misp-circl-feed/feeds/circl/stix-2.1/5bbe09c9-9040-4415-bd25-45b7950d210f.json

6768 lines
284 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5bbe09c9-9040-4415-bd25-45b7950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:31:59.000Z",
"modified": "2018-10-13T14:31:59.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5bbe09c9-9040-4415-bd25-45b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:31:59.000Z",
"modified": "2018-10-13T14:31:59.000Z",
"name": "OSINT - Threat Spotlight: Panda Banker Trojan Targets the US, Canada and Japan",
"published": "2018-10-13T14:32:04Z",
"object_refs": [
"observed-data--5bbe09dc-2250-4f64-b8be-4746950d210f",
"url--5bbe09dc-2250-4f64-b8be-4746950d210f",
"indicator--5bbe0a00-7120-46aa-bb57-4975950d210f",
"indicator--5bbe0a01-c870-4dc4-b3fa-4c85950d210f",
"indicator--5bbe0a02-dc14-43b8-950d-4411950d210f",
"indicator--5bbe0a02-e614-4c72-9c8f-4a3b950d210f",
"indicator--5bbe0a03-64e4-43c5-b296-4558950d210f",
"indicator--5bbe0a03-0e34-44aa-8510-4265950d210f",
"indicator--5bbf4793-0874-4cff-8f22-494a950d210f",
"indicator--5bbf4795-3100-4ffa-ac0f-4bcd950d210f",
"indicator--5bbf4799-cad4-4925-8766-4fcd950d210f",
"indicator--5bbf4799-aa6c-4a57-8f36-49a6950d210f",
"indicator--5bbf479a-596c-4667-a6c3-43d4950d210f",
"indicator--5bbf479a-e098-464c-9e76-4994950d210f",
"indicator--5bbf479b-7cdc-42bb-ba1f-4638950d210f",
"indicator--5bbf479e-20c4-40a1-ade7-46bc950d210f",
"indicator--5bbf47a4-8c04-42e1-a634-4b8d950d210f",
"indicator--5bbf47a9-5448-43f0-ba9d-40f1950d210f",
"indicator--5bbf47aa-69a0-4326-aa27-454c950d210f",
"indicator--5bbf47ac-83b4-4c54-9a16-44c0950d210f",
"indicator--5bbf47ad-0604-4ae1-a8c9-47b4950d210f",
"indicator--5bbf47ae-ffa4-4e29-b373-433a950d210f",
"indicator--5bbf47b0-5200-4fb3-b90f-4d2c950d210f",
"indicator--5bbf47b1-2cf0-4cb8-877f-4bd2950d210f",
"indicator--5bbf47b2-e30c-4969-b0e1-44ef950d210f",
"indicator--5bbf47b7-2f24-4acd-9e28-4bc0950d210f",
"indicator--5bbf47bc-32d8-4cca-b59d-49d3950d210f",
"indicator--5bbf47c1-be50-4057-b3a8-4242950d210f",
"indicator--5bbf47c2-8eb0-4964-98d7-4758950d210f",
"indicator--5bbf47c2-86e4-434a-aabb-45ef950d210f",
"indicator--5bbf47c3-0e80-4d76-9f8c-49f6950d210f",
"indicator--5bbf47c3-dde8-49db-ba8b-45f8950d210f",
"indicator--5bbf47c4-39f4-43c3-87ea-4b2f950d210f",
"indicator--5bbf47c4-a008-4d16-92e5-4103950d210f",
"indicator--5bbf47c5-7c40-4147-b83c-4ebd950d210f",
"indicator--5bbf47c5-cf14-43dd-aa46-45b2950d210f",
"indicator--5bbf47c6-43bc-44bf-a23f-4280950d210f",
"indicator--5bbf47c6-41e4-4d78-9e8e-4ac1950d210f",
"indicator--5bbf4b33-b024-4397-a219-4c30950d210f",
"indicator--5bbf4b34-e9e0-4836-bbd3-4d17950d210f",
"indicator--5bbf4b35-e748-45da-98bc-465e950d210f",
"indicator--5bbf4b36-6648-4c1a-ba63-4c18950d210f",
"indicator--5bbf4b37-03ec-4fd1-98cb-4045950d210f",
"indicator--5bbf4b37-49ac-472f-b881-47ec950d210f",
"indicator--5bbf4b38-77d8-4b4a-bb67-4bb9950d210f",
"indicator--5bbf4b39-d458-4cff-998d-462f950d210f",
"indicator--5bbf4b39-9538-4482-937b-4967950d210f",
"indicator--5bbf4b3a-7970-48ff-a149-4fcb950d210f",
"indicator--5bbf4b3b-f514-4d75-9ff7-4977950d210f",
"indicator--5bbf4b3b-784c-464e-aec8-4824950d210f",
"indicator--5bbf4b3c-31f4-4f88-952e-4e52950d210f",
"indicator--5bbf4b41-7840-44bf-8454-4e26950d210f",
"indicator--5bbf4b42-40f8-40ea-b995-4d72950d210f",
"indicator--5bbf4b49-c7d8-4660-b23f-424e950d210f",
"indicator--5bbf4b51-6178-4489-bf76-47d4950d210f",
"indicator--5bbf4b56-5160-4663-b753-4e02950d210f",
"indicator--5bbf4b5f-1f2c-4e9f-a8b1-4172950d210f",
"indicator--5bbf4b60-924c-462c-a9e2-4164950d210f",
"indicator--5bbf4b60-200c-44eb-a131-442e950d210f",
"indicator--5bbf4b61-9384-4b1d-aa58-411c950d210f",
"indicator--5bbf4b62-30f8-4d41-b84d-40e7950d210f",
"indicator--5bbf4b62-35dc-42e7-a3c1-4f75950d210f",
"indicator--5bbf4b63-9cc4-4e52-8421-4ceb950d210f",
"indicator--5bbf4b67-72cc-4a30-9ed7-46f5950d210f",
"indicator--5bbf4b67-34e0-4c71-97aa-4dbf950d210f",
"indicator--5bbf4b68-1518-4a62-81fd-4fa8950d210f",
"indicator--5bbf4b69-57c8-41ae-b630-4736950d210f",
"indicator--5bbf4b69-87cc-4599-a9b6-4311950d210f",
"indicator--5bbf4b6a-dde0-4a3f-8650-491f950d210f",
"indicator--5bbf4b6b-07a0-400e-b25d-45e5950d210f",
"indicator--5bbf4b70-47a8-4674-85fe-40c2950d210f",
"indicator--5bbf4b78-7afc-4dd7-865f-4a32950d210f",
"indicator--5bbf4b7c-b7a0-4f4d-a717-4c5b950d210f",
"indicator--5bbf4b85-8284-4ece-a2a5-493f950d210f",
"indicator--5bbf4b89-0fa8-4d79-b974-458f950d210f",
"indicator--5bbf4b8d-0be8-4633-bacb-4ee6950d210f",
"indicator--5bbf4b90-078c-4209-b17e-49a7950d210f",
"indicator--5bbf4b96-ac80-4f5c-a603-4b66950d210f",
"indicator--5bbf4b96-c704-42b1-ae14-4fd4950d210f",
"indicator--5bbf4b9b-719c-4701-a296-48e1950d210f",
"indicator--5bbf4ba0-cba8-4f46-828f-48c3950d210f",
"indicator--5bbf4ba1-b770-4185-bf4c-4c28950d210f",
"indicator--5bbf4ba1-7b18-462d-b9f2-4044950d210f",
"indicator--5bbf4ba2-4c98-45d6-8cdb-4b45950d210f",
"indicator--5bbf4ba3-e8c8-48c3-b84e-4012950d210f",
"indicator--5bbf4ba3-d068-4574-8a44-412e950d210f",
"indicator--5bbf4ba4-008c-4b5c-9752-4f8e950d210f",
"indicator--5bbf4e91-03f4-42b7-af1e-4315950d210f",
"indicator--5bbf4e94-8bbc-4736-ad4e-4315950d210f",
"indicator--5bbf4e98-b7b0-4031-a6ac-4315950d210f",
"indicator--5bbf4e99-7ee8-4003-ba59-4315950d210f",
"indicator--5bbf4e99-261c-4605-8a22-4315950d210f",
"indicator--5bbf4e9a-1bb8-4103-9ac1-4315950d210f",
"indicator--5bbf4e9a-7b48-46d7-98bf-4315950d210f",
"indicator--5bbf4e9b-39e0-445e-852a-4315950d210f",
"indicator--5bbf4e9b-ccc8-4fb4-ae22-4315950d210f",
"indicator--5bbf4e9b-9458-4c15-9aa3-4315950d210f",
"indicator--5bbf4e9c-05f8-4116-bf0d-4315950d210f",
"indicator--5bbf4e9c-0b2c-47a6-ac02-4315950d210f",
"indicator--5bbf4ea0-3764-44d5-845e-4315950d210f",
"indicator--5bbf4ea5-276c-4e49-a727-4315950d210f",
"indicator--5bbf4eab-bbcc-4381-b5d1-4315950d210f",
"indicator--5bbf4eab-2928-4bbe-9e6e-4315950d210f",
"indicator--5bbf4eac-db2c-41a7-83e9-4315950d210f",
"indicator--5bbf4eac-3790-43ae-bedf-4315950d210f",
"indicator--5bbf4ead-afbc-4a27-b23c-4315950d210f",
"indicator--5bbf4ead-4e14-4bb3-925f-4315950d210f",
"indicator--5bbf4eae-6460-4d97-b96f-4315950d210f",
"indicator--5bbf4eae-6154-4435-ab53-4315950d210f",
"indicator--5bbf4eaf-becc-42a3-9218-4315950d210f",
"indicator--5bbf4eb3-cf64-4453-87f5-4315950d210f",
"indicator--5bbf4eb6-c9b4-4eba-a8fb-4315950d210f",
"indicator--5bbf4ebc-6ffc-49fd-97fc-4315950d210f",
"indicator--5bbf4ebe-79f8-4c3d-b6f6-4315950d210f",
"indicator--5bbf4ec3-cc20-4674-be71-4315950d210f",
"indicator--5bbf4ec3-5f98-4109-a25d-4315950d210f",
"indicator--5bbf4ec4-cd84-40cd-9d53-4315950d210f",
"indicator--5bbf4ec4-e9e8-45bc-a686-4315950d210f",
"indicator--5bbf4ec4-07c0-4596-9d9d-4315950d210f",
"indicator--5bbf4ec5-773c-418c-b0b1-4315950d210f",
"indicator--5bbf4ec5-3f14-4529-b505-4315950d210f",
"indicator--5bbf4eca-914c-4ce3-a8b8-4315950d210f",
"indicator--5bbf4ece-f374-41ae-aae1-4315950d210f",
"indicator--5bbf4ed3-2080-42ec-9081-4315950d210f",
"indicator--5bbf4ed4-ee1c-4d47-8bad-4315950d210f",
"indicator--5bbf4ed4-3630-4d90-9188-4315950d210f",
"indicator--5bbf4ed9-1174-46e6-b13f-4315950d210f",
"indicator--5bbf4eda-9fe0-4234-9d60-4315950d210f",
"indicator--5bbf4eda-61a0-4b8d-911d-4315950d210f",
"indicator--5bbf4edf-4700-40a1-abb6-4315950d210f",
"indicator--5bbf4ee3-1f9c-4ace-9dc5-4315950d210f",
"indicator--5bbf4ee8-3d54-483b-961e-4315950d210f",
"indicator--5bbf4eea-4438-4792-afbc-4315950d210f",
"indicator--5bbf4ef0-3e14-49e2-9fee-4315950d210f",
"indicator--5bbf4ef5-0e8c-4474-99ef-4315950d210f",
"indicator--5bbf4ef6-e1f8-4b9b-a0f9-4315950d210f",
"indicator--5bbf4ef7-a030-48a0-9441-4315950d210f",
"indicator--5bbf4ef7-323c-4cb1-9b20-4315950d210f",
"indicator--5bbf4ef8-926c-414e-bbf3-4315950d210f",
"indicator--5bbf4ef9-2088-4145-bac8-4315950d210f",
"indicator--5bbf4ef9-af84-4d1b-a146-4315950d210f",
"indicator--5bbf4efa-cef4-4acf-a545-4315950d210f",
"indicator--5bbf4efa-ad7c-4764-a3db-4315950d210f",
"indicator--5bbf4f00-8450-47bc-9c7b-4315950d210f",
"indicator--5bbf4f04-9870-4bce-a8eb-4315950d210f",
"indicator--5bbf4f04-9cf8-475e-ad67-4315950d210f",
"indicator--5bbf4f05-a490-4cb4-b03a-4315950d210f",
"indicator--5bbf4f05-9200-4231-9ae7-4315950d210f",
"indicator--5bbf4f06-b540-4a97-9206-4315950d210f",
"indicator--5bbf4f06-71c0-4bd0-8c03-4315950d210f",
"indicator--5bbf4f0b-cbf8-40e7-bee8-4315950d210f",
"indicator--5bbf4f11-343c-47d6-8e4e-4315950d210f",
"indicator--5bbf4f16-e3ec-4809-8007-4315950d210f",
"indicator--5bbf4f17-cfa8-4443-868a-4315950d210f",
"indicator--5bbf4f17-5fac-447e-8b13-4315950d210f",
"indicator--5bbf4f1c-0c1c-4fe2-a1c8-4315950d210f",
"indicator--5bbf4f21-ff74-427d-85db-4315950d210f",
"indicator--5bbf4f26-7514-467e-9475-4315950d210f",
"indicator--5bbf4f2a-833c-469f-9fe3-4315950d210f",
"indicator--5bbf4f2d-dda8-4461-b7ff-4315950d210f",
"indicator--5bbf4f32-9e7c-4496-95f4-4315950d210f",
"indicator--5bbf4f32-878c-4d38-b334-4315950d210f",
"indicator--5bbf4f33-f270-44c1-98a6-4315950d210f",
"indicator--5bbf4f33-f1a0-4ffa-aec2-4315950d210f",
"indicator--5bbf4f33-6550-41f2-9c72-4315950d210f",
"indicator--5bbf4f34-3218-4088-91e3-4315950d210f",
"indicator--5bbf4f34-9d2c-489d-a663-4315950d210f",
"indicator--5bbf4f35-7db0-4e28-b914-4315950d210f",
"indicator--5bbf4f38-fe80-4da3-aa47-4315950d210f",
"indicator--5bbf4f38-7dac-459f-980a-4315950d210f",
"indicator--5bbf4f39-9f8c-4134-a0b5-4315950d210f",
"indicator--5bbf4f39-f7c4-4a13-a102-4315950d210f",
"indicator--5bbf4f3a-34ec-4a43-a993-4315950d210f",
"indicator--5bbf4f3a-39ec-40f8-99ba-4315950d210f",
"indicator--5bbf4f3f-8320-4197-a8f3-4315950d210f",
"indicator--5bbf4f3f-c998-413c-a4eb-4315950d210f",
"indicator--5bbf4f40-04d0-4469-8771-4315950d210f",
"indicator--5bbf4f40-9784-4d95-a4c1-4315950d210f",
"indicator--5bbf4f41-7cc4-4e3f-bea3-4315950d210f",
"indicator--5bbf4f41-7394-4595-b0bd-4315950d210f",
"indicator--5bbf4f46-2cec-44c4-9243-4315950d210f",
"indicator--5bbf4a88-e644-4373-8f22-4f5c950d210f",
"indicator--f0ecd20c-c324-4552-b22e-2254d13c0d70",
"x-misp-object--6c4edc48-764b-446e-bd3a-e08d58c5f414",
"indicator--dc3b0ca2-7e14-41d8-8c34-022baaa305da",
"x-misp-object--fae2cb08-fb69-48cb-aac2-7b3250b62ad5",
"indicator--25010369-b434-4849-9096-aa17cced6ad8",
"x-misp-object--40df6dc6-4008-4511-8942-c68ae7c4c439",
"indicator--f0067c21-5a51-48ee-b5a0-748e94e698f5",
"x-misp-object--1cd76294-1677-4dab-983a-e33422ac6c06",
"indicator--3a47367c-5962-4e07-99ce-54f4aedb0c99",
"x-misp-object--b819962d-72fd-40c0-8e97-9404acfe53f6",
"indicator--666f7de1-d07f-4338-9e36-f8682d20937f",
"x-misp-object--7470f298-272d-4997-a3a9-1e2caf089fc5",
"indicator--02083d52-09a4-472a-be1a-72f5de96c4e1",
"x-misp-object--585149aa-ac1e-4772-9f75-63454f6f03a4",
"indicator--8f18793b-7d4f-4118-85a8-c3c232c332f9",
"x-misp-object--ca08f8bc-3f96-451e-8edf-f68d01cbf731",
"indicator--1add812c-a522-4b1b-abd9-4c5cae1ab7bc",
"x-misp-object--75f83f9e-61ba-4d6d-8b35-5b676b67cc83",
"indicator--0137dda2-1337-46d6-94a9-62767e660212",
"x-misp-object--d9e567e6-749d-48d9-8d4c-5cc3940925ea",
"indicator--ccbdf26b-9daa-4595-8bd3-f5936c78077b",
"x-misp-object--283c947e-0fbc-4c5d-90a5-c0920818017b",
"indicator--716c54d2-9fe7-4298-a41e-e0f7039e6597",
"x-misp-object--946d0c35-380c-4096-85d9-51bb3c2a270a",
"indicator--79357d15-935b-4c65-8ebd-e833a37e392e",
"x-misp-object--2e92239b-9952-4018-bf23-8677faf45b20",
"indicator--8ceadd5c-78e1-4d36-bc76-90cdda36183b",
"x-misp-object--112a8c20-ac6e-4d67-89c5-2465589397a6",
"indicator--e79a1f3b-7093-418a-ae2b-beb6167055ff",
"x-misp-object--62173e48-3eae-4a9b-acb6-3fd28147d243",
"indicator--c68ce55d-fac2-4f4f-8c1f-05a081a07427",
"x-misp-object--ffcdf8c5-d42e-42a3-b1b6-17a36bd68c4b",
"indicator--cf5169d7-134c-41c0-992a-9aaafd89fa7e",
"x-misp-object--f7bbedb7-2b40-487f-9fe0-36bb03719010",
"indicator--a2e795f9-03f0-4374-a361-4283add548d9",
"x-misp-object--6382b419-dfcb-4147-8617-968cbce89878",
"indicator--2232c998-99a2-4d0a-99ef-191ae7aa0b4b",
"x-misp-object--d6bfda7d-fce7-419d-83ca-dd6e334fd72f",
"indicator--c6c3d7c3-e3ad-4947-ac6b-637f3393e1eb",
"x-misp-object--06f90ed1-6d51-48d0-992e-649b609b0196",
"indicator--6f11d27a-6534-48c5-b854-c49cf5a591c5",
"x-misp-object--d395d4d7-2cab-49ce-9da3-b61c070cd153",
"indicator--fbeb7670-7016-4cbf-9be7-914d985ff8ec",
"x-misp-object--f7dc33bd-ea3b-4c04-b5a4-aceae14bac9c",
"indicator--502df54a-3b51-4e3b-a3f3-508ea91deb34",
"x-misp-object--c6bbf84f-cece-45dc-8d30-22a739c1d362",
"indicator--416533e3-49d9-4093-b383-5cda3ee03931",
"x-misp-object--42f142f7-3e65-49ba-91d4-3d3cc8e107b7",
"indicator--029e31e7-5057-4cad-a5e2-d185983c98f5",
"x-misp-object--ed94cf78-fbf6-46d4-8474-9ebd1f00d3da",
