2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5c4adca6-8a80-4096-b289-47eb950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--5c4adca6-8a80-4096-b289-47eb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"name" : "OSINT - Silence group targeting Russian Banks via Malicious CHM" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"observed-data--5c4adea9-100c-42bf-87c9-40d1950d210f" ,
"url--5c4adea9-100c-42bf-87c9-40d1950d210f" ,
"x-misp-attribute--5c4adecb-35ac-41fc-ad00-43f5950d210f" ,
"observed-data--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"file--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"observed-data--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"file--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"artifact--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"indicator--5c4af72c-b1f4-405f-98c2-41ff950d210f" ,
"indicator--5c4b12f7-e344-45a6-a676-032a950d210f" ,
"x-misp-object--5c4ae48a-3218-4d00-b1b8-4ea7950d210f" ,
"x-misp-object--5c4ae86b-8dfc-4f6c-91fe-4840950d210f" ,
"x-misp-object--5c4aebb7-92d4-41a0-bc03-4a72950d210f" ,
"x-misp-object--5c4aef5b-e930-42d1-960a-4a02950d210f" ,
"x-misp-object--5c4aef78-5f60-44fa-8461-0477950d210f" ,
"indicator--5c4af036-b57c-4b44-985c-031b950d210f" ,
"indicator--5c4af051-b338-4305-8d8d-4f8a950d210f" ,
"indicator--5c4af596-b560-4a3c-a071-0477950d210f" ,
"indicator--5c4b0bc7-7f40-45b1-96fe-8be6950d210f" ,
"indicator--5c4b0bd9-bd80-46d9-b847-8d1a950d210f" ,
"indicator--5c4b11d4-3980-4c76-ada5-8be5950d210f" ,
"indicator--5c4b1e9b-f5e8-419a-bf32-cdda950d210f" ,
"indicator--5c4b1ef4-1b18-411b-acd9-cd55950d210f" ,
"indicator--5c4b1f04-4284-4f67-a71e-cd47950d210f" ,
"indicator--5c4b1fcd-b8dc-44aa-95d6-7c49950d210f" ,
"indicator--5c4b1fdd-42bc-4a17-bd0f-43a0950d210f" ,
"indicator--5c4b1fee-752c-41b2-bf0c-dc58950d210f" ,
"indicator--5c4b20df-e2a8-458c-b8b3-4a65950d210f" ,
"indicator--5c4b20f0-a8e0-401c-8b7e-7c48950d210f" ,
"indicator--5c4b2103-552c-4757-869f-cd47950d210f" ,
"indicator--91795e9b-d1f7-4b0d-9d92-5a431928fc67" ,
"x-misp-object--e43f1762-16e7-491d-a6dd-8ee0c9e9c6fb" ,
"indicator--698c4d77-fd4f-4218-bb4c-f168514b3290" ,
"x-misp-object--4dca79f2-944f-4a42-8bc1-87b40e8dea17" ,
"indicator--2ee04d28-127c-48b5-b8cd-ff204584eb06" ,
"x-misp-object--2ac1303d-bab9-480b-8106-1372dc9a3f18" ,
"indicator--dcf6dd23-a9cb-4176-82cd-a1988b844b08" ,
"x-misp-object--957e75e7-4f8d-4295-af73-93b1a7ac8d5f" ,
"indicator--b5acf42a-4872-4868-bb13-4103b0302591" ,
"x-misp-object--12075022-7ba4-4194-9d70-ed925f904ad8" ,
"indicator--702ffaf3-4607-4b11-9de2-58d0a7dd5c02" ,
"x-misp-object--ce51d85e-e171-4924-beaf-f0bc4bc44088" ,
"indicator--b7e34830-062d-4d26-b446-7ae06fa24f0f" ,
"x-misp-object--4108724c-1ab6-4fb3-9238-7c2de72a12d1" ,
2024-08-07 08:13:15 +00:00
"relationship--6d0444b2-c7fb-416f-bde2-8e321ceb4ec1" ,
"relationship--a7f52331-9f3d-4315-aca4-9991d2b34e1f" ,
"relationship--edb6a462-02a1-4e39-823b-3cdc992ff4a8" ,
"relationship--9765f365-b5e7-432d-9f08-53af8e42a4c3" ,
"relationship--edcfa53f-ff3c-4779-a0e6-2a650daad45c" ,
"relationship--7d2859b5-bfca-44bc-a245-5b96e4ac8cd2" ,
"relationship--94d1b217-991c-45c2-9810-aab687e74fd2" ,
"relationship--26cc9934-a29b-48a6-a6eb-1a2abe0bc4b8" ,
"relationship--14c6b082-8cf1-4cce-ac22-43ac1a3bb0e7" ,
"relationship--3f8959c3-65dd-49fb-9ddb-49718550cec3"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"workflow:todo=\"add-missing-misp-galaxy-cluster-values\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote File Copy - T1105\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Mshta - T1170\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Masquerading - T1036\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"" ,
"workflow:state=\"incomplete\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c4adea9-100c-42bf-87c9-40d1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T10:02:17.000Z" ,
"modified" : "2019-01-25T10:02:17.000Z" ,
"first_observed" : "2019-01-25T10:02:17Z" ,
"last_observed" : "2019-01-25T10:02:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c4adea9-100c-42bf-87c9-40d1950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c4adea9-100c-42bf-87c9-40d1950d210f" ,
"value" : "https://reaqta.com/2019/01/silence-group-targeting-russian-banks/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5c4adecb-35ac-41fc-ad00-43f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T10:02:51.000Z" ,
