1d6a945e65492a8/analysis/1556041232/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "e355a052-de28-4864-b4a2-0c24c0bf27bc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/70",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "909412c3-6e16-4f57-b98c-9f05c1b8c0b1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dd76b439-cce9-4957-9a55-13d1eb572e3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:08.000Z",
"modified": "2019-04-23T19:51:08.000Z",
"pattern": "[file:hashes.MD5 = '4dbe9dbfb53438d9ce410535355cd973' AND file:hashes.SHA1 = '816b013c8be6e5708690645964b5d442c085041e' AND file:hashes.SHA256 = 'efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:08.000Z",
"modified": "2019-04-23T19:51:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T16:49:44",
"category": "Other",
"comment": "Document",
"uuid": "3bfc3de0-329e-4230-829c-c56c374958ee"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12/analysis/1556038184/",
"category": "Payload delivery",
"comment": "Document",
"uuid": "83b49148-89fd-4982-93c8-5e7ec843185c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/61",
"category": "Payload delivery",
"comment": "Document",
"uuid": "cbf9f8ae-f2ca-4ff8-a460-49bfdcd363c3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4a680b06-e200-4a0c-83d3-89b373ef8503",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:08.000Z",
"modified": "2019-04-23T19:51:08.000Z",
"pattern": "[file:hashes.MD5 = '799ab035023b655506c0d565996579b5' AND file:hashes.SHA1 = '43cd68e741a2207579c0f5ab4d34acd9cd9f703c' AND file:hashes.SHA256 = '41f749bdca8c2abed3e1c8c520b6734b819e241af370eb5921fbecaa514171fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:08.000Z",
"modified": "2019-04-23T19:51:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:39:46",
"category": "Other",
"comment": "DLL",
"uuid": "46d396cd-68ca-4399-a81c-dcd6930b4aba"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/41f749bdca8c2abed3e1c8c520b6734b819e241af370eb5921fbecaa514171fe/analysis/1556041186/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "e07569c2-f663-4d58-b6ef-2784f32c276b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/67",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "922e99b9-ec3d-4853-8af1-b74221421dd9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a98ac785-a670-485e-8de9-81be78a84acd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:08.000Z",
"modified": "2019-04-23T19:51:08.000Z",
"pattern": "[file:hashes.MD5 = '72de32fa52cc2fab2b0584c26657820f' AND file:hashes.SHA1 = 'cf7909caccc91004cbbb0289835c0bb0fb4b58d2' AND file:hashes.SHA256 = '3fd738d510d3f503a871d30c05a4ecda11fb7d1c63a628cdbfcc4164a8d867f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b0818f5a-42aa-495c-a1c5-b486770e1093",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:39:45",
"category": "Other",
"comment": "DLL",
"uuid": "d3fd8a5b-69b3-49b1-921f-8e96b2c8c8ad"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3fd738d510d3f503a871d30c05a4ecda11fb7d1c63a628cdbfcc4164a8d867f4/analysis/1556041185/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "30298f00-f942-4a01-b6f7-f542f878c1ac"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/66",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "b171c6bf-8fcb-4272-8ba9-3dda7f6cf09f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72399b1b-24f0-4118-96a3-5ad99ec976bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"pattern": "[file:hashes.MD5 = '1675cdec4c0ff49993a1fcbdfad85e56' AND file:hashes.SHA1 = '376f8936258a0c6a2f29bbf9b2a55d9d7282d348' AND file:hashes.SHA256 = 'a3d0d9b1b830fcb48f312634b2ec045e2859f051a9c415a37cd5ba30b70c1224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d2fb9c7b-488e-4065-8473-56f9fea46380",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:41:42",
"category": "Other",
"comment": "DLL",
"uuid": "86c39be1-a7e5-40c5-919d-3ae8b35c8720"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a3d0d9b1b830fcb48f312634b2ec045e2859f051a9c415a37cd5ba30b70c1224/analysis/1556041302/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "1c870542-6483-47cf-839a-2e1f51f8eda5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/66",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "8d1105be-f922-4d67-8c93-a66c6e003a48"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b806bdf8-c5e7-45f9-8e37-444ee7c09c2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"pattern": "[file:hashes.MD5 = '013e87b874477fcad54ada4fa0a274a2' AND file:hashes.SHA1 = '32a175ba416fec7f85c405abd58384a7f40225da' AND file:hashes.SHA256 = 'b4b5f7d0778c7954461536bca8943d3f87a7808bc33632ca899660b0f62f43aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--61f76b3b-866f-4009-82f3-60fb8d0d8324",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:38:52",