"indicator--857206fa-64e6-4cc7-9a8f-cc1bea9d7bec",
"x-misp-object--9983f130-96c0-4d6d-9cea-88961a5c4203",
"indicator--13866788-eb30-4b88-ab83-ab1e4b94573a",
"x-misp-object--f0b4db0a-9c42-42a2-8388-8690e37e2d9a",
"indicator--489c3c47-36a1-414b-b900-0285b2742f7e",
"x-misp-object--81e3916e-a5f1-4d2c-98bd-c34f00b4c86e",
"indicator--7eeec90d-2d22-4d1f-9239-e8df266c78e8",
"x-misp-object--66268f88-4020-445c-8d0b-fe9da7666eef",
"indicator--a94eb647-88bc-4f7d-8269-ee9c549a8234",
"x-misp-object--f6cf1551-0bc9-44c0-a9ec-35748471737a",
2023-05-19 09:05:37 +00:00
"relationship--15079350-a9e1-441f-92d2-c26bda14e3ce",
"relationship--76f941f3-b600-407f-9bd5-f89aec2e4ed6",
"relationship--2db640f6-14ae-489a-88f5-57f7b173b349",
"relationship--26a40c71-218f-4293-a3d4-f66dfe63a2f5",
"relationship--053db391-9743-4810-bba9-6218d37ea380",
"relationship--3b60fcbf-3611-4af2-ad5d-ab33b12a13c7",
"relationship--e1ef0cdc-4fde-4550-9dff-afb0bb36dff9",
"relationship--704961ea-3d26-4913-8a69-252db3aedbfa",
"relationship--34121778-217f-437b-8fd2-c419dd128f59",
"relationship--0a2ed5cd-7fb3-498a-90aa-a0d106886f11",
"relationship--e6e1b0f5-00b1-4f3c-b653-511203c26b53",
"relationship--00e9a611-ace5-4399-ad49-fe8cc2fc9806",
"relationship--e47dfdc7-30ee-405e-9fbf-ff764b88c524",
"relationship--8fe99a03-19f4-4745-965d-19ce7ba245d4",
"relationship--d9ca8c0d-5ee4-41a8-9e12-eec32108861a",
"relationship--3be07ef4-5254-4f72-9d95-c7698676ca6a",
"relationship--be4960eb-7dd5-4a34-b53f-c8add23c9faa",
"relationship--b24f50da-9816-4f3c-ae9d-36580394b9a9",
"relationship--6f674b49-b210-4198-97ca-ddf052d32ca8",
"relationship--442ed7d2-adf2-4290-84f7-d004bb02c645",
"relationship--3a09c204-a50b-49c4-8bcc-b3cf20c63f80",
"relationship--e4a80938-da7d-4575-9079-6d7d1d0ee5e5",
"relationship--1945bb19-e322-4ee2-b7c1-d0ffa6dc98d5",
"relationship--09d43407-e116-4cf9-8d96-a5ffbcf861fb",
"relationship--cb4f4bfa-ce51-44ec-a543-b5bc8b833fa5",
"relationship--10649d6f-8711-40ff-b06c-6e05cc4b666d",
"relationship--095fe58d-b784-4989-84a3-9cb192bd49ca",
"relationship--4afd8785-656f-4213-9366-36c568503dae",
"relationship--8f0ffe5e-3c7c-4c80-8203-11705c7e6ab5",
"relationship--a8dee259-46ca-4097-91a1-f9e96f13b58d"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:banker=\"Panda Banker\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Man in the Browser - T1185\"",
"misp-galaxy:banker=\"Geodo\"",
"misp-galaxy:tool=\"Emotet\"",
"osint:source-type=\"blog-post\"",
"malware_classification:malware-category=\"Trojan\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbe09dc-2250-4f64-b8be-4746950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:27:38.000Z",
"modified": "2018-10-11T13:27:38.000Z",
"first_observed": "2018-10-11T13:27:38Z",
"last_observed": "2018-10-11T13:27:38Z",
"number_observed": 1,
"object_refs": [
"url--5bbe09dc-2250-4f64-b8be-4746950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bbe09dc-2250-4f64-b8be-4746950d210f",
"value": "https://threatvector.cylance.com/en_us/home/threat-spotlight-panda-banker-trojan-targets-the-us-canada-and-japan.html"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0a00-7120-46aa-bb57-4975950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:30:08.000Z",
"modified": "2018-10-11T13:30:08.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/1rifoluwaqyseawawuvza.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0a01-c870-4dc4-b3fa-4c85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:31:23.000Z",
"modified": "2018-10-11T13:31:23.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/webinjects_new3.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:31:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0a02-dc14-43b8-950d-4411950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:30:02.000Z",
"modified": "2018-10-11T13:30:02.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/1rifoluwaqyseawawuvza.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:30:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0a02-e614-4c72-9c8f-4a3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:29:50.000Z",
"modified": "2018-10-11T13:29:50.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/webinject32_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:29:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0a03-64e4-43c5-b296-4558950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:29:58.000Z",
"modified": "2018-10-11T13:29:58.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/webinject64_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:29:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0a03-0e34-44aa-8510-4265950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:29:16.000Z",
"modified": "2018-10-11T13:29:16.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/vnc32_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:29:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4793-0874-4cff-8f22-494a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:35.000Z",
"modified": "2018-10-11T12:52:35.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '088e2de6e3cf283f6b7cb518655adb32f1de8a0d14eff9e8a10aa16d1420cc4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4795-3100-4ffa-ac0f-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:37.000Z",
"modified": "2018-10-11T12:52:37.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '0dd11e77562e51de1c12c1d7edf9c34c115f79f13cdc8d2a4743f41515d069f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4799-cad4-4925-8766-4fcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:41.000Z",
"modified": "2018-10-11T12:52:41.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '111b67b802426c2e94e933761cbb6168a6730c99849244e518d11e1474218088']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4799-aa6c-4a57-8f36-49a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:41.000Z",
"modified": "2018-10-11T12:52:41.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '200dd176eccfe11a3456193bf1fe7d46d23408834e172991b883d59aa59ce259']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf479a-596c-4667-a6c3-43d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:42.000Z",
"modified": "2018-10-11T12:52:42.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '20f4445b40dc0cd1830dee6031a7342284e51dc4c399d331507b28f74ba0727b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf479a-e098-464c-9e76-4994950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:42.000Z",
"modified": "2018-10-11T12:52:42.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '2527c9eb597bd85c4ca2e7a6550cc7480dbb3129dd3d6033e66e82b0988ee061']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf479b-7cdc-42bb-ba1f-4638950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:43.000Z",
"modified": "2018-10-11T12:52:43.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '333aff311b07c5cbedfb618ff902b0dd663c0ba50b2dc8a2a590e9409cb9bc3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf479e-20c4-40a1-ade7-46bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:46.000Z",
"modified": "2018-10-11T12:52:46.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '3dd50e3c6f108c9e7289e797127527b7e5321f360893fc1fcc41b19b06dd65bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47a4-8c04-42e1-a634-4b8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:52.000Z",
"modified": "2018-10-11T12:52:52.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47a9-5448-43f0-ba9d-40f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:57.000Z",
"modified": "2018-10-11T12:52:57.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '57cfd2da86195b4d5636579aba6c61fa7fc9d0646ea6fe7cb4752ddbc789428a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47aa-69a0-4326-aa27-454c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:52:58.000Z",
"modified": "2018-10-11T12:52:58.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '5b7f1708092a1fecf4ad1dc22cccca62c1648361f805762c465f12b9501e485c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:52:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47ac-83b4-4c54-9a16-44c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:00.000Z",
"modified": "2018-10-11T12:53:00.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '5cde033fd3d5e1f4750034e262f7e913a26231dcd2d658581557387c1fa7306b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47ad-0604-4ae1-a8c9-47b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:01.000Z",
"modified": "2018-10-11T12:53:01.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '6030ce3acf4dd0729b30795b23a4dc9983a9363e5bf6b1e7dc82ef4ccaef7754']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47ae-ffa4-4e29-b373-433a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:02.000Z",
"modified": "2018-10-11T12:53:02.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '8327163cf9c9dc8c4680ad6adccf10aaf4458f75c4db045e7e3608081ce6fae1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47b0-5200-4fb3-b90f-4d2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:04.000Z",
"modified": "2018-10-11T12:53:04.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '85d8829d7795af046e238d9981592f96ad49dcb2ccb9e5c6bb938bc04b1e8552']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47b1-2cf0-4cb8-877f-4bd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:05.000Z",
"modified": "2018-10-11T12:53:05.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '8a26412234ec7cb43b07bae7e9910eb0f7eb807cf8581abed56aafaf514ac4a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47b2-e30c-4969-b0e1-44ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:06.000Z",
"modified": "2018-10-11T12:53:06.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = '997a9a38aae2be74659296df901aed09ef5adb671ee682605dd999243f9e9983']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47b7-2f24-4acd-9e28-4bc0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:11.000Z",
"modified": "2018-10-11T12:53:11.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'ad7b21f9c14c49ea28f7e98a8e3b44973446342537d9817ec91c13681bae0023']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47bc-32d8-4cca-b59d-49d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:16.000Z",
"modified": "2018-10-11T12:53:16.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'b1ebf3d44d496ee574831266474b10b55c06e30aea56d41ac8830ba2b28f7a0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c1-be50-4057-b3a8-4242950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:21.000Z",
"modified": "2018-10-11T12:53:21.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'b6708bb21911fe143fdc33a57993db91be7f90ebacc0eac302019b2d12a763e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c2-8eb0-4964-98d7-4758950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:22.000Z",
"modified": "2018-10-11T12:53:22.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'bc394ca7b7db058dab18ad8f612fe99c734006f034945b1336682e4728a4e932']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c2-86e4-434a-aabb-45ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:22.000Z",
"modified": "2018-10-11T12:53:22.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'c83d21ddcc75d410a3f40b9c869e7c75861240077be7a174f6d2b574bf6bc2c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c3-0e80-4d76-9f8c-49f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:23.000Z",
"modified": "2018-10-11T12:53:23.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'c93f049bfd7e1e5b9fafb04100cacc156fe76d69d4cc0a1df27d29b057371e05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c3-dde8-49db-ba8b-45f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:23.000Z",
"modified": "2018-10-11T12:53:23.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'cb050e95ce7cd9cdd444741c8bf80e913297565eebb7b8cb64b4f69407017944']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c4-39f4-43c3-87ea-4b2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:24.000Z",
"modified": "2018-10-11T12:53:24.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'ceb3cc460681d1274113d2a983b143049c139261d03552356c0f95f8c140b669']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c4-a008-4d16-92e5-4103950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:24.000Z",
"modified": "2018-10-11T12:53:24.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c5-7c40-4147-b83c-4ebd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:25.000Z",