"modified" : "2019-01-25T10:02:51.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "In November 2018 we followed up on a tweet mentioning a potential malicious code disseminated in CHM (Microsoft Compiled HTML Help). A preliminary analysis caught the attention of our Threat Analysis and Intelligence team as it yielded interesting data that, among other things, shows that the attack campaign was targeting employees from financial entities, specifically in the Russian Federation and the Republic of Belarus. We conclude that the actor behind the attack is Silence group, a relatively new threat actor that\u2019s been operating since mid-2016."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:19:09.000Z" ,
"modified" : "2019-01-25T11:19:09.000Z" ,
"first_observed" : "2019-01-25T11:19:09Z" ,
"last_observed" : "2019-01-25T11:19:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"name" : "2.png" ,
"content_ref" : "artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A / 0 A A A I m C A M A A A A 2 b x o K A A A D A F B M V E X ///8AAADP/7hot+OgsHRNb4AAAGPU8vmMNAHh1i6ndD4FLFPS2+NiAQAye7XIpnJiAWPU1NX+AgK4//+RzOuNb0hKptccJzMoYmmygIHUu61DNU7Dx8qATjtslLo0AQBaOhw6bKD///+XsMoxImnUZGT9/9rajTbCw8PZuI+20eOBhpxKY3M2Nky1ZADQ5Py2triFt+P+7c03jdoAPJAnYJmIrMoAADStc2lWKh80icp/qbVEW3a1srKLi4v0/P5wcW1glMN7Qy/ZhoLl3bQANIvnOjrc4M1TeqamyvBPVHRli7RLVVfs/P7MVVDy8vLbr3Xs7Ox1nMKPZHz/2Y0AZLRBLSGfn59NS20hW5bk/f6neFWGeHAmLU4wDy54qc/a//+rrq57ZG1AmtChoaG7rp7Cm2v+/gG+5PeNY0YyTnVecnzw5MyrxNRXY6pZQTjg069LQ2nN0NJbhbJ9t/BLSE1wfIL+/dFMZZSisKxTi7z8/PS4k2kfSXAzLiH//7U6TFbc7Px0jKSuUURNY4uQ1v+z2v6HttwQPlafvdC2nIu7jluRXGvT4u/izKmnPjBeBTM+NTszQHN/ShMxGBJoNH1jtf/+5LKpk454XGsVEBJIeKdrPSWeqppkrtlifp+FW0SKdWHq8/qxjGq6zNqCnsphWlTGq4drY27IiUKTk5RHdJGN2rVsnc8xXojgvIRrSUrCxbHlyZFGhLsMR2hrXG1kZGmDVjTD1+hBMDRURStHjcM0Y7JMXH3e7PT89en9tGNefI1knNSDxe86kNs4Q0+yYFgUGSz9/eng0cosKy6jdUsaKUyshGogM2W+vrsyNI2Cf3yqxo7x6NzewKOZxeRkR0xWNkvl8ftRKS62TDBbfbMzUZVrSThJlM2FZFtxg5SnYQKUtbOsjImDU22ug1cpQVR1lrr+8tw0Mzbb3dyz2O7LtJpUfbIMLHnj5OSk0+/037KnnLjw1KufuLiZqYhVovCcwtx9T0qGl6C12o07UnA+W3NihKzYnJpaXHTLN7ekAAAAAXRSTlMAQObYZgAAAAFiS0dEIcRsDRYAAAAJcEhZcwAADsQAAA7EAZUrDhsAACAASURBVHja7L0LWBRXmv+/nV1DhmAYnsifURGxcKG5mYhJK0G6Oyw+IMI0zSgSaUSywHBpBsQ0URs1uF4GWHoCEiFc5PqDDCQScAbUjDTGcWlBh+UBR9wdEyeuCo0TwoP+gHX4+T/n1KWrmm5pFCLoeZ8Hurvq1DmnqvtT73veqvOtf5Bgw/YkRrz1uw1vvbXhVWzz0t4CtuEf8M8Y2xPSvwGwb+N+cY6a+7O1mdgFGyPL7xipfcDkit1tEP+YfmxPSP/v3vr+8kc3k6pnz8i6kx5vmYbN4VlbpnGbYo+ona7OEUtbDVp1tcHFlbekPSaZVGxx8yObVzdg+rE9Kf0bNlxOdBDcnbbZQds0lU0A2wVsYsKftmKDtkJnbxu0935sM9SJFWzTdV63U8xe+qPdhpZ0zshZ8X7SaUOLLbpV/4+0XmNGrl6SWC1wSLR5dTboj8b2Ihix4dWPHIwiHmLEmBPA1PCTCEw8nv3iKdB/FvQb4n+FEfyL/Ysn8U/jn7R+uvR3ZWX9PxMM0H/3rsNH7bMx7o8msL0ItsHmpsAI+ALjZhL/ExObTIJ/Sr//LNA34v5XrDB8BjDk/qekH704uKZRNo4WnJZ13br1Lyy71S2TLYb/ujmLCxsh/YKbNq9i+rE9ob16J9Mg+5Bxh8fxHzI1/7u47BfPL/ZNcf+sAIDZP38u/4B+w3mB+/fRivH7WsrS0PLTssZbt24t1mG+rk6rFcqEWq0ra+HiW7e8If13M+9g+rE9Mf0Xq1nU37QGJiThf2w2DOEfYgr9EybG/Cvennvwm+T/J+0SF//MAFvD+USv+0nw1bWLaJUCkxBpaHm1zHsxZRTosjcJqatEEiWjF5B2Twy/ueqLmH5sM0J/2j/98pe//EnnuICG/zF5eMr9PwZ/yvPvmlfJvhnmfwLQn2T4BDpO0n/zTSItMTHRrYtI+w5+TvqF9zrKFl9Btu73URJCsuezdejT4sXU2sIvZ5X+Awt5wN7agRF5QegH8P/kJz/55U/Ed0n277sKMlmX5NDrnhCKfyr6N0r/Lk7c/2SO/725Cf9j4v/Jub/MACqrevCgK2nj4/Cj17gXWpEWJU0DC9LelKahYg5jMf/2H6T9/Oc/D4cWH2AltQ2IR+9//nNq5X/cSn4S+huWbzAzhX7HY7zjBOHE24IReQHohz/Lsz/5paW15U9+uZ+kP7M0dPekq9oVK2j/TyX/nhz+uTzgf2L8J43+MwPuotf6xD2UuS5A54XzBw/CV7eoobQFCxY8Ai9l0O76LPbx+Q1l/wXtN2NCqyEr4Rj5gbF1nibS3wad+Dt69P+V9385hYYXvmzGpn/zcuj2Dyx8+XXMyPNPf11qqveAvbii2RrST8amFRELBKNcy+TSj5z/49ifeIpM/9zm/zHX/zj8M/Sn0WhFucHPZefL0MFx26ONgucEW60R+gH8qdo9WlsS/8n02/zDVPBvMcH369Pfxvsj/HmsWlsBzx0vxyx/q2k5rz55OfhwfPPyLdxVO5x48I/HW3sYbrQZFf4jXMA7foDchnohqFLw5a2XqMEFXTBvBzznoJPVFqogtRAte/l1tFUTp3ZYxRbyPfo9oyLmvD/C8xZZRRvVS10ZbPr0lxKEhO+91cb+J79s60D0Z95vKUt7N6nCrjrq5k1/QZLwq8xChXvgisxud/d63cjfAP27dGYEfg43c5x9Uy/+GQn/dfQPUbbHjeP79zA5f4b+37DpHxPaal0/rQP4L3si+n9L+n14EgAOvwFSsMHsrzzg+9vQW/LlrxARazpEYNF/mFgFoNm8HGJ6YCHgceHaUop+ehWEE/zB9ShUIAtTC14it/mcfKkgF1oi5utptMmCDP1/BH3VW4haakNb/Z1TO1hPsJpuo04mf6QaQYtXUdST8Qw2g/QTRHQu8Pw/CTxPBv7ClQ7Cm5mFKzMfiLtPCmwrXnsQWDZ+fUXm/fG0M3asvJ9x9ieenP335paZFP6vMIQ/Q/8C+rp+Yj2kfOL8+EH4ej6RWQ7vjJy463MLsv1vjI19mpY2NlaelvbpMt3Cafl+FPgz9G8wg+cD9BYufacNnAHk7zdC3/9bHf2syJ+mfwsBPTH4eB6eQd76K+vEYJObZ87j0d6VLOwEzx+reF7kNtRLLlkqF51bKMduThWkIoFViH4nsiC9ELWEajRQO/X+OHL9qOKF5LmM6hFatQonMY3Sb1dKpG7dWmdl/pOf1JwnE/6Z4n3fyT6K7CrxStv9ANJfXPEosxpE/rJQmyKa/pBJvn9K9oufA78/jexf5jmvMo5NTJQhym+O34Wv7DXwn5ePcIwk/OeUoff6C/7t3xYnm0Y/COphdMyin3r7WwTHFjIDoB/5s7J+lIOH4TRgDZwQYoDvX4UCeIr+tZ8n57XpEoRkYZZ31r1YkqXajPt+GCsg348KHjDk+/Vqn+z7/4jOW5Z0j+gzB/b9Bum3swP0S0HwKbUWu7pSGf892206OtrLkqz3Bf5raULk/ZriigAHvvgPwgV2e0IZ36+X85+e4397Kpvr9E959Q/Q7+aFKNcZeaQA/QL9IRNMvTqMFX777X/8x3/887p14QZt3bp1/wzWM1f8bP7BpEy/pQH639Hl//TpZ13xo+gHTvlnaNnxzfq+H43ZkbdGA3+y8BbWyJx5IahS5LifQps97rdZTnpsclwPTys6+gl63M+qHdJP6I/7qaiF7hHc9gCTY8Bjfy79doh+bVSUtyTdxi1tnPT9sj8JMjPFboLS/H1HoxQ/W+BeLFS4fWrzh7oatxro+8mcvzH4J6aGfz6w//bU9nj/7y+4ueCul4A7TwIeOwfXcYP3UmaO3bu1mGXsu3v/hbX81jphksn0I2cKR/uIfsg7+GvjIeANR/4GjWRtekZtY+qmpA+nsg7Yfhz6wbh/iM/n+9l
