{ "type": "bundle", "id": "bundle--5a5724c6-5e20-4d61-9ccb-4191950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-10T03:01:48.000Z", "modified": "2018-02-10T03:01:48.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a5724c6-5e20-4d61-9ccb-4191950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-10T03:01:48.000Z", "modified": "2018-02-10T03:01:48.000Z", "name": "OSINT - Mac Malware of 2017", "published": "2018-02-16T09:00:10Z", "object_refs": [ "observed-data--5a5725af-c85c-4245-9e36-442b950d210f", "url--5a5725af-c85c-4245-9e36-442b950d210f", "x-misp-attribute--5a5726ab-e594-48e0-9f19-099b950d210f", "observed-data--5a58693b-6748-42fb-8b4e-4507950d210f", "url--5a58693b-6748-42fb-8b4e-4507950d210f", "observed-data--5a58693c-6350-40a4-9cf2-4b13950d210f", "url--5a58693c-6350-40a4-9cf2-4b13950d210f", "observed-data--5a586a6e-9420-44eb-9341-420d950d210f", "url--5a586a6e-9420-44eb-9341-420d950d210f", "observed-data--5a586a6f-c7e0-4330-a459-4a3f950d210f", "url--5a586a6f-c7e0-4330-a459-4a3f950d210f", "observed-data--5a586a6f-7aa0-4a57-bad2-4a74950d210f", "url--5a586a6f-7aa0-4a57-bad2-4a74950d210f", "observed-data--5a586a6f-b1f0-4118-a840-4916950d210f", "url--5a586a6f-b1f0-4118-a840-4916950d210f", "observed-data--5a586a6f-bdc0-4812-a215-4367950d210f", "url--5a586a6f-bdc0-4812-a215-4367950d210f", "observed-data--5a586a6f-5334-4881-9275-4493950d210f", "url--5a586a6f-5334-4881-9275-4493950d210f", "observed-data--5a586a6f-8e08-456a-95b3-44ca950d210f", "url--5a586a6f-8e08-456a-95b3-44ca950d210f", "observed-data--5a586a6f-387c-4485-90b5-420b950d210f", "url--5a586a6f-387c-4485-90b5-420b950d210f", "observed-data--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f", "url--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f", "observed-data--5a586a6f-1b60-43b2-88a3-4966950d210f", "url--5a586a6f-1b60-43b2-88a3-4966950d210f", "observed-data--5a586a6f-8dac-4932-9d31-40e3950d210f", "url--5a586a6f-8dac-4932-9d31-40e3950d210f", "observed-data--5a586a6f-3130-4211-9d3e-47e1950d210f", "url--5a586a6f-3130-4211-9d3e-47e1950d210f", "observed-data--5a586a6f-d9c8-45d5-9a8d-4246950d210f", "url--5a586a6f-d9c8-45d5-9a8d-4246950d210f", "indicator--5a586d3d-d860-4ac4-83d1-4457950d210f", "indicator--5a586d3d-d274-479d-83c9-4b8f950d210f", "indicator--5a5870d4-b0a0-42b8-85d7-45c3950d210f", "indicator--5a5870d4-673c-4b17-a384-46df950d210f", "indicator--5a5871a8-b690-4501-9bb8-43cf950d210f", "indicator--5a5874a6-93e4-40c1-bcad-405b950d210f", "indicator--5a5874a6-5d4c-46e9-a090-4ec9950d210f", "indicator--5a5874a6-0fbc-4bcd-b43b-4a09950d210f", "indicator--5a5874a6-8290-4544-9472-4222950d210f", "indicator--5a587b98-1324-48ec-bc3e-4949950d210f", "indicator--5a587b98-616c-412d-9933-4c69950d210f", "indicator--5a587b98-265c-4f10-91f4-4f9e950d210f", "indicator--5a587b98-3eec-4e65-b45e-4364950d210f", "indicator--5a587b98-8cdc-4b4c-9072-4f66950d210f", "indicator--5a587d0d-e7cc-4f45-8596-4575950d210f", "indicator--5a587d0d-7858-424b-aa19-4dc1950d210f", "indicator--5a587d0d-abc0-4374-9497-4376950d210f", "indicator--5a587f73-26fc-49f3-bb30-4c1a950d210f", "indicator--5a588997-15ac-4228-967b-4a1c950d210f", "indicator--5a588b7d-77b4-43bb-a98f-4df2950d210f", "indicator--5a588b7d-78