"modified": "2018-10-11T12:53:25.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'e187df28541a1296d10a6ac2ff7ed5a52ce7577fcc8bc3811af3238af0e5e991']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c5-cf14-43dd-aa46-45b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:25.000Z",
"modified": "2018-10-11T12:53:25.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'f87439636b309409b96b336099d84fff56773391cfa52faf069c3b7b517ba154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c6-43bc-44bf-a23f-4280950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:26.000Z",
"modified": "2018-10-11T12:53:26.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'facd400eb4530f6c0357c1115c3275e7feefdb982df96f13ffec62f56b95ccb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf47c6-41e4-4d78-9e8e-4ac1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T12:53:26.000Z",
"modified": "2018-10-11T12:53:26.000Z",
"description": "Panda Banker payloads",
"pattern": "[file:hashes.SHA256 = 'fbc8126a3bc0746e57dbd4ae29c64006b79825243e47659e0ff57b5b27641123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T12:53:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b33-b024-4397-a219-4c30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:03.000Z",
"modified": "2018-10-11T13:08:03.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'rxdirectories.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b34-e9e0-4836-bbd3-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:04.000Z",
"modified": "2018-10-11T13:08:04.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'adshiepkhach.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b35-e748-45da-98bc-465e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:05.000Z",
"modified": "2018-10-11T13:08:05.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'akihabrajdu.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b36-6648-4c1a-ba63-4c18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:06.000Z",
"modified": "2018-10-11T13:08:06.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'antrefurniture.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b37-03ec-4fd1-98cb-4045950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:07.000Z",
"modified": "2018-10-11T13:08:07.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'bloodskin.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b37-49ac-472f-b881-47ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:07.000Z",
"modified": "2018-10-11T13:08:07.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'canariasmotor.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b38-77d8-4b4a-bb67-4bb9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:08.000Z",
"modified": "2018-10-11T13:08:08.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'cebabsebi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b39-d458-4cff-998d-462f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:09.000Z",
"modified": "2018-10-11T13:08:09.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'coloredcredit.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b39-9538-4482-937b-4967950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:09.000Z",
"modified": "2018-10-11T13:08:09.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'connectionjump.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b3a-7970-48ff-a149-4fcb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:10.000Z",
"modified": "2018-10-11T13:08:10.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'dintlasirob.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b3b-f514-4d75-9ff7-4977950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:11.000Z",
"modified": "2018-10-11T13:08:11.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'downloadmasala.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b3b-784c-464e-aec8-4824950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:11.000Z",
"modified": "2018-10-11T13:08:11.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'encitimefoan.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b3c-31f4-4f88-952e-4e52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:12.000Z",
"modified": "2018-10-11T13:08:12.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'fullspectrumavs.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b41-7840-44bf-8454-4e26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:17.000Z",
"modified": "2018-10-11T13:08:17.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'gmokkasd.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b42-40f8-40ea-b995-4d72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:18.000Z",
"modified": "2018-10-11T13:08:18.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'haketsitet.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b49-c7d8-4660-b23f-424e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:25.000Z",
"modified": "2018-10-11T13:08:25.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'hogamotin.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b51-6178-4489-bf76-47d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:33.000Z",
"modified": "2018-10-11T13:08:33.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'humoronoff.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b56-5160-4663-b753-4e02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:38.000Z",
"modified": "2018-10-11T13:08:38.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'indolentgames.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b5f-1f2c-4e9f-a8b1-4172950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:47.000Z",
"modified": "2018-10-11T13:08:47.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'inghapwilhe.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b60-924c-462c-a9e2-4164950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:48.000Z",
"modified": "2018-10-11T13:08:48.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'jecrusandsi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b60-200c-44eb-a131-442e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:48.000Z",
"modified": "2018-10-11T13:08:48.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'joltter.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b61-9384-4b1d-aa58-411c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:49.000Z",
"modified": "2018-10-11T13:08:49.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'legaleeny.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b62-30f8-4d41-b84d-40e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:50.000Z",
"modified": "2018-10-11T13:08:50.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'letretuthes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b62-35dc-42e7-a3c1-4f75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:50.000Z",
"modified": "2018-10-11T13:08:50.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'luxurygoosedown.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b63-9cc4-4e52-8421-4ceb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:51.000Z",
"modified": "2018-10-11T13:08:51.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'lyletening.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b67-72cc-4a30-9ed7-46f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:55.000Z",
"modified": "2018-10-11T13:08:55.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'majorhunt.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b67-34e0-4c71-97aa-4dbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:55.000Z",
"modified": "2018-10-11T13:08:55.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'mihecksandca.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b68-1518-4a62-81fd-4fa8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:56.000Z",
"modified": "2018-10-11T13:08:56.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'miliocife.aktyubinsk.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b69-57c8-41ae-b630-4736950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:57.000Z",
"modified": "2018-10-11T13:08:57.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'myaningmuchme.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b69-87cc-4599-a9b6-4311950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:57.000Z",
"modified": "2018-10-11T13:08:57.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'myhubcloud.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b6a-dde0-4a3f-8650-491f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:58.000Z",
"modified": "2018-10-11T13:08:58.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'mykeeptake.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b6b-07a0-400e-b25d-45e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:08:59.000Z",
"modified": "2018-10-11T13:08:59.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'mystratusstore.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:08:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b70-47a8-4674-85fe-40c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:04.000Z",
"modified": "2018-10-11T13:09:04.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'nauseorofte.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b78-7afc-4dd7-865f-4a32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:12.000Z",
"modified": "2018-10-11T13:09:12.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'nybaseballfans.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b7c-b7a0-4f4d-a717-4c5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:16.000Z",
"modified": "2018-10-11T13:09:16.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'picosloop.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b85-8284-4ece-a2a5-493f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:25.000Z",
"modified": "2018-10-11T13:09:25.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'rebretaci.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b89-0fa8-4d79-b974-458f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:29.000Z",
"modified": "2018-10-11T13:09:29.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'rombutcading.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b8d-0be8-4633-bacb-4ee6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:33.000Z",
"modified": "2018-10-11T13:09:33.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'smartnutriment.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b90-078c-4209-b17e-49a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:36.000Z",
"modified": "2018-10-11T13:09:36.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'speakeasyclan.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b96-ac80-4f5c-a603-4b66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:42.000Z",
"modified": "2018-10-11T13:09:42.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'tailbackuisback.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b96-c704-42b1-ae14-4fd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:42.000Z",
"modified": "2018-10-11T13:09:42.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'theeunload.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4b9b-719c-4701-a296-48e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:46.000Z",
"modified": "2018-10-11T13:09:46.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'thevisitorsfilm.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba0-cba8-4f46-828f-48c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:52.000Z",
"modified": "2018-10-11T13:09:52.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'uiaoduiiej.chimkent.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba1-b770-4185-bf4c-4c28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:53.000Z",
"modified": "2018-10-11T13:09:53.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'umirushieteg.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba1-7b18-462d-b9f2-4044950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:53.000Z",
"modified": "2018-10-11T13:09:53.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'vethatnetont.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba2-4c98-45d6-8cdb-4b45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:54.000Z",
"modified": "2018-10-11T13:09:54.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'vudoshakar123123.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba3-e8c8-48c3-b84e-4012950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:55.000Z",
"modified": "2018-10-11T13:09:55.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'watercraftuavs.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba3-d068-4574-8a44-412e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:55.000Z",