"category": "Other",
"comment": "DLL",
"uuid": "ab449183-8ddc-49c7-a89a-8c520ff95a37"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b4b5f7d0778c7954461536bca8943d3f87a7808bc33632ca899660b0f62f43aa/analysis/1556041132/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "f5c45e4a-99af-4f0e-b570-3173f5b0dd8e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "23/69",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "82e67755-f1b0-46a1-b464-255c94526f04"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01581d8a-6268-4e99-963b-a4b8dae4f91b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"pattern": "[file:hashes.MD5 = 'e1167cb7f3735d4edec5f7219cea64ef' AND file:hashes.SHA1 = '9b32cbdba2f3f40f2072dbeb61b345c910e45b39' AND file:hashes.SHA256 = 'b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--81f1f4ef-811f-4d46-8ade-0ab42c570b53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:38:49",
"category": "Other",
"comment": "DLL",
"uuid": "51869580-7688-4e93-820b-a649004b6b92"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17/analysis/1556041129/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "7604ebdf-694b-4ec7-8ae1-20e92f6005f6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/64",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "5cda701c-25d6-4e02-b737-b5d75e6c2ebb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"pattern": "[file:hashes.MD5 = 'c6ae889f3bee42cc19a728ba66fa3d99' AND file:hashes.SHA1 = '18cb6155efbfa3311b919ae8e10fbf35680466a8' AND file:hashes.SHA256 = '8fbeaabbe09e9e2c97c49e5d9352001df044e7ce277f35d4a617add07216da07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--01589ece-7e55-4ff5-8089-0e3c79e3bc60",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:41:19",
"category": "Other",
"comment": "DLL",
"uuid": "7f532053-8e61-436f-80e6-642db2580516"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8fbeaabbe09e9e2c97c49e5d9352001df044e7ce277f35d4a617add07216da07/analysis/1556041279/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "ffff54f9-ea34-4088-b94a-f2cd438010d2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/66",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "77a783e8-0442-4a8c-a48a-06ee3e5afd7d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df884a16-5a27-4416-99db-3e9912ebca78",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:09.000Z",
"modified": "2019-04-23T19:51:09.000Z",
"pattern": "[file:hashes.MD5 = 'aad0d93a570e6230f843dcdf20041e1e' AND file:hashes.SHA1 = '57fe83b6465e52198bd76b8b987601f716009033' AND file:hashes.SHA256 = '4e676f83ebb765ee3d2215b9e957b966947049fcffc251c2b2f97121a19ef4fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3b6a92d0-719d-4a15-a595-3074f0540e6c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:39:59",
"category": "Other",
"comment": "DLL",
"uuid": "e233f21b-719a-474c-8b07-e588aa3d2788"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4e676f83ebb765ee3d2215b9e957b966947049fcffc251c2b2f97121a19ef4fc/analysis/1556041199/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "13cd1ac1-419f-4846-9315-77dd39ebb887"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/67",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "0584b8de-b7e3-45d9-a5b2-44c1699e1b0c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e33914c-3535-460f-9164-a5708f650474",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
"pattern": "[file:hashes.MD5 = '44038b936667f6ce2333af80086f877f' AND file:hashes.SHA1 = '60dfcc9c2c6ec97538981dd38196607382256693' AND file:hashes.SHA256 = '9f262e3f57d8dbb1778b8eff2e82165719dd2cf85ce2f292c87d7080d085d0fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--069666d4-4b61-4682-b4a8-15e1157809b1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:41:36",
"category": "Other",
"comment": "DLL",