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:44:53.000Z" ,
"modified" : "2019-01-25T11:44:53.000Z" ,
"first_observed" : "2019-01-25T11:44:53Z" ,
"last_observed" : "2019-01-25T11:44:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"artifact--5c4af6b5-51ec-4123-8655-4e37950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"name" : "img.png" ,
"content_ref" : "artifact--5c4af6b5-51ec-4123-8655-4e37950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5c4af6b5-51ec-4123-8655-4e37950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B E w A A A N B C A I A A A B 1 W r y 9 A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s M A A A 7 D A c d v q G Q A A P + l S U R B V H h e 7 P 0 H o C V H f e Y N V + 5 w 4 s 33 T p A 0 G u U E Q i i B h A i 2 A c v C B u O A w 2 K c l o / o u P Y 6 g F k b 4 / g 67 a 5333 V Y e 71 e e 18 b Y x x A I E A g k J B Q R H H y z J 1084 m d K n 7 / O u d K B s 2 M r Q H J E n L 91 D r T p 293 d X V V d Z / n 6 U r 4 M 3 f u Q o F A I B A I B A K B Q C D w f I F s / h s I B A K B Q C A Q C A Q C z w u C y Q k E A o F A I B A I B A L P K 4 L J C Q Q C g U A g E A g E A s 8 r g s k J B A K B Q C A Q C A Q C z y u C y Q k E A o F A I B A I B A L P K 4 L J C Q Q C g U A g E A g E A s 8 r g s k J B A K B Q C A Q C A Q C z y u C y Q k E A o F A I B A I B A L P K 4 L J C Q Q C g U A g E A g E A s 8 r g s k J B A K B Q C A Q C A Q C z y u C y Q k E A o F A I B A I B A L P K 4 L J C Q Q C g U A g E A g E A s 8 r g s k J B A K B Q C A Q C A Q C z y u C y Q k E A o F A I B A I B A L P K 4 L J C Q Q C g U A g E A g E A s 8 r n j W T Q 5 z i x A q C C X Y Y v h K C M b Y W x d g w U 3 E r I 6 T h E 74 m x M I W + O t J s S O c c + N g Y W W 8 h T E h r I a Q F W 9 V t O E M o l Z R y k t S t 47 F C G G t S B z r W N i I a V W M D w 8 E A o F A I B A I B A J f 6 + D P 3 L l r c / V f F z A 5 G H w H R m B I 4 B s G l 0 M Y b M 9 p H b b A F 7 A r U k q / l T F Y T 9 V g f O C T 4 P G m s Y F P A L a A 84 F P a W s C l d b h A k U M u Q b K M Y T n q B X c k i r i F h e S y X h Y Y J W 0 Z J w 2 z M Y o v E A g E A g E A o F A I P C 1 z b N n c q w B h z M y J M S M f A 44 H U o p l p k x B o w N r I N 1 g R 3 A 58 A W z b w F O h G i N l f A 4 f i a n Z H D g c + e F Q 1 m K E F g b J D R s c 0 J d o r V L L c 0 k 8 I h R 4 l J a a Y q Z o l Q S F I + D i c Q C A Q C g U A g E A h 8 T f O s m R z k D F g R Q h j 8 b 4 x T R s M 2 s D k i 4 l L K k V v B W v u N Y H j g s 7 K x P + o E L F f g g k Z B + a Z 34 / o c o E 44 K T p V O d S 0 x n i E b V l Z W v H W f L F S x Y 1 M 1 K V W s R q m K B P C g u X K 1 M Q 4 w E A g E A g E A o F A I P A 1 z b N m c v C o v g X + 95 U 64E0 s 2 q z Y s W p c k w M o p a y 1 v n o H Y + q G m 0 d + O V j 6 v 47 X N / 3 N C M m T S a E F R Y W L S k M H R b E h o y y e 2 l n r d C V W h M 5 E r C 0 z l 2 U D J 6 q k n a K T h x 8 I B A K B Q C A Q C A S + t n j 2 a n J G J s c 5 r K 3 B i B D O R v 1 w M E 3 r v V 5 P a y 2 E G N f h g G M B t x O P K m p O x B B f 2 z M 2 N t 4 L U Q r h A L 2 S z D D p i k 4 m T V x r S 4 S / u N j 54 t F s S b u L z 9 h 56 X x 7 W z y M 1 V G R i I G b 6 d m p K X N o H G A g E A g E A o F A I B D 4 m u Z Z M z l 2 N A C a R X 50 A U R o F E X W o r I s f / 2 h e G V l p d / v w z 7 g V c b V O L D z g N X H B z 4 J r P 0 O Y 2 D / 8 Q p s / 6 Y d + q X n z 5 / V t N W g g 4 y M O O v b d N 0 1 b v 3 C y h 1 H V j c Q e e 2 V O 1 + 7 F W + n G 0 N T y s n p W q 8 c B x g I B A K B Q C A Q C A S + p q F v + a F 3 b q 7 + 62 K M 45 y D L 0 E O j 4 Y c 4 O B w e o P + f 38 Y d x R z t W n a m i 9 Z Y 4 g S K V o m m Y x h D w Z W 5 c m L w 5 h y L u K I C Y E p 0 d a W U h Z V d W x l P U 3 j i Z Q L 4 l J i Y 1 R i Z B j n 552 T y t r s 3 W v p 5 w + Z P R v 5 d I O f z a v t w + U B a 2 z G L B A I B A K B Q C A Q C H w t 86 z V 5 G i M u V M O M Y N p R K y r i k J M 3 H + k + J m H J 39 w Z / 97 z l V W l Y r W q T M U a Y 0 i s C i b R z 4 J Z z C J t M s o Z c q R C S V 62 H 7 f J 4 e H z H Y h O 29 / U e 112 z V T w 4 j K y p m O m G n j r L T s 5 k c 6 f / l g 0 Y u 