"modified": "2018-10-11T13:09:55.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'wegmanss.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ba4-008c-4b5c-9752-4f8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:09:56.000Z",
"modified": "2018-10-11T13:09:56.000Z",
"description": "C2 domain names",
"pattern": "[domain-name:value = 'zanhimnohedt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:09:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e91-03f4-42b7-af1e-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:25.000Z",
"modified": "2018-10-11T13:22:25.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/vnc64_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e94-8bbc-4736-ad4e-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:28.000Z",
"modified": "2018-10-11T13:22:28.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/backsocks_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e98-b7b0-4031-a6ac-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:32.000Z",
"modified": "2018-10-11T13:22:32.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/grabber_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e99-7ee8-4003-ba59-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:33.000Z",
"modified": "2018-10-11T13:22:33.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://vudoshakar123123.website/keylogger_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e99-261c-4605-8a22-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:33.000Z",
"modified": "2018-10-11T13:22:33.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/2itopfetoebenfeakoqas.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9a-1bb8-4103-9ac1-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:34.000Z",
"modified": "2018-10-11T13:22:34.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/webinjects_new3.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9a-7b48-46d7-98bf-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:34.000Z",
"modified": "2018-10-11T13:22:34.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/2itopfetoebenfeakoqas.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9b-39e0-445e-852a-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:35.000Z",
"modified": "2018-10-11T13:22:35.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/webinject32_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9b-ccc8-4fb4-ae22-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:35.000Z",
"modified": "2018-10-11T13:22:35.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/webinject64_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9b-9458-4c15-9aa3-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:35.000Z",
"modified": "2018-10-11T13:22:35.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/vnc32_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9c-05f8-4116-bf0d-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:36.000Z",
"modified": "2018-10-11T13:22:36.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/vnc64_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4e9c-0b2c-47a6-ac02-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:36.000Z",
"modified": "2018-10-11T13:22:36.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/backsocks_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ea0-3764-44d5-845e-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:40.000Z",
"modified": "2018-10-11T13:22:40.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/grabber_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ea5-276c-4e49-a727-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:45.000Z",
"modified": "2018-10-11T13:22:45.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mystratusstore.xyz/keylogger_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eab-bbcc-4381-b5d1-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:51.000Z",
"modified": "2018-10-11T13:22:51.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/1ixcyidwexoumibewibbi.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eab-2928-4bbe-9e6e-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:51.000Z",
"modified": "2018-10-11T13:22:51.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610webinjects.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eac-db2c-41a7-83e9-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:52.000Z",
"modified": "2018-10-11T13:22:52.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/1ixcyidwexoumibewibbi.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eac-3790-43ae-bedf-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:52.000Z",
"modified": "2018-10-11T13:22:52.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610webinject32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ead-afbc-4a27-b23c-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:53.000Z",
"modified": "2018-10-11T13:22:53.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610webinject64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ead-4e14-4bb3-925f-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:53.000Z",
"modified": "2018-10-11T13:22:53.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eae-6460-4d97-b96f-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:54.000Z",
"modified": "2018-10-11T13:22:54.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eae-6154-4435-ab53-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:54.000Z",
"modified": "2018-10-11T13:22:54.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eaf-becc-42a3-9218-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:55.000Z",
"modified": "2018-10-11T13:22:55.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eb3-cf64-4453-87f5-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:22:59.000Z",
"modified": "2018-10-11T13:22:59.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://mihecksandca.ru/610keylogger.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:22:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eb6-c9b4-4eba-a8fb-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:02.000Z",
"modified": "2018-10-11T13:23:02.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/1toziimufuzutotsaguel.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ebc-6ffc-49fd-97fc-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:08.000Z",
"modified": "2018-10-11T13:23:08.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610webinjects.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ebe-79f8-4c3d-b6f6-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:10.000Z",
"modified": "2018-10-11T13:23:10.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/1toziimufuzutotsaguel.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec3-cc20-4674-be71-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:15.000Z",
"modified": "2018-10-11T13:23:15.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610webinject32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec3-5f98-4109-a25d-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:15.000Z",
"modified": "2018-10-11T13:23:15.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610webinject64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec4-cd84-40cd-9d53-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:16.000Z",
"modified": "2018-10-11T13:23:16.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec4-e9e8-45bc-a686-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:16.000Z",
"modified": "2018-10-11T13:23:16.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec4-07c0-4596-9d9d-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:16.000Z",
"modified": "2018-10-11T13:23:16.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec5-773c-418c-b0b1-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:17.000Z",
"modified": "2018-10-11T13:23:17.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ec5-3f14-4529-b505-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:17.000Z",
"modified": "2018-10-11T13:23:17.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://rombutcading.ru/610keylogger.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eca-914c-4ce3-a8b8-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:22.000Z",
"modified": "2018-10-11T13:23:22.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/1haetibatiqinoktaitov.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ece-f374-41ae-aae1-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:26.000Z",
"modified": "2018-10-11T13:23:26.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69webinjects.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ed3-2080-42ec-9081-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:31.000Z",
"modified": "2018-10-11T13:23:31.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/1haetibatiqinoktaitov.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ed4-ee1c-4d47-8bad-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:32.000Z",
"modified": "2018-10-11T13:23:32.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69webinject32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ed4-3630-4d90-9188-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:32.000Z",
"modified": "2018-10-11T13:23:32.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69webinject64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ed9-1174-46e6-b13f-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:37.000Z",
"modified": "2018-10-11T13:23:37.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eda-9fe0-4234-9d60-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:38.000Z",
"modified": "2018-10-11T13:23:38.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eda-61a0-4b8d-911d-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:38.000Z",
"modified": "2018-10-11T13:23:38.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4edf-4700-40a1-abb6-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:43.000Z",
"modified": "2018-10-11T13:23:43.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ee3-1f9c-4ace-9dc5-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:47.000Z",
"modified": "2018-10-11T13:23:47.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://betrephengu.ru/69keylogger.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ee8-3d54-483b-961e-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:52.000Z",
"modified": "2018-10-11T13:23:52.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/1uqboygheizxeraneorlo.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4eea-4438-4792-afbc-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:23:54.000Z",
"modified": "2018-10-11T13:23:54.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/webinjects_new3.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:23:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef0-3e14-49e2-9fee-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:00.000Z",
"modified": "2018-10-11T13:24:00.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/1uqboygheizxeraneorlo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef5-0e8c-4474-99ef-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:05.000Z",
"modified": "2018-10-11T13:24:05.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/webinject32_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef6-e1f8-4b9b-a0f9-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:06.000Z",
"modified": "2018-10-11T13:24:06.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/webinject64_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef7-a030-48a0-9441-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:07.000Z",
"modified": "2018-10-11T13:24:07.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/vnc32_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef7-323c-4cb1-9b20-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:07.000Z",
"modified": "2018-10-11T13:24:07.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/vnc64_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef8-926c-414e-bbf3-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:08.000Z",
"modified": "2018-10-11T13:24:08.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/backsocks_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef9-2088-4145-bac8-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:09.000Z",
"modified": "2018-10-11T13:24:09.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/grabber_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4ef9-af84-4d1b-a146-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:09.000Z",