"uuid": "17ed0452-d09e-4583-8eb6-5be41a9ea4a8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9f262e3f57d8dbb1778b8eff2e82165719dd2cf85ce2f292c87d7080d085d0fa/analysis/1556041296/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "57085397-af38-489e-8aae-a67fbc224e25"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/69",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "8f91b43d-3ce6-4ed3-aa2f-e748a318b36c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a8cbfe77-303e-4ed5-a426-8eef04f8c90f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
"pattern": "[file:hashes.MD5 = '6cc0218d2b93a243721b088f177d8e8f' AND file:hashes.SHA1 = '16115abc3b3ea066abcdabe64b5165b90a516cb6' AND file:hashes.SHA256 = 'fa7aab5d6e62cd1d9d5c92d793cbd3f570d9d4c3c6b1744a25382e93c679f570']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-23T19:51:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-23T17:39:57",
"category": "Other",
"comment": "DLL",
"uuid": "b02cfccf-7452-456d-b25a-434217cc59d6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fa7aab5d6e62cd1d9d5c92d793cbd3f570d9d4c3c6b1744a25382e93c679f570/analysis/1556041197/",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "958325a3-46fe-4e63-8980-03632c66f874"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/65",
"category": "Payload delivery",
"comment": "DLL",
"uuid": "dcce3632-fdb9-40fd-86e6-856e9e34ea19"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--369bd837-0404-454e-818a-8f6f32ff3e54",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--844728a6-db55-4b98-aac5-2958c52b5690",
"target_ref": "x-misp-object--d91efdf2-3005-4924-922f-9ce8b309d20d"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--28a0a897-c021-4514-8da3-2d03afbd8d7f",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--dd76b439-cce9-4957-9a55-13d1eb572e3b",
"target_ref": "x-misp-object--b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--1c97fae6-bbb5-412a-9b01-e6605785b60b",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--4a680b06-e200-4a0c-83d3-89b373ef8503",
"target_ref": "x-misp-object--5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--40c9391f-448e-4bb2-83ea-8cb7cab1c3c6",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--a98ac785-a670-485e-8de9-81be78a84acd",
"target_ref": "x-misp-object--b0818f5a-42aa-495c-a1c5-b486770e1093"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--a5f3bf93-28e4-4acc-a20f-b5ec4077fc7b",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--72399b1b-24f0-4118-96a3-5ad99ec976bb",
"target_ref": "x-misp-object--d2fb9c7b-488e-4065-8473-56f9fea46380"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--687a1305-bc86-4151-8d68-36f7a311935a",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--b806bdf8-c5e7-45f9-8e37-444ee7c09c2d",
"target_ref": "x-misp-object--61f76b3b-866f-4009-82f3-60fb8d0d8324"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--88855fb4-419c-4b30-acb0-f1e88f9161b8",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--01581d8a-6268-4e99-963b-a4b8dae4f91b",
"target_ref": "x-misp-object--81f1f4ef-811f-4d46-8ade-0ab42c570b53"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--1e2c1a19-25d7-4cc8-a271-cdea1edadf87",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:10.000Z",
"modified": "2019-04-23T19:51:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a",
"target_ref": "x-misp-object--01589ece-7e55-4ff5-8089-0e3c79e3bc60"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--78e34923-c63f-4418-aafa-9dbccf19128f",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:11.000Z",
"modified": "2019-04-23T19:51:11.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--df884a16-5a27-4416-99db-3e9912ebca78",
"target_ref": "x-misp-object--3b6a92d0-719d-4a15-a595-3074f0540e6c"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--a965888c-3eea-4119-b45f-bd54e94b6ac2",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:11.000Z",
"modified": "2019-04-23T19:51:11.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--9e33914c-3535-460f-9164-a5708f650474",
"target_ref": "x-misp-object--069666d4-4b61-4682-b4a8-15e1157809b1"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-06-24 09:36:52 +00:00
"id": "relationship--c83e5927-0002-4bb0-9281-5433a98b4fee",
2023-06-14 17:31:25 +00:00
"created": "2019-04-23T19:51:11.000Z",
"modified": "2019-04-23T19:51:11.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--a8cbfe77-303e-4ed5-a426-8eef04f8c90f",
"target_ref": "x-misp-object--ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}