3 p T Z //XUX6+7KTROH6/V6FAtnrDGKjtq9WauNNHEcF7ISQihtwZGN6qCYNdVmBJ4aBJ98dDjnZwk6CVpajC0X4ABdURST0zPLS6vNxoTRm1MGwT7u8SGzgfF6IBAIBAKBQCAQeNYmA33GqXpM9j98/9JHD9M44sJWiqQ1LFFRUK2uvvwFCzOTWsuBNB/6+G1/9+k7wbc8yTmM1wkhlVbgcMqyLIqMU5IkUVUV8KfTQp8CcwpiQdNaDGekBIP1yocDiKFD1l9aIBAIBAKBQCAQODXPW5NT071Ko31Z/W8fGdx5tERJGxtJZIYsiYhIKd+2ZUvSaOWVG0STfMcLOOfgZ8CNwLFjhzMGMwob4U+wnoK9KcFu9BiFzei0FsHxSZdIkJMuYMBizmLBwedo6Wtv6mnNmWByAoFAIBAIBAKBf4HnbXO1fKBW7SRJ6tHg6GVz7Aeunro4Wbd+Up54WOT7i+R/3LH0YNlwcYNQR7n4x1eVlFKE3chIjMat9h2HlDGu0WhUVTUY9ObmZpaOHT127Ji1tigHmxF4apyquRqEv7n25aRx0h90o4hHiZienp2cnseIVaXhka9xGtuwJywZMF4PBAKBQCAQCAQCz1uTszqIcsuZqxgjGvOXzNsfuoxdPInKQVWL2f6Nch/ecs8a+uz9D0VpzTLxx69KvXMYmRywDL7qxjlrNcRQa+msbrebux595Fc+8P4H778XTovZ6VWCncqE+JOeDKcdoUgIXpbF/JZt3/Xdb/6uN70ZEqIMfXICgUAgEAgEAoF/ludtc7WcTdfkBtX90jHt8F3Hzf951BwaRuB5UNW7YJKcH62/7mz6y9/24m89G796NhvbBmC8Ap5hbBukVlEU1ev1Qa/7l3/x5w/efzdChjPidHVaCzL6pMuTdntiIUQTbCuZiYguHz/2f/78zw8dPGiUHMUxEAgEAoFAIBAInJLnrckhyIJL4VGCqiHShUTiM/vz/7PLHZFRIeq94aBJimmzvs0sv/rs+puu3GGt3x8OHNWL+IoRAFYIIUVVgtXhnB8/fhTsDyPYWYmpPa2FMHfSBWF70gUjTYh1xmpZOauPH1ksy1wpNb66QCAQCAQCgUAgcCqetyYnyVbKeC5XTlCJCLa6dJj/zV762cX+Gpmw9RkaN8CtpMTViDG99bGrgQPB2MDneB1gjEVRNLY9VukkToxVyBo/ztnpLFaDXznJAmc76WItUlJTguioDw5jHM5eS5JxrAKBQCAQCAQCgcCp+JoxOZRSY8BoYIeJdQQxgVgsLRkyRqv1mqGlmyoUKWm3T+sT6xsmmiAGzErLuFmqU6zj0iRE6997mP/9AVPSGqqyyFZlMZDOOOEocWCFwL34fjijOhywGg4R8CHIOv8JhicSRVk4TDUkHKHgg8AJpTVBKFgR70wo/IPAI51kORV+LtSTLX5UN38W4iRcrbNOG44LFGpyAoFAIBAIBAKBf4GvGZNDsIvATYC7Id4ZyLJAVsUcvI7z83ZSnsRMMLgeFxG3Y74V8aVYLMOSRCtPfMJGJeWxY8dKKcE/gMeIoogxlpx+DYm1lnM/HptS2ozGRADPozXYn0AgEAgEAoFAIPBs8jVjclSRG1UZVVBnBccUPIXR1kiiS4NoLo3MhylxglOmi9ddf9kffsPsH7167n++duGPXzM//oSvsBHs0Pp6ByHMmPBt0jAFZ2JPMXLbPwMc6+fs1MhZ77GQ8yNEg/0KBAKBQCAQCAQCzy5fMyaHMcopFYwjbCl2UcRHM3JiZwqJI5S0GWOqyMCxlIP1s+pmCy620epLl62kXEA5j4SxlvhO/WBxiLVWalvp024GBjaLRzEmzDoKizaOR5ELJicQCAQCgUAgEHi2+RoyOZwQShitSjXMSzAnxvh5O5O4ppPJI33Doro02hAxOzND+sf6KRrU8LBO4HO8Agts1MpwLqzDSplRizXKOYfPzdM8ZQhBUkpnMUYMFuRn1vEN6QKBQCAQCAQCgcCzy9dOczWHskoWlUGMM54QHhMuykoPpT6wof7i5jv2HVvlabNAkcWElp2kyNIyh884H8IyXofFIscEuBqsrEGEGXAnoy7+p4vFyFn0ghe9+M1v+aHX3vjNUVovi8p9zSRnIBAIBAKBQCDwvOVrRpU7whGJjCNJo2UJ6wwyzBIiEho396+XHVTnzRmJREnr/VLXY4Ho3HhxZBYWWMFsHj4JIQ4MCvWjDkCwvkbIj6Z22jbHaSSS5Nu+7Tve/e4
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4af72c-b1f4-405f-98c2-41ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T13:33:33.000Z" ,
"modified" : "2019-01-25T13:33:33.000Z" ,
"pattern" : "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '146.0.72.139']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T13:33:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b12f7-e344-45a6-a676-032a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T13:45:27.000Z" ,
"modified" : "2019-01-25T13:45:27.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.0.72.188']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T13:45:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c4ae48a-3218-4d00-b1b8-4ea7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T10:41:15.000Z" ,
"modified" : "2019-01-25T10:41:15.000Z" ,
"labels" : [
"misp:name=\"victim\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "sectors" ,
"value" : "financial services" ,
"category" : "Other" ,
"uuid" : "5c4ae48a-cdc8-4489-a223-4186950d210f"
} ,
{
"type" : "target-org" ,
"object_relation" : "name" ,
"value" : "Emirates NBD Bank (National Bank of Dubai)" ,
"category" : "Targeting data" ,
"uuid" : "5c4ae48a-c010-474c-84eb-4742950d210f"
}
] ,
"x_misp_comment" : "one of the largest banking groups in the Middle East in terms of assets. Russia-based office." ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "victim"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c4ae86b-8dfc-4f6c-91fe-4840950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T10:46:09.000Z" ,
"modified" : "2019-01-25T10:46:09.000Z" ,
"labels" : [
"misp:name=\"victim\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "sectors" ,
"value" : "financial services" ,
"category" : "Other" ,
"uuid" : "5c4ae86b-05d8-4544-8b3f-4861950d210f"
} ,
{
"type" : "target-org" ,
"object_relation" : "name" ,
"value" : "Zapsibkombank (Zapadno-Sibirskiy Kommercheskiy Bank)" ,
"category" : "Targeting data" ,
"uuid" : "5c4ae86b-2570-434a-85b7-4cf3950d210f"
}
] ,
"x_misp_comment" : "West Siberian Commercial Bank (WSCB). Russia." ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "victim"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c4aebb7-92d4-41a0-bc03-4a72950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T10:57:59.000Z" ,