"modified": "2018-10-11T13:24:09.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://humoronoff.top/keylogger_new3.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4efa-cef4-4acf-a545-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:10.000Z",
"modified": "2018-10-11T13:24:10.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/1ifmuybbolakuotegepma.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4efa-ad7c-4764-a3db-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:10.000Z",
"modified": "2018-10-11T13:24:10.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610webinjects.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f00-8450-47bc-9c7b-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:16.000Z",
"modified": "2018-10-11T13:24:16.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/1ifmuybbolakuotegepma.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f04-9870-4bce-a8eb-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:20.000Z",
"modified": "2018-10-11T13:24:20.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610webinject32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f04-9cf8-475e-ad67-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:20.000Z",
"modified": "2018-10-11T13:24:20.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610webinject64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f05-a490-4cb4-b03a-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:21.000Z",
"modified": "2018-10-11T13:24:21.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f05-9200-4231-9ae7-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:21.000Z",
"modified": "2018-10-11T13:24:21.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f06-b540-4a97-9206-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:22.000Z",
"modified": "2018-10-11T13:24:22.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f06-71c0-4bd0-8c03-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:22.000Z",
"modified": "2018-10-11T13:24:22.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f0b-cbf8-40e7-bee8-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:27.000Z",
"modified": "2018-10-11T13:24:27.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://nauseorofte.ru/610keylogger.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f11-343c-47d6-8e4e-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:33.000Z",
"modified": "2018-10-11T13:24:33.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/1waemgadyezabawhakavi.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f16-e3ec-4809-8007-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:38.000Z",
"modified": "2018-10-11T13:24:38.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610webinjects.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f17-cfa8-4443-868a-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:39.000Z",
"modified": "2018-10-11T13:24:39.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/1waemgadyezabawhakavi.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f17-5fac-447e-8b13-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:39.000Z",
"modified": "2018-10-11T13:24:39.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610webinject32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f1c-0c1c-4fe2-a1c8-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:44.000Z",
"modified": "2018-10-11T13:24:44.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610webinject64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f21-ff74-427d-85db-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:49.000Z",
"modified": "2018-10-11T13:24:49.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f26-7514-467e-9475-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:54.000Z",
"modified": "2018-10-11T13:24:54.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f2a-833c-469f-9fe3-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:24:58.000Z",
"modified": "2018-10-11T13:24:58.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:24:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f2d-dda8-4461-b7ff-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:01.000Z",
"modified": "2018-10-11T13:25:01.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f32-9e7c-4496-95f4-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:06.000Z",
"modified": "2018-10-11T13:25:06.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://myaningmuchme.ru/610keylogger.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f32-878c-4d38-b334-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:06.000Z",
"modified": "2018-10-11T13:25:06.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/5fewucaopezanxenuzebu.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f33-f270-44c1-98a6-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:07.000Z",
"modified": "2018-10-11T13:25:07.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/webinjects.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f33-f1a0-4ffa-aec2-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:07.000Z",
"modified": "2018-10-11T13:25:07.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/5fewucaopezanxenuzebu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f33-6550-41f2-9c72-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:07.000Z",
"modified": "2018-10-11T13:25:07.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/webinject32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f34-3218-4088-91e3-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:08.000Z",
"modified": "2018-10-11T13:25:08.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/webinject64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f34-9d2c-489d-a663-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:08.000Z",
"modified": "2018-10-11T13:25:08.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/vnc32.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f35-7db0-4e28-b914-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:09.000Z",
"modified": "2018-10-11T13:25:09.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/vnc64.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f38-fe80-4da3-aa47-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:12.000Z",
"modified": "2018-10-11T13:25:12.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/backsocks.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f38-7dac-459f-980a-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:12.000Z",
"modified": "2018-10-11T13:25:12.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/grabber.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f39-9f8c-4134-a0b5-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:13.000Z",
"modified": "2018-10-11T13:25:13.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/keylogger.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f39-f7c4-4a13-a102-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:13.000Z",
"modified": "2018-10-11T13:25:13.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/1boehzyyspokusiakziof.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f3a-34ec-4a43-a993-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:14.000Z",
"modified": "2018-10-11T13:25:14.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/webinjects_new2.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f3a-39ec-40f8-99ba-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:14.000Z",
"modified": "2018-10-11T13:25:14.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/1boehzyyspokusiakziof.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f3f-8320-4197-a8f3-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:19.000Z",
"modified": "2018-10-11T13:25:19.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/webinject32_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f3f-c998-413c-a4eb-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:19.000Z",
"modified": "2018-10-11T13:25:19.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/webinject64_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f40-04d0-4469-8771-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:20.000Z",
"modified": "2018-10-11T13:25:20.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/vnc32_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f40-9784-4d95-a4c1-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:20.000Z",
"modified": "2018-10-11T13:25:20.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/vnc64_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f41-7cc4-4e3f-bea3-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:21.000Z",
"modified": "2018-10-11T13:25:21.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/backsocks_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f41-7394-4595-b0bd-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:21.000Z",
"modified": "2018-10-11T13:25:21.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/grabber_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4f46-2cec-44c4-9243-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:25:26.000Z",
"modified": "2018-10-11T13:25:26.000Z",
"description": "URLs in configuration from C2 server",
"pattern": "[url:value = 'https://adshiepkhach.top/keylogger_new2.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf4a88-e644-4373-8f22-4f5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T13:05:12.000Z",
"modified": "2018-10-11T13:05:12.000Z",
"description": "Persistency",
"pattern": "[windows-registry-key:key = 'HKCU\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run' AND windows-registry-key:values[0].data = 'path to : An executable file Panda Banker created (e.g., path to blocklist.exe)' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'An executable file name Panda Banker created (e.g., blocklist.exe)' AND windows-registry-key:x_misp_root_keys = 'HKCC']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T13:05:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0ecd20c-c324-4552-b22e-2254d13c0d70",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:06:42.000Z",
"modified": "2018-10-13T14:06:42.000Z",
"pattern": "[file:hashes.MD5 = '82c6a5e05ceec286c79ae978bc746244' AND file:hashes.SHA1 = '4119689d41eda5626bae47260a08b1ae9adb45d7' AND file:hashes.SHA256 = 'f87439636b309409b96b336099d84fff56773391cfa52faf069c3b7b517ba154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6c4edc48-764b-446e-bd3a-e08d58c5f414",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:06:42.000Z",
"modified": "2018-10-13T14:06:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:58",
"category": "Other",
"uuid": "585b4a1d-da7e-4b68-8fed-59dfd092fb5c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f87439636b309409b96b336099d84fff56773391cfa52faf069c3b7b517ba154/analysis/1539299398/",
"category": "External analysis",
"uuid": "439a5ccd-c6bc-4859-aba4-58bbbce283d0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/68",
"category": "Other",
"uuid": "4700becc-d6da-43eb-bd21-fc11ee71b9fb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dc3b0ca2-7e14-41d8-8c34-022baaa305da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:06:57.000Z",
"modified": "2018-10-13T14:06:57.000Z",
"pattern": "[file:hashes.MD5 = '9cba1ff8e39923f10c186380beeacb62' AND file:hashes.SHA1 = '7d3f950b7ab75eb2e24f549d5644978204121de7' AND file:hashes.SHA256 = 'facd400eb4530f6c0357c1115c3275e7feefdb982df96f13ffec62f56b95ccb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:06:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fae2cb08-fb69-48cb-aac2-7b3250b62ad5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:02.000Z",
"modified": "2018-10-13T14:07:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:51:07",
"category": "Other",
"uuid": "f26c704d-2e4d-49d5-ab2c-827ddefd7ab9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/facd400eb4530f6c0357c1115c3275e7feefdb982df96f13ffec62f56b95ccb2/analysis/1539201067/",
"category": "External analysis",
"uuid": "d781c68e-13f5-410e-a9e6-5c0f4025c3bd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/66",
"category": "Other",
"uuid": "81bce785-0648-4b01-a90d-b1da2db4ee1b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25010369-b434-4849-9096-aa17cced6ad8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:07.000Z",
"modified": "2018-10-13T14:07:07.000Z",
"pattern": "[file:hashes.MD5 = '40a2d604c3a8ce1c9cb2d5805dffeeff' AND file:hashes.SHA1 = '906bc19ee0da16c8a42ba35273daad43d9594244' AND file:hashes.SHA256 = '0dd11e77562e51de1c12c1d7edf9c34c115f79f13cdc8d2a4743f41515d069f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:07:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--40df6dc6-4008-4511-8942-c68ae7c4c439",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:12.000Z",
"modified": "2018-10-13T14:07:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:55",
"category": "Other",
"uuid": "2864139b-e5ec-49da-bf02-56af3c11c036"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0dd11e77562e51de1c12c1d7edf9c34c115f79f13cdc8d2a4743f41515d069f1/analysis/1539299395/",
"category": "External analysis",
"uuid": "154bb634-7286-4fa1-a24b-967d2b6efaae"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/68",
"category": "Other",
"uuid": "79fc1da8-6b12-4be0-aaf7-2c3eeb2164e3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0067c21-5a51-48ee-b5a0-748e94e698f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:16.000Z",
"modified": "2018-10-13T14:07:16.000Z",
"pattern": "[file:hashes.MD5 = '81626d40c133a71a41e8b778835276ec' AND file:hashes.SHA1 = '10769389d0be6e8e9e467504943fc3a56771ba6c' AND file:hashes.SHA256 = '111b67b802426c2e94e933761cbb6168a6730c99849244e518d11e1474218088']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:07:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1cd76294-1677-4dab-983a-e33422ac6c06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:19.000Z",
"modified": "2018-10-13T14:07:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:48:43",
"category": "Other",
"uuid": "f4bec90d-5440-4ca3-b48d-3a8c1949a3f1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/111b67b802426c2e94e933761cbb6168a6730c99849244e518d11e1474218088/analysis/1539200923/",
"category": "External analysis",
"uuid": "112c1a14-4928-4600-bd21-0076f0f81a23"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/66",
"category": "Other",
"uuid": "995cb373-468e-4332-9a19-ad51b6806ae5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a47367c-5962-4e07-99ce-54f4aedb0c99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:24.000Z",
"modified": "2018-10-13T14:07:24.000Z",
"pattern": "[file:hashes.MD5 = 'c5af923eb0f8e5d68df3fbed7710bd7d' AND file:hashes.SHA1 = 'aaa8a35f800723049ad3152c8e424b73b53cd1b2' AND file:hashes.SHA256 = '57cfd2da86195b4d5636579aba6c61fa7fc9d0646ea6fe7cb4752ddbc789428a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:07:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b819962d-72fd-40c0-8e97-9404acfe53f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:23.000Z",
"modified": "2018-10-13T14:07:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:50:41",
"category": "Other",
"uuid": "9384c75b-1c52-4a10-820f-77b5823fb752"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/57cfd2da86195b4d5636579aba6c61fa7fc9d0646ea6fe7cb4752ddbc789428a/analysis/1539201041/",
"category": "External analysis",
"uuid": "e6e935e8-2a7f-4da2-ac3f-0d85f6e50bbe"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/65",
"category": "Other",
"uuid": "581d5bc9-5c7f-46a4-bd99-0b952b7b959f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--666f7de1-d07f-4338-9e36-f8682d20937f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:27.000Z",
"modified": "2018-10-13T14:07:27.000Z",
"pattern": "[file:hashes.MD5 = 'acfadcf7242b6d20d76d925b8c15faeb' AND file:hashes.SHA1 = 'c79bd776456954a99e24055df865220411b17b45' AND file:hashes.SHA256 = '20f4445b40dc0cd1830dee6031a7342284e51dc4c399d331507b28f74ba0727b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:07:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7470f298-272d-4997-a3a9-1e2caf089fc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:36.000Z",
"modified": "2018-10-13T14:07:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:50:34",
"category": "Other",
"uuid": "afe162b4-23f1-4d34-9793-d90b6039ea95"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/20f4445b40dc0cd1830dee6031a7342284e51dc4c399d331507b28f74ba0727b/analysis/1539201034/",
"category": "External analysis",
"uuid": "667b4076-591f-4751-a5fe-13ffd46e92ae"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/64",
"category": "Other",
"uuid": "e20cc45d-478b-4470-9c7a-e939e1ba376c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02083d52-09a4-472a-be1a-72f5de96c4e1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:51.000Z",
"modified": "2018-10-13T14:07:51.000Z",
"pattern": "[file:hashes.MD5 = 'a77b86e1a57a73c050b2743673ea9d26' AND file:hashes.SHA1 = 'bab0bbd9defa41609c6b1c93d7708c183d989cde' AND file:hashes.SHA256 = '5b7f1708092a1fecf4ad1dc22cccca62c1648361f805762c465f12b9501e485c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:07:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--585149aa-ac1e-4772-9f75-63454f6f03a4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:07:57.000Z",
"modified": "2018-10-13T14:07:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:50:43",
"category": "Other",
"uuid": "e41786c8-fe8a-495e-8bf9-7839e0bc2504"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b7f1708092a1fecf4ad1dc22cccca62c1648361f805762c465f12b9501e485c/analysis/1539201043/",
"category": "External analysis",
"uuid": "100df01b-3140-494c-af65-5e86b32060a0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/61",
"category": "Other",
"uuid": "a8bb3d07-cdba-491f-a77b-16b1425d6b07"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8f18793b-7d4f-4118-85a8-c3c232c332f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:02.000Z",
"modified": "2018-10-13T14:08:02.000Z",
"pattern": "[file:hashes.MD5 = '082f08ccb4fd970e35c464d5ceaeb455' AND file:hashes.SHA1 = 'a80c4522e98fa2a58a23770daf35f0f547efd373' AND file:hashes.SHA256 = 'ad7b21f9c14c49ea28f7e98a8e3b44973446342537d9817ec91c13681bae0023']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ca08f8bc-3f96-451e-8edf-f68d01cbf731",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:06.000Z",
"modified": "2018-10-13T14:08:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:50:52",
"category": "Other",
"uuid": "dbfb4031-15b9-4215-98fd-68d03c9d6626"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ad7b21f9c14c49ea28f7e98a8e3b44973446342537d9817ec91c13681bae0023/analysis/1539201052/",
"category": "External analysis",
"uuid": "4446df3f-54b5-4807-89e1-62441ce6a980"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/67",
"category": "Other",
"uuid": "89069af8-3890-4036-a068-717ff2259273"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1add812c-a522-4b1b-abd9-4c5cae1ab7bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:13.000Z",
"modified": "2018-10-13T14:08:13.000Z",
"pattern": "[file:hashes.MD5 = 'f400b12a3800265ace7e580659e84270' AND file:hashes.SHA1 = 'a57560605fb72ff836c8285d602cbf0e4ed0f6fb' AND file:hashes.SHA256 = '6030ce3acf4dd0729b30795b23a4dc9983a9363e5bf6b1e7dc82ef4ccaef7754']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--75f83f9e-61ba-4d6d-8b35-5b676b67cc83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:15.000Z",
"modified": "2018-10-13T14:08:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "48867a5e-c2d8-4275-ac30-be4574d95608"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6030ce3acf4dd0729b30795b23a4dc9983a9363e5bf6b1e7dc82ef4ccaef7754/analysis/1539299397/",
"category": "External analysis",
"uuid": "6d459638-e9d4-4ab6-a3aa-3d1b830cf65a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/67",
"category": "Other",
"uuid": "06167c6c-1212-476e-bbca-21ccd40d1aa8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0137dda2-1337-46d6-94a9-62767e660212",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:28.000Z",
"modified": "2018-10-13T14:08:28.000Z",
"pattern": "[file:hashes.MD5 = '3cff30d736cd0b56d8446822e5dabc7d' AND file:hashes.SHA1 = '0d4673f2bc135d8c3bf7f4120c11d08a8d16d5d1' AND file:hashes.SHA256 = 'fbc8126a3bc0746e57dbd4ae29c64006b79825243e47659e0ff57b5b27641123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d9e567e6-749d-48d9-8d4c-5cc3940925ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:31.000Z",
"modified": "2018-10-13T14:08:31.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:58",
"category": "Other",
"uuid": "0fec3826-9cc1-485d-a31d-c3afa53a5013"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fbc8126a3bc0746e57dbd4ae29c64006b79825243e47659e0ff57b5b27641123/analysis/1539299398/",
"category": "External analysis",
"uuid": "b3ba6e1d-71d6-4e20-af91-ea7b789bdb7b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/68",
"category": "Other",
"uuid": "13c01330-4c74-4ace-9f9c-74fa1994b7f5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ccbdf26b-9daa-4595-8bd3-f5936c78077b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:42.000Z",
"modified": "2018-10-13T14:08:42.000Z",
"pattern": "[file:hashes.MD5 = '19ddcfd98967e6a3a10582a4a209c515' AND file:hashes.SHA1 = 'cc67c07510c723dc09dca11812aa51a0971cdf6b' AND file:hashes.SHA256 = '85d8829d7795af046e238d9981592f96ad49dcb2ccb9e5c6bb938bc04b1e8552']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--283c947e-0fbc-4c5d-90a5-c0920818017b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:40.000Z",
"modified": "2018-10-13T14:08:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "895f9f60-27f4-4fb6-8f20-a894b2006c22"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/85d8829d7795af046e238d9981592f96ad49dcb2ccb9e5c6bb938bc04b1e8552/analysis/1539299397/",
"category": "External analysis",
"uuid": "86a37c01-a933-4d58-a1e2-3e9bb372c76e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/66",
"category": "Other",
"uuid": "70079626-0a2b-474a-a263-7717a2da6049"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--716c54d2-9fe7-4298-a41e-e0f7039e6597",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:45.000Z",
"modified": "2018-10-13T14:08:45.000Z",
"pattern": "[file:hashes.MD5 = '18b4073e0e8bdcc09ebc229515f5b461' AND file:hashes.SHA1 = '124b49bf714b1798078df4c1bc01a5f93072d8d9' AND file:hashes.SHA256 = '45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--946d0c35-380c-4096-85d9-51bb3c2a270a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:43.000Z",
"modified": "2018-10-13T14:08:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:50:40",
"category": "Other",
"uuid": "e78311d2-13ec-4954-974f-3e8d662133e3"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74/analysis/1539201040/",
"category": "External analysis",
"uuid": "eea67725-327d-4416-ac2d-4d0ba4b84f65"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/67",
"category": "Other",
"uuid": "c6f411be-39c4-49d4-8cd7-e436fead05f1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--79357d15-935b-4c65-8ebd-e833a37e392e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:47.000Z",
"modified": "2018-10-13T14:08:47.000Z",
"pattern": "[file:hashes.MD5 = '52e8875c385d79952237078c756158f3' AND file:hashes.SHA1 = 'd52fa033aa3e52bdda221a52c96d90cbf8b7d030' AND file:hashes.SHA256 = 'ceb3cc460681d1274113d2a983b143049c139261d03552356c0f95f8c140b669']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2e92239b-9952-4018-bf23-8677faf45b20",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:46.000Z",
"modified": "2018-10-13T14:08:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "e3aa964a-0337-4100-b496-faef1f7ed224"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ceb3cc460681d1274113d2a983b143049c139261d03552356c0f95f8c140b669/analysis/1539299397/",
"category": "External analysis",
"uuid": "3e94bd7f-c88e-4afa-a247-e110d0b54eae"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/67",
"category": "Other",
"uuid": "d7416bc3-a8fc-492e-b57c-b25758c13c23"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8ceadd5c-78e1-4d36-bc76-90cdda36183b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:50.000Z",
"modified": "2018-10-13T14:08:50.000Z",
"pattern": "[file:hashes.MD5 = 'daed686ded4f8eaa14c9bce8883e9c46' AND file:hashes.SHA1 = '489c691cbab6d632294704d6f293baa99c146532' AND file:hashes.SHA256 = '333aff311b07c5cbedfb618ff902b0dd663c0ba50b2dc8a2a590e9409cb9bc3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:08:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--112a8c20-ac6e-4d67-89c5-2465589397a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:08:54.000Z",
"modified": "2018-10-13T14:08:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-12T04:12:30",
"category": "Other",
"uuid": "f5f098d4-6ef1-4bb2-b650-16fc06d67d9a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/333aff311b07c5cbedfb618ff902b0dd663c0ba50b2dc8a2a590e9409cb9bc3c/analysis/1539317550/",
"category": "External analysis",
"uuid": "dff070b5-1f33-45ea-ac8c-608232f3702e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/67",
"category": "Other",