"modified" : "2019-01-25T10:57:59.000Z" ,
"labels" : [
"misp:name=\"victim\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "sectors" ,
"value" : "financial services" ,
"category" : "Other" ,
"uuid" : "5c4aebb7-5334-4a41-9f1f-4f97950d210f"
} ,
{
"type" : "target-org" ,
"object_relation" : "name" ,
"value" : "FPB (Finprombank)" ,
"category" : "Targeting data" ,
"uuid" : "5c4aebb7-b398-4a45-a418-4236950d210f"
}
] ,
"x_misp_comment" : "Russia" ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "victim"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c4aef5b-e930-42d1-960a-4a02950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:13:31.000Z" ,
"modified" : "2019-01-25T11:13:31.000Z" ,
"labels" : [
"misp:name=\"victim\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "sectors" ,
"value" : "financial services" ,
"category" : "Other" ,
"uuid" : "5c4aef5b-5578-4029-bb3f-4f6c950d210f"
} ,
{
"type" : "target-org" ,
"object_relation" : "name" ,
"value" : "MSP Bank (\u041c\u0421\u041f \u0411\u0430\u043d\u043a)" ,
"category" : "Targeting data" ,
"uuid" : "5c4aef5b-ba44-472f-8bd1-463e950d210f"
}
] ,
"x_misp_comment" : "Russian Federation State Bank, focuses on providing financing to small and medium enterprises." ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "victim"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c4aef78-5f60-44fa-8461-0477950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:14:00.000Z" ,
"modified" : "2019-01-25T11:14:00.000Z" ,
"labels" : [
"misp:name=\"victim\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "sectors" ,
"value" : "financial services" ,
"category" : "Other" ,
"uuid" : "5c4aef78-727c-4040-9a99-0477950d210f"
} ,
{
"type" : "target-org" ,
"object_relation" : "name" ,
"value" : "MT Bank (\u041c\u0422\u0411\u0430\u043d\u043a)" ,
"category" : "Targeting data" ,
"uuid" : "5c4aef78-eaec-4828-a3ca-0477950d210f"
}
] ,
"x_misp_comment" : "Meridian trade Bank, the only Belarus-based bank entity in the focus of this threat." ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "victim"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4af036-b57c-4b44-985c-031b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:18:20.000Z" ,
"modified" : "2019-01-25T11:18:20.000Z" ,
"pattern" : "[file:name = 'Contract_12112018.Z' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T11:18:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4af051-b338-4305-8d8d-4f8a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:17:37.000Z" ,
"modified" : "2019-01-25T11:17:37.000Z" ,
"pattern" : "[file:name = 'Contract_12112018.chm' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T11:17:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4af596-b560-4a3c-a071-0477950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T11:40:06.000Z" ,
"modified" : "2019-01-25T11:40:06.000Z" ,
"pattern" : "[email-message:body = 'Good day!\r\nI, Skurtov Andrei Vladimirovich,\r\nHead of Interbank Operations and\r\nCorrespondent Relations of PJSC \u201cFinServisBank\u201d.\r\n\r\nWe negotiated the opening and maintenance of correspondent accounts in rubles and freely convertible currencies.\r\nI ask you to consider the application as soon as possible to open and maintain accounts.\r\nI attach the archive with the contract. Please fill it in and send it to me.\r\nThank you in advance, waiting for an answer.\r\n\r\nRespectfully,\r\nHead of Interbank Operations and\r\nCorrespondent Relations of PJSC \u201cFinserviceBank\u201d\r\nNizhny Novgorod region, Sarov, Silkin street, 13' AND email-message:from_ref.display_name = 'FinPromBank' AND email-message:body_multipart[0].body_raw_ref.name = 'Contract_12112018.Z' AND email-message:body_multipart[0].content_disposition = 'attachment' AND email-message:x_misp_return_path = 'sleof@fpbank.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T11:40:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"email\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b0bc7-7f40-45b1-96fe-8be6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T13:15:28.000Z" ,
"modified" : "2019-01-25T13:15:28.000Z" ,
"pattern" : "[file:name = 'ejpejp.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T13:15:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b0bd9-bd80-46d9-b847-8d1a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T13:15:05.000Z" ,
"modified" : "2019-01-25T13:15:05.000Z" ,