"uuid": "ccf371d5-0912-462c-9992-5f6eddf71a32"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e79a1f3b-7093-418a-ae2b-beb6167055ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:04.000Z",
"modified": "2018-10-13T14:09:04.000Z",
"pattern": "[file:hashes.MD5 = 'fa6947f297d5b3c1fe312b23cac3ff89' AND file:hashes.SHA1 = 'ba61d554d72f662042b39c6c60aca00e2d693910' AND file:hashes.SHA256 = '200dd176eccfe11a3456193bf1fe7d46d23408834e172991b883d59aa59ce259']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--62173e48-3eae-4a9b-acb6-3fd28147d243",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:06.000Z",
"modified": "2018-10-13T14:09:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:50:32",
"category": "Other",
"uuid": "7ef742bc-55ee-446f-9531-2c5a728f54e0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/200dd176eccfe11a3456193bf1fe7d46d23408834e172991b883d59aa59ce259/analysis/1539201032/",
"category": "External analysis",
"uuid": "cf49e46e-2850-4a71-9375-11ed91480111"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Other",
"uuid": "8f31d3ee-fd8c-4f2a-9043-be44d4dd736c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c68ce55d-fac2-4f4f-8c1f-05a081a07427",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:12.000Z",
"modified": "2018-10-13T14:09:12.000Z",
"pattern": "[file:hashes.MD5 = '4491677af1f35674a7416ade001629cb' AND file:hashes.SHA1 = 'c5ed39dc6e49c1265b889b6ab7bfe613f7e9fc67' AND file:hashes.SHA256 = '5cde033fd3d5e1f4750034e262f7e913a26231dcd2d658581557387c1fa7306b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ffcdf8c5-d42e-42a3-b1b6-17a36bd68c4b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:18.000Z",
"modified": "2018-10-13T14:09:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:56",
"category": "Other",
"uuid": "27bba491-ccb1-4dba-a572-25610c957371"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5cde033fd3d5e1f4750034e262f7e913a26231dcd2d658581557387c1fa7306b/analysis/1539299396/",
"category": "External analysis",
"uuid": "09e15795-79a5-437f-9cc4-d1b1da670c6a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "298e91eb-36d3-448e-89c2-7ef8d5cb9f5c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf5169d7-134c-41c0-992a-9aaafd89fa7e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:28.000Z",
"modified": "2018-10-13T14:09:28.000Z",
"pattern": "[file:hashes.MD5 = '3a32abf68aa974e40a2dac95aaf775a3' AND file:hashes.SHA1 = 'e582e840fb6a762bdc7055b330facb8243812c0e' AND file:hashes.SHA256 = '3dd50e3c6f108c9e7289e797127527b7e5321f360893fc1fcc41b19b06dd65bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f7bbedb7-2b40-487f-9fe0-36bb03719010",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:29.000Z",
"modified": "2018-10-13T14:09:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:56",
"category": "Other",
"uuid": "7ef666a3-cf69-4084-816a-446eec43f014"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3dd50e3c6f108c9e7289e797127527b7e5321f360893fc1fcc41b19b06dd65bf/analysis/1539299396/",
"category": "External analysis",
"uuid": "ade75448-54ce-4b3b-869d-126d53e183d4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/68",
"category": "Other",
"uuid": "b0dbed5a-a7c1-4400-8b8e-34a97cb484a5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2e795f9-03f0-4374-a361-4283add548d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:34.000Z",
"modified": "2018-10-13T14:09:34.000Z",
"pattern": "[file:hashes.MD5 = '2d489b55e3696e18ffb5cd10dd12cf98' AND file:hashes.SHA1 = '63e2189bd4f5735cda2f69310dc4f27fa2bc3706' AND file:hashes.SHA256 = 'c83d21ddcc75d410a3f40b9c869e7c75861240077be7a174f6d2b574bf6bc2c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6382b419-dfcb-4147-8617-968cbce89878",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:33.000Z",
"modified": "2018-10-13T14:09:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:56",
"category": "Other",
"uuid": "66d8797c-695f-406d-bb1c-0f73c1a67303"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c83d21ddcc75d410a3f40b9c869e7c75861240077be7a174f6d2b574bf6bc2c0/analysis/1539299396/",
"category": "External analysis",
"uuid": "456e02c7-33e9-409b-8ef7-43b47d8783a1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/67",
"category": "Other",
"uuid": "1a678750-4cea-43ca-b709-3efbf328e225"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2232c998-99a2-4d0a-99ef-191ae7aa0b4b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:37.000Z",
"modified": "2018-10-13T14:09:37.000Z",
"pattern": "[file:hashes.MD5 = 'c52d9c2548df0003134e564228d72c99' AND file:hashes.SHA1 = '17c0e2df86e51365dcb2a6b21452fa8a29293439' AND file:hashes.SHA256 = '8327163cf9c9dc8c4680ad6adccf10aaf4458f75c4db045e7e3608081ce6fae1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d6bfda7d-fce7-419d-83ca-dd6e334fd72f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:36.000Z",
"modified": "2018-10-13T14:09:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "e344d5cf-f4a9-4e8e-b4fa-6ed184cd7a18"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8327163cf9c9dc8c4680ad6adccf10aaf4458f75c4db045e7e3608081ce6fae1/analysis/1539299397/",
"category": "External analysis",
"uuid": "80479bc2-da48-443d-bffb-0eef136cf8f0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/67",
"category": "Other",
"uuid": "2a87106f-2f9a-430d-9465-bf5258a39e13"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c6c3d7c3-e3ad-4947-ac6b-637f3393e1eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:40.000Z",
"modified": "2018-10-13T14:09:40.000Z",
"pattern": "[file:hashes.MD5 = 'ea4068c0ba61ff9c1b0ddc4b99a02b80' AND file:hashes.SHA1 = '05efe6a7ddcbe038bc7dc63ccf804ac3710d1e32' AND file:hashes.SHA256 = '997a9a38aae2be74659296df901aed09ef5adb671ee682605dd999243f9e9983']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--06f90ed1-6d51-48d0-992e-649b609b0196",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:42.000Z",
"modified": "2018-10-13T14:09:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:54",
"category": "Other",
"uuid": "ff218d3f-f076-4edc-bb6b-85d8bcca2fce"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/997a9a38aae2be74659296df901aed09ef5adb671ee682605dd999243f9e9983/analysis/1539299394/",
"category": "External analysis",
"uuid": "33cb5154-9f53-4144-b333-a6c40841007b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/68",
"category": "Other",
"uuid": "2a7e1815-8e1c-4a7b-81fb-52f822520382"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f11d27a-6534-48c5-b854-c49cf5a591c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:09:58.000Z",
"modified": "2018-10-13T14:09:58.000Z",
"pattern": "[file:hashes.MD5 = '4a4d8fb51d6cd0573976638d6af62a57' AND file:hashes.SHA1 = 'f0fd515edc242b603a8cb89507b84336c6cbc07e' AND file:hashes.SHA256 = 'c93f049bfd7e1e5b9fafb04100cacc156fe76d69d4cc0a1df27d29b057371e05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:09:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d395d4d7-2cab-49ce-9da3-b61c070cd153",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:00.000Z",
"modified": "2018-10-13T14:10:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "3dc1bad4-1d09-4fe3-af1e-4228e16bd05f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c93f049bfd7e1e5b9fafb04100cacc156fe76d69d4cc0a1df27d29b057371e05/analysis/1539299397/",
"category": "External analysis",
"uuid": "8ea8215f-2cee-400a-82af-3f50b1e073e5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/67",
"category": "Other",
"uuid": "6ef08405-1cb3-4539-b8c8-fabac565de41"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fbeb7670-7016-4cbf-9be7-914d985ff8ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:06.000Z",
"modified": "2018-10-13T14:10:06.000Z",
"pattern": "[file:hashes.MD5 = 'c78bf8ed0768f2abe150e5c84c901dd1' AND file:hashes.SHA1 = 'ee13b91cd664fbfd126e9ac9308b74c99eb5ca38' AND file:hashes.SHA256 = 'e187df28541a1296d10a6ac2ff7ed5a52ce7577fcc8bc3811af3238af0e5e991']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:10:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f7dc33bd-ea3b-4c04-b5a4-aceae14bac9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:17.000Z",
"modified": "2018-10-13T14:10:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "1ebb8ae8-6244-4aa4-917c-abce2a846aa1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e187df28541a1296d10a6ac2ff7ed5a52ce7577fcc8bc3811af3238af0e5e991/analysis/1539299397/",
"category": "External analysis",
"uuid": "7784707b-184f-4034-b6ad-313355bdc558"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "57/67",
"category": "Other",
"uuid": "bf269748-076c-4f07-9e40-631f9d0d8558"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--502df54a-3b51-4e3b-a3f3-508ea91deb34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:27.000Z",
"modified": "2018-10-13T14:10:27.000Z",
"pattern": "[file:hashes.MD5 = '74268217ff89509b01293ee56572c3f8' AND file:hashes.SHA1 = 'f14cc8410a7c68147fa779257b77bd7364ca1bd0' AND file:hashes.SHA256 = '088e2de6e3cf283f6b7cb518655adb32f1de8a0d14eff9e8a10aa16d1420cc4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c6bbf84f-cece-45dc-8d30-22a739c1d362",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:25.000Z",
"modified": "2018-10-13T14:10:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:54",
"category": "Other",
"uuid": "3e26f56c-e65e-45ab-8a79-87ad11ee70d5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/088e2de6e3cf283f6b7cb518655adb32f1de8a0d14eff9e8a10aa16d1420cc4b/analysis/1539299394/",
"category": "External analysis",
"uuid": "d0607b95-3ecb-440f-9fc5-9022db5ed48f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "3c931b90-9049-4664-a587-c782a3063087"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--416533e3-49d9-4093-b383-5cda3ee03931",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:33.000Z",
"modified": "2018-10-13T14:10:33.000Z",
"pattern": "[file:hashes.MD5 = '7814e3aa2cc45678d51cd3d49064070c' AND file:hashes.SHA1 = 'f9062546b86c0141b20faf701cf2c90a96da355a' AND file:hashes.SHA256 = 'bc394ca7b7db058dab18ad8f612fe99c734006f034945b1336682e4728a4e932']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:10:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--42f142f7-3e65-49ba-91d4-3d3cc8e107b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:31.000Z",
"modified": "2018-10-13T14:10:31.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:56",
"category": "Other",
"uuid": "5ad36a77-aa75-4c58-b89a-66e4b673b09e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bc394ca7b7db058dab18ad8f612fe99c734006f034945b1336682e4728a4e932/analysis/1539299396/",
"category": "External analysis",
"uuid": "241a1902-6d21-48b6-b417-ae614706cf6d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/67",
"category": "Other",
"uuid": "f751ddea-99af-48a3-946f-227a0ad93d30"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--029e31e7-5057-4cad-a5e2-d185983c98f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:48.000Z",
"modified": "2018-10-13T14:10:48.000Z",
"pattern": "[file:hashes.MD5 = '7fd9f29628c0cdb54963b49615045f9b' AND file:hashes.SHA1 = 'c2b8eea32554f7562f024a074d902bc8dfda7b9c' AND file:hashes.SHA256 = '8a26412234ec7cb43b07bae7e9910eb0f7eb807cf8581abed56aafaf514ac4a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:10:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ed94cf78-fbf6-46d4-8474-9ebd1f00d3da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:52.000Z",
"modified": "2018-10-13T14:10:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "c51e9efc-4c46-4ef3-bcb4-f1e5b8f56b2e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8a26412234ec7cb43b07bae7e9910eb0f7eb807cf8581abed56aafaf514ac4a2/analysis/1539299397/",
"category": "External analysis",
"uuid": "f4a328a4-c4d0-46ca-9fdf-5fc6150dd9b2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/66",
"category": "Other",
"uuid": "17dc1951-de9f-4dce-bbf1-2a9da0c8a591"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--857206fa-64e6-4cc7-9a8f-cc1bea9d7bec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:10:58.000Z",
"modified": "2018-10-13T14:10:58.000Z",
"pattern": "[file:hashes.MD5 = '5adbfc0f8654bb458438b3f614ca9e37' AND file:hashes.SHA1 = '1a99cb666cccb67e4537856e083773576ec29e1d' AND file:hashes.SHA256 = '2527c9eb597bd85c4ca2e7a6550cc7480dbb3129dd3d6033e66e82b0988ee061']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:10:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9983f130-96c0-4d6d-9cea-88961a5c4203",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:07.000Z",
"modified": "2018-10-13T14:11:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:55",
"category": "Other",