"pattern" : "[file:name = 'ejpejp.com' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T13:15:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b11d4-3980-4c76-ada5-8be5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T13:51:32.000Z" ,
"modified" : "2019-01-25T13:51:32.000Z" ,
"pattern" : "[file:name = 'INFOCONTENT.TXT' AND file:parent_directory_ref.path = '\\\\%ProgramData\\\\%' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T13:51:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b1e9b-f5e8-419a-bf32-cdda950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:35:07.000Z" ,
"modified" : "2019-01-25T14:35:07.000Z" ,
"description" : "CHM file" ,
"pattern" : "[file:hashes.SHA1 = '20055fc3f1db35b279f15d398914caba11e5ad9d' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:35:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b1ef4-1b18-411b-acd9-cd55950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:36:36.000Z" ,
"modified" : "2019-01-25T14:36:36.000Z" ,
"description" : "CHM file" ,
"pattern" : "[file:hashes.SHA1 = 'd83d27bc15e960dd50ead02f70bd442593e92427' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:36:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b1f04-4284-4f67-a71e-cd47950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:36:52.000Z" ,
"modified" : "2019-01-25T14:36:52.000Z" ,
"description" : "CHM file" ,
"pattern" : "[file:hashes.SHA1 = '2250174b8998a787332c198fc94db4615504d771' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:36:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b1fcd-b8dc-44aa-95d6-7c49950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:40:13.000Z" ,
"modified" : "2019-01-25T14:40:13.000Z" ,
"description" : "CHM file" ,
"pattern" : "[file:hashes.SHA1 = '9d4bbe09a09187756533ee6f5a6c2258f6238773' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:40:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b1fdd-42bc-4a17-bd0f-43a0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:40:29.000Z" ,
"modified" : "2019-01-25T14:40:29.000Z" ,
"description" : "CHM file" ,
"pattern" : "[file:hashes.SHA1 = '26a8cfb5f03eac0807dd4fd80e80dbd39a7fd8a6' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:40:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b1fee-752c-41b2-bf0c-dc58950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:40:46.000Z" ,
"modified" : "2019-01-25T14:40:46.000Z" ,
"description" : "CHM file" ,
"pattern" : "[file:hashes.SHA1 = 'd167b13988aa0b277426489f343a484334a394d0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:40:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b20df-e2a8-458c-b8b3-4a65950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:44:47.000Z" ,
"modified" : "2019-01-25T14:44:47.000Z" ,
"description" : "Dropped files" ,
"pattern" : "[file:hashes.SHA1 = 'e5cb1be1a22a7bf5816ed16c5644119b51b07837' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:44:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b20f0-a8e0-401c-8b7e-7c48950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:45:04.000Z" ,
"modified" : "2019-01-25T14:45:04.000Z" ,
"description" : "Dropped files" ,
"pattern" : "[file:hashes.SHA1 = '290321c1a00f93cdc55b1a22da629b3fcf192101' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:45:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c4b2103-552c-4757-869f-cd47950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T14:45:23.000Z" ,
"modified" : "2019-01-25T14:45:23.000Z" ,
"description" : "Dropped files" ,
"pattern" : "[file:hashes.SHA1 = '2cd620cea310b0edb68e4bb27301b2563191287b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T14:45:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--91795e9b-d1f7-4b0d-9d92-5a431928fc67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:38.000Z" ,
"modified" : "2019-01-25T16:01:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '53f4a016a61040273478e1c3c10ff8a3' AND file:hashes.SHA1 = 'e5cb1be1a22a7bf5816ed16c5644119b51b07837' AND file:hashes.SHA256 = '9fb4281bc5994209dced167e4d34bfedf3b8a6f882b1a7c92f30970db5e30548']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e43f1762-16e7-491d-a6dd-8ee0c9e9c6fb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:38.000Z" ,
"modified" : "2019-01-25T16:01:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-07 13:24:31" ,
"category" : "Other" ,
"uuid" : "f53809a3-be0e-4f6b-8c9d-bfda8522ec11"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9fb4281bc5994209dced167e4d34bfedf3b8a6f882b1a7c92f30970db5e30548/analysis/1544189071/" ,
"category" : "External analysis" ,