"uuid": "f52a4ba2-7547-4754-b87b-1ea6de38da82"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2527c9eb597bd85c4ca2e7a6550cc7480dbb3129dd3d6033e66e82b0988ee061/analysis/1539299395/",
"category": "External analysis",
"uuid": "498516f9-f664-42c8-8f27-8e4d672dd5c1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/68",
"category": "Other",
"uuid": "42933515-d00a-43d3-94bc-7e4970f31b10"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--13866788-eb30-4b88-ab83-ab1e4b94573a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:19.000Z",
"modified": "2018-10-13T14:11:19.000Z",
"pattern": "[file:hashes.MD5 = '44f357b0809495b8159398c50b9ab9a2' AND file:hashes.SHA1 = 'b7bff24611e45e4a97c3c0dc7cac43f06cb7049a' AND file:hashes.SHA256 = 'b6708bb21911fe143fdc33a57993db91be7f90ebacc0eac302019b2d12a763e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:11:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f0b4db0a-9c42-42a2-8388-8690e37e2d9a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:18.000Z",
"modified": "2018-10-13T14:11:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:56",
"category": "Other",
"uuid": "deab84da-dbd6-4b9c-8f41-89c44fa196be"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b6708bb21911fe143fdc33a57993db91be7f90ebacc0eac302019b2d12a763e3/analysis/1539299396/",
"category": "External analysis",
"uuid": "124fe893-275c-47d6-aaab-dc721bf56f09"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/68",
"category": "Other",
"uuid": "6cda3af9-6c23-4e34-809f-38604b48ebb9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--489c3c47-36a1-414b-b900-0285b2742f7e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:22.000Z",
"modified": "2018-10-13T14:11:22.000Z",
"pattern": "[file:hashes.MD5 = '3b78b983ed00cfa580c0b1c9beda4ca2' AND file:hashes.SHA1 = '5a88d73f54788cd3ffbc379e416be84bd536a4ca' AND file:hashes.SHA256 = 'cb050e95ce7cd9cdd444741c8bf80e913297565eebb7b8cb64b4f69407017944']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:11:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--81e3916e-a5f1-4d2c-98bd-c34f00b4c86e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:21.000Z",
"modified": "2018-10-13T14:11:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:57",
"category": "Other",
"uuid": "b175eabc-1b4d-4489-8227-2b7370989fa6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cb050e95ce7cd9cdd444741c8bf80e913297565eebb7b8cb64b4f69407017944/analysis/1539299397/",
"category": "External analysis",
"uuid": "88466f8e-eb42-4638-98bd-db439458acea"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/66",
"category": "Other",
"uuid": "bba507eb-dc59-41b0-bd1f-4fd11fb38443"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7eeec90d-2d22-4d1f-9239-e8df266c78e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:25.000Z",
"modified": "2018-10-13T14:11:25.000Z",
"pattern": "[file:hashes.MD5 = '93357178a260a6c26fa676298b10fba1' AND file:hashes.SHA1 = 'b9387f872b86a319dfe47e6306775bc6ea21c403' AND file:hashes.SHA256 = 'dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:11:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--66268f88-4020-445c-8d0b-fe9da7666eef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:28.000Z",
"modified": "2018-10-13T14:11:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-10T19:51:02",
"category": "Other",
"uuid": "2141d890-0cd0-469e-a2fb-44e629a4d4cc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0/analysis/1539201062/",
"category": "External analysis",
"uuid": "5e59ba75-e0b8-4272-a3e8-541839ad21b8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/66",
"category": "Other",
"uuid": "162e4475-0b5d-47ba-abfa-7b8bc340fb5e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a94eb647-88bc-4f7d-8269-ee9c549a8234",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"pattern": "[file:hashes.MD5 = '41df48366d694c386221a798ed0068e0' AND file:hashes.SHA1 = 'f5f1bbe4878423183786daf7c7c196cdd2ab6ed1' AND file:hashes.SHA256 = 'b1ebf3d44d496ee574831266474b10b55c06e30aea56d41ac8830ba2b28f7a0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-13T14:11:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f6cf1551-0bc9-44c0-a9ec-35748471737a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-13T14:11:42.000Z",
"modified": "2018-10-13T14:11:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T23:09:55",
"category": "Other",
"uuid": "9086cdfb-b63f-453e-8429-1d2e5fec40d6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b1ebf3d44d496ee574831266474b10b55c06e30aea56d41ac8830ba2b28f7a0f/analysis/1539299395/",
"category": "External analysis",
"uuid": "81054c1a-c132-4376-82a0-95d1d97a0136"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/68",
"category": "Other",
"uuid": "d52b78a0-8c0e-4b20-b480-e2399361290f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--15079350-a9e1-441f-92d2-c26bda14e3ce",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f0ecd20c-c324-4552-b22e-2254d13c0d70",
"target_ref": "x-misp-object--6c4edc48-764b-446e-bd3a-e08d58c5f414"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--76f941f3-b600-407f-9bd5-f89aec2e4ed6",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--dc3b0ca2-7e14-41d8-8c34-022baaa305da",
"target_ref": "x-misp-object--fae2cb08-fb69-48cb-aac2-7b3250b62ad5"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--2db640f6-14ae-489a-88f5-57f7b173b349",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--25010369-b434-4849-9096-aa17cced6ad8",
"target_ref": "x-misp-object--40df6dc6-4008-4511-8942-c68ae7c4c439"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--26a40c71-218f-4293-a3d4-f66dfe63a2f5",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f0067c21-5a51-48ee-b5a0-748e94e698f5",
"target_ref": "x-misp-object--1cd76294-1677-4dab-983a-e33422ac6c06"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--053db391-9743-4810-bba9-6218d37ea380",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3a47367c-5962-4e07-99ce-54f4aedb0c99",
"target_ref": "x-misp-object--b819962d-72fd-40c0-8e97-9404acfe53f6"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--3b60fcbf-3611-4af2-ad5d-ab33b12a13c7",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--666f7de1-d07f-4338-9e36-f8682d20937f",
"target_ref": "x-misp-object--7470f298-272d-4997-a3a9-1e2caf089fc5"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--e1ef0cdc-4fde-4550-9dff-afb0bb36dff9",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--02083d52-09a4-472a-be1a-72f5de96c4e1",
"target_ref": "x-misp-object--585149aa-ac1e-4772-9f75-63454f6f03a4"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--704961ea-3d26-4913-8a69-252db3aedbfa",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8f18793b-7d4f-4118-85a8-c3c232c332f9",
"target_ref": "x-misp-object--ca08f8bc-3f96-451e-8edf-f68d01cbf731"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--34121778-217f-437b-8fd2-c419dd128f59",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1add812c-a522-4b1b-abd9-4c5cae1ab7bc",
"target_ref": "x-misp-object--75f83f9e-61ba-4d6d-8b35-5b676b67cc83"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--0a2ed5cd-7fb3-498a-90aa-a0d106886f11",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0137dda2-1337-46d6-94a9-62767e660212",
"target_ref": "x-misp-object--d9e567e6-749d-48d9-8d4c-5cc3940925ea"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--e6e1b0f5-00b1-4f3c-b653-511203c26b53",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ccbdf26b-9daa-4595-8bd3-f5936c78077b",
"target_ref": "x-misp-object--283c947e-0fbc-4c5d-90a5-c0920818017b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--00e9a611-ace5-4399-ad49-fe8cc2fc9806",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--716c54d2-9fe7-4298-a41e-e0f7039e6597",
"target_ref": "x-misp-object--946d0c35-380c-4096-85d9-51bb3c2a270a"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--e47dfdc7-30ee-405e-9fbf-ff764b88c524",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--79357d15-935b-4c65-8ebd-e833a37e392e",
"target_ref": "x-misp-object--2e92239b-9952-4018-bf23-8677faf45b20"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--8fe99a03-19f4-4745-965d-19ce7ba245d4",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:43.000Z",
"modified": "2018-10-13T14:11:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8ceadd5c-78e1-4d36-bc76-90cdda36183b",
"target_ref": "x-misp-object--112a8c20-ac6e-4d67-89c5-2465589397a6"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--d9ca8c0d-5ee4-41a8-9e12-eec32108861a",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e79a1f3b-7093-418a-ae2b-beb6167055ff",
"target_ref": "x-misp-object--62173e48-3eae-4a9b-acb6-3fd28147d243"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--3be07ef4-5254-4f72-9d95-c7698676ca6a",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c68ce55d-fac2-4f4f-8c1f-05a081a07427",
"target_ref": "x-misp-object--ffcdf8c5-d42e-42a3-b1b6-17a36bd68c4b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--be4960eb-7dd5-4a34-b53f-c8add23c9faa",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cf5169d7-134c-41c0-992a-9aaafd89fa7e",
"target_ref": "x-misp-object--f7bbedb7-2b40-487f-9fe0-36bb03719010"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--b24f50da-9816-4f3c-ae9d-36580394b9a9",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a2e795f9-03f0-4374-a361-4283add548d9",
"target_ref": "x-misp-object--6382b419-dfcb-4147-8617-968cbce89878"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--6f674b49-b210-4198-97ca-ddf052d32ca8",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2232c998-99a2-4d0a-99ef-191ae7aa0b4b",
"target_ref": "x-misp-object--d6bfda7d-fce7-419d-83ca-dd6e334fd72f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--442ed7d2-adf2-4290-84f7-d004bb02c645",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c6c3d7c3-e3ad-4947-ac6b-637f3393e1eb",
"target_ref": "x-misp-object--06f90ed1-6d51-48d0-992e-649b609b0196"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--3a09c204-a50b-49c4-8bcc-b3cf20c63f80",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6f11d27a-6534-48c5-b854-c49cf5a591c5",
"target_ref": "x-misp-object--d395d4d7-2cab-49ce-9da3-b61c070cd153"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--e4a80938-da7d-4575-9079-6d7d1d0ee5e5",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fbeb7670-7016-4cbf-9be7-914d985ff8ec",
"target_ref": "x-misp-object--f7dc33bd-ea3b-4c04-b5a4-aceae14bac9c"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--1945bb19-e322-4ee2-b7c1-d0ffa6dc98d5",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--502df54a-3b51-4e3b-a3f3-508ea91deb34",
"target_ref": "x-misp-object--c6bbf84f-cece-45dc-8d30-22a739c1d362"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--09d43407-e116-4cf9-8d96-a5ffbcf861fb",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--416533e3-49d9-4093-b383-5cda3ee03931",
"target_ref": "x-misp-object--42f142f7-3e65-49ba-91d4-3d3cc8e107b7"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--cb4f4bfa-ce51-44ec-a543-b5bc8b833fa5",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--029e31e7-5057-4cad-a5e2-d185983c98f5",
"target_ref": "x-misp-object--ed94cf78-fbf6-46d4-8474-9ebd1f00d3da"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--10649d6f-8711-40ff-b06c-6e05cc4b666d",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--857206fa-64e6-4cc7-9a8f-cc1bea9d7bec",
"target_ref": "x-misp-object--9983f130-96c0-4d6d-9cea-88961a5c4203"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--095fe58d-b784-4989-84a3-9cb192bd49ca",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--13866788-eb30-4b88-ab83-ab1e4b94573a",
"target_ref": "x-misp-object--f0b4db0a-9c42-42a2-8388-8690e37e2d9a"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--4afd8785-656f-4213-9366-36c568503dae",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--489c3c47-36a1-414b-b900-0285b2742f7e",
"target_ref": "x-misp-object--81e3916e-a5f1-4d2c-98bd-c34f00b4c86e"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--8f0ffe5e-3c7c-4c80-8203-11705c7e6ab5",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7eeec90d-2d22-4d1f-9239-e8df266c78e8",
"target_ref": "x-misp-object--66268f88-4020-445c-8d0b-fe9da7666eef"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--a8dee259-46ca-4097-91a1-f9e96f13b58d",
2023-04-21 14:44:17 +00:00
"created": "2018-10-13T14:11:44.000Z",
"modified": "2018-10-13T14:11:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a94eb647-88bc-4f7d-8269-ee9c549a8234",
"target_ref": "x-misp-object--f6cf1551-0bc9-44c0-a9ec-35748471737a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}