"uuid" : "ed0ccbbc-e563-4b25-9217-6411bd2f7504"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/57" ,
"category" : "Other" ,
"uuid" : "5d2c28a6-698c-4c20-9d0c-016e32fa34bb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--698c4d77-fd4f-4218-bb4c-f168514b3290" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:38.000Z" ,
"modified" : "2019-01-25T16:01:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '13cc98fcb654ac83cda6d3ec9946fa9b' AND file:hashes.SHA1 = '2cd620cea310b0edb68e4bb27301b2563191287b' AND file:hashes.SHA256 = '0e0729b51709325688f2741e2d5c6b3f547901837d89c203cb8aa2985b5f0018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4dca79f2-944f-4a42-8bc1-87b40e8dea17" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-23 20:54:21" ,
"category" : "Other" ,
"uuid" : "77b819ec-84d3-48f9-91ee-236be8d0f758"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0e0729b51709325688f2741e2d5c6b3f547901837d89c203cb8aa2985b5f0018/analysis/1548276861/" ,
"category" : "External analysis" ,
"uuid" : "41854ef2-29ba-4d0c-aa6b-0baf74adb060"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/71" ,
"category" : "Other" ,
"uuid" : "bb13e8ae-4641-47ed-8541-36561218c89a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2ee04d28-127c-48b5-b8cd-ff204584eb06" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f7e6785e5f6bfeb8ab16a87968b9a172' AND file:hashes.SHA1 = '20055fc3f1db35b279f15d398914caba11e5ad9d' AND file:hashes.SHA256 = '77775f1dbfceb1f1915d2db067a0a8239dab771d41084fc89e9478f3995f2498']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2ac1303d-bab9-480b-8106-1372dc9a3f18" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-03 11:54:16" ,
"category" : "Other" ,
"uuid" : "932eac35-c427-4f28-998f-76cff337dd8f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/77775f1dbfceb1f1915d2db067a0a8239dab771d41084fc89e9478f3995f2498/analysis/1543838056/" ,
"category" : "External analysis" ,
"uuid" : "17aeac8b-bc64-48e5-9e23-a21e362191e7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "16/57" ,
"category" : "Other" ,
"uuid" : "903b1cdd-a6d1-45ed-86ba-4d186268d0b3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dcf6dd23-a9cb-4176-82cd-a1988b844b08" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"pattern" : "[file:hashes.MD5 = '6f2b56fbf5bd529a6088dbdd85f15b60' AND file:hashes.SHA1 = '9d4bbe09a09187756533ee6f5a6c2258f6238773' AND file:hashes.SHA256 = 'b0f01a994c6b5fe990d34e5f829e224dc47e1de9d0ac973118326dec60d89d08']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--957e75e7-4f8d-4295-af73-93b1a7ac8d5f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-15 07:23:18" ,
"category" : "Other" ,
"uuid" : "3b647629-0a52-4283-a497-281acd0a37a6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b0f01a994c6b5fe990d34e5f829e224dc47e1de9d0ac973118326dec60d89d08/analysis/1542266598/" ,
"category" : "External analysis" ,
"uuid" : "1346e920-b3bd-4e4a-82cb-5884bab7f496"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/55" ,
"category" : "Other" ,
"uuid" : "55a25206-f417-4817-bdad-585cbd418422"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b5acf42a-4872-4868-bb13-4103b0302591" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd471212d99478254dafb68a7c62dce6a' AND file:hashes.SHA1 = 'd83d27bc15e960dd50ead02f70bd442593e92427' AND file:hashes.SHA256 = '6806630c8bec6145475e421900f63dec20c2c6fdfe3a6f12b6bfddb8db6bb821']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--12075022-7ba4-4194-9d70-ed925f904ad8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-30 15:34:16" ,
"category" : "Other" ,
"uuid" : "daec0d39-6f0c-45aa-a2b7-1cf50f4b659c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6806630c8bec6145475e421900f63dec20c2c6fdfe3a6f12b6bfddb8db6bb821/analysis/1543592056/" ,
"category" : "External analysis" ,
"uuid" : "bc6845a4-89c9-4d8e-8e49-289b052eb447"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/58" ,
"category" : "Other" ,
"uuid" : "16261c23-6879-4425-b18f-94d067275f28"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--702ffaf3-4607-4b11-9de2-58d0a7dd5c02" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:39.000Z" ,
"modified" : "2019-01-25T16:01:39.000Z" ,
"pattern" : "[file:hashes.MD5 = '009c457c4456a0d0d3b38627135b6f18' AND file:hashes.SHA1 = 'd167b13988aa0b277426489f343a484334a394d0' AND file:hashes.SHA256 = '00a1397c9c65babe9ccbcab73d09fdf874a35a5783baab60c03c18c761da6458']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ce51d85e-e171-4924-beaf-f0bc4bc44088" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-22 02:03:34" ,
"category" : "Other" ,
"uuid" : "33eae96d-2d57-4acf-9229-e9aaa83ff676"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/00a1397c9c65babe9ccbcab73d09fdf874a35a5783baab60c03c18c761da6458/analysis/1548122614/" ,
"category" : "External analysis" ,
"uuid" : "71771f26-3472-49c7-9c86-75665beaebfc"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "11/58" ,
"category" : "Other" ,
"uuid" : "272cb576-5c3f-4f7e-8517-4b32c3ef5639"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b7e34830-062d-4d26-b446-7ae06fa24f0f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"pattern" : "[file:hashes.MD5 = '38303299c65ef84dff0e4212fd5bb3bf' AND file:hashes.SHA1 = '2250174b8998a787332c198fc94db4615504d771' AND file:hashes.SHA256 = '1135813663bf9c747a1cca7312aef97d345d231df5cdeb314cb8606017d26d86']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-25T16:01:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4108724c-1ab6-4fb3-9238-7c2de72a12d1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-20 21:17:12" ,
"category" : "Other" ,
"uuid" : "e1760209-933d-442a-868e-37ce59fc276c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1135813663bf9c747a1cca7312aef97d345d231df5cdeb314cb8606017d26d86/analysis/1545340632/" ,
"category" : "External analysis" ,
"uuid" : "269abb93-a286-4283-b69e-3c455b0dcb6a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/57" ,
"category" : "Other" ,
"uuid" : "eea224a2-e129-484e-98c7-ee8b9653d59f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--6d0444b2-c7fb-416f-bde2-8e321ceb4ec1" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T11:18:20.000Z" ,
"modified" : "2019-01-25T11:18:20.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "indicator--5c4af036-b57c-4b44-985c-031b950d210f" ,
"target_ref" : "indicator--5c4af051-b338-4305-8d8d-4f8a950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a7f52331-9f3d-4315-aca4-9991d2b34e1f" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T13:15:27.000Z" ,
"modified" : "2019-01-25T13:15:27.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "indicator--5c4b0bc7-7f40-45b1-96fe-8be6950d210f" ,
"target_ref" : "indicator--5c4b0bd9-bd80-46d9-b847-8d1a950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--edb6a462-02a1-4e39-823b-3cdc992ff4a8" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T13:51:32.000Z" ,
"modified" : "2019-01-25T13:51:32.000Z" ,
"relationship_type" : "sends-to" ,
"source_ref" : "indicator--5c4b11d4-3980-4c76-ada5-8be5950d210f" ,
"target_ref" : "indicator--5c4b12f7-e344-45a6-a676-032a950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9765f365-b5e7-432d-9f08-53af8e42a4c3" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--91795e9b-d1f7-4b0d-9d92-5a431928fc67" ,
"target_ref" : "x-misp-object--e43f1762-16e7-491d-a6dd-8ee0c9e9c6fb"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--edcfa53f-ff3c-4779-a0e6-2a650daad45c" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--698c4d77-fd4f-4218-bb4c-f168514b3290" ,
"target_ref" : "x-misp-object--4dca79f2-944f-4a42-8bc1-87b40e8dea17"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--7d2859b5-bfca-44bc-a245-5b96e4ac8cd2" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2ee04d28-127c-48b5-b8cd-ff204584eb06" ,
"target_ref" : "x-misp-object--2ac1303d-bab9-480b-8106-1372dc9a3f18"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--94d1b217-991c-45c2-9810-aab687e74fd2" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--dcf6dd23-a9cb-4176-82cd-a1988b844b08" ,
"target_ref" : "x-misp-object--957e75e7-4f8d-4295-af73-93b1a7ac8d5f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--26cc9934-a29b-48a6-a6eb-1a2abe0bc4b8" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b5acf42a-4872-4868-bb13-4103b0302591" ,
"target_ref" : "x-misp-object--12075022-7ba4-4194-9d70-ed925f904ad8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--14c6b082-8cf1-4cce-ac22-43ac1a3bb0e7" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--702ffaf3-4607-4b11-9de2-58d0a7dd5c02" ,
"target_ref" : "x-misp-object--ce51d85e-e171-4924-beaf-f0bc4bc44088"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--3f8959c3-65dd-49fb-9ddb-49718550cec3" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-25T16:01:40.000Z" ,
"modified" : "2019-01-25T16:01:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b7e34830-062d-4d26-b446-7ae06fa24f0f" ,
"target_ref" : "x-misp-object--4108724c-1ab6-4fb3-9238-7c2de72a12d1"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