e4-451b-997f-45ee950d210f", "indicator--5a588b7d-1500-4e04-b20a-41e7950d210f", "indicator--5a588c8c-c138-4cc7-84b9-421a950d210f", "indicator--5a588c8d-f950-4fc4-aa8a-4942950d210f", "indicator--5a588c8d-2f50-4f57-bdeb-48bf950d210f", "indicator--5a588c8d-0c00-4303-b758-4d53950d210f", "indicator--5a588c8d-4ba8-4400-84dd-47e9950d210f", "indicator--5a588cd4-2674-48e6-ba6d-4936950d210f", "indicator--5a588cd4-296c-4c6b-b525-447d950d210f", "indicator--5a588cd4-0e2c-4f16-9612-4c46950d210f", "indicator--5a588cd4-1bd4-4974-80cc-46b5950d210f", "indicator--5a588cd4-83a8-4070-85fe-4751950d210f", "indicator--5a588cd4-dcc0-4d12-b524-4832950d210f", "indicator--5a588ce9-3f18-41de-a8f3-6247950d210f", "indicator--5a588edc-55c8-4142-9d86-40aa950d210f", "indicator--5a588efe-f068-422e-8209-4f30950d210f", "indicator--5a588efe-b770-4240-918f-40d0950d210f", "indicator--5a588efe-6e7c-49fa-88b0-4926950d210f", "indicator--5a588fc0-2f8c-44e1-8bc0-4901950d210f", "indicator--5a58923e-99bc-4f6e-871e-4f47950d210f", "indicator--5a58927b-3168-4cc8-8adb-45d5950d210f", "indicator--5a5892db-aadc-434f-b8d2-4545950d210f", "indicator--5a58b14a-6e58-4ce3-8c6d-408b950d210f", "indicator--5a58b167-75d4-4ae8-b97e-49b6950d210f", "indicator--5a58b167-8a0c-444d-b52f-4b59950d210f", "indicator--5a58b167-c74c-41ef-9ae2-4f42950d210f", "indicator--5a58b167-1de8-4feb-a032-477d950d210f", "indicator--5a58bd65-4eb8-43e1-9555-4f95950d210f", "indicator--5a58bd65-ec78-4531-82ff-439a950d210f", "indicator--5a58bd65-b0bc-4851-8266-4e43950d210f", "indicator--5a58bece-2560-4d95-bfdc-4996950d210f", "indicator--5a58becf-33ac-4d37-bbee-4aaf950d210f", "indicator--5a58bfe5-fcf4-4b2f-a229-4f94950d210f", "indicator--5a58bfe6-3008-4b03-90dc-41e0950d210f", "indicator--5a58c0fb-5c08-4a71-94fc-4dcd950d210f", "indicator--5a58c0fb-3e30-4946-b9e9-449c950d210f", "indicator--5a586fc6-e0fc-4f06-b55a-46a7950d210f", "indicator--5a5870b4-5c68-4077-8cce-4138950d210f", "indicator--5a587b0f-b46c-4403-be5e-423d950d210f", "indicator--5a587cfc-3568-4d8d-bcc1-4920950d210f", "indicator--5a587e34-dc78-4406-897c-4cff950d210f", "indicator--5a588039-c95c-4895-ad28-43ff950d210f", "indicator--5a588e6f-c80c-4f1e-ab63-5fa4950d210f", "indicator--5a588e83-b4f8-44e1-8e4c-5f67950d210f", "indicator--5a588e93-5dfc-45e3-b6a4-4456950d210f", "indicator--5a588ea4-afa0-4611-bfb8-5f67950d210f", "indicator--5a588f59-6d78-49a5-994d-47b5950d210f", "indicator--5a589228-91e8-4b7e-a099-4ccd950d210f", "indicator--5a589262-4dd4-4e98-8159-6247950d210f", "indicator--5a58bada-0930-472d-8af6-4307950d210f", "indicator--5a58bcda-a8f8-43a6-acb8-4fbc950d210f", "indicator--5a58bcf9-4efc-4891-99c0-4a32950d210f", "indicator--5a58bd15-e480-4b26-b998-45da950d210f", "indicator--5a58c01c-b8f4-40e3-98cd-4936950d210f", "indicator--5a58c036-a548-4862-a538-446a950d210f", "indicator--5a58c050-7084-4c75-9670-400a950d210f", "indicator--5a58c075-f7d4-4c8b-8e4b-4bb9950d210f", "indicator--5a58c093-809c-40dc-b89c-4465950d210f", "indicator--5a58c0ae-c4dc-4e61-adac-4746950d210f", "indicator--5a58c0c3-26d0-4a90-8753-4cf7950d210f", "indicator--5a58c0d9-822c-4fc7-96ad-4dbc950d210f", "indicator--1a0ee044-7122-498a-9723-2e6a34cfe282", "x-misp-object--2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb", "indicator--dd355e08-3cf3-4834-aff2-942c4d631ef8", "x-misp-object--d553ed19-0a19-4bff-a1cb-29a2174a1504", "indicator--607b7d37-5391-4828-9785-747ca987e6d0", "x-misp-object--c962297e-54fe-479d-bc30-24c2e4425ad9", "indicator--845b2d47-0368-4a40-91d0-479d97eacda4", "x-misp-object--22650c01-93d0-43cb-9b39-9e6b3db474eb", "indicator--8cb5ebee-fcb0-4f05-a707-708b1eaddd59", "x-misp-object--9f51aaa1-7f34-4b9a-b4a4-34413e3295e3", "indicator--193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b", "x-misp-object--21ee3580-cfc9-41d7-99c2-00615d045962", "indicator--f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea", "x-misp-object--eb9962e1-8c34-45bf-b7be-9ce7bc3fec07", "indicator--a10445d8-f9e8-485b-8d4a-167ce8bea45d", "x-misp-object--cb259893-8a4b-4847-b19a-50a9bb705885", "indicator--f41bbf4c-5ca3-4e62-af09-e1a9145ee05e", "x-misp-object--bf3e1c52-bd79-4344-beed-865e505b5210", "indicator--44885bf0-1f38-4d25-b9d9-80c3b47bed40", "x-misp-object--e4dd2223-b1b9-40d2-b87b-9e819a6a68fb", "indicator--bf5df298-de3c-4398-9e6d-833e38d5c81f", "x-misp-object--ddd10108-2f29-4846-bea0-1e80d1c62981", "indicator--4451bac1-bdc3-4bbd-a01d-ec5902aea71d", "x-misp-object--3efc2992-b363-4793-87b3-5ec2032cdd31", "indicator--f9086285-81ea-4ede-b4d3-0c086cd67629", "x-misp-object--bb34db62-0780-4909-ad47-8d825362d6cf", "indicator--49b4e424-a863-47c4-907c-e282e6e65df3", "x-misp-object--b5786be9-5a78-4df3-b021-1dec3dec8d55", "indicator--5c4fe5fd-d899-4e20-b4b5-e39398733757", "x-misp-object--4f4b9b57-b256-4d40-ae26-c8602137bfb6", "indicator--a49ac8ee-df74-445f-9d00-eff900554eb8", "x-misp-object--d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd", "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2", "x-misp-object--84bccfef-2072-49f1-b605-8bca7e67be2f", "indicator--25d83980-fd95-481d-a330-6e969b0253eb", "x-misp-object--0f57df59-7f2e-4538-ad44-9198ae1eb7e7", "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "x-misp-object--5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2", "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3", "x-misp-object--1de4ff44-ee71-4017-a208-7510bc2224ab", "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58", "x-misp-object--76a37ccf-a61f-4466-b91b-dfb81cd4087d", "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed", "x-misp-object--98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb", "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8", "x-misp-object--d7545769-a98f-47ac-89e1-9074f18b2266", "indicator--2c1cfefa-96a0-4099-a720-69b64d16fe5f", "x-misp-object--2beed4ba-5af8-427c-8270-b6a6456df65c", "indicator--9cb63957-a223-4016-bf62-7eac015b02a4", "x-misp-object--83cea96d-ea16-4220-b8d5-88ca68baf4d5", "indicator--90395b9d-bff0-4af6-adaf-a864379542da", "x-misp-object--494c3c26-d774-4f6a-aa08-5eba8f2211db", "indicator--41a354b8-fbc4-48fc-8976-bd9a3593a07c", "x-misp-object--77040fb6-0d6c-459f-986f-92b37cffe118", "indicator--480e2ec8-94b2-4682-a591-c2e86c390ead", "x-misp-object--e6e5e5d4-0dc1-4dca-a921-aa923f455fcf", "indicator--74bef4c3-487c-4941-b138-c8c0e3413b50", "x-misp-object--78a04ae2-f33b-4b5a-b0ad-64f842d70385", "indicator--1f840571-741e-4096-92d6-78e58c49109c", "x-misp-object--268e55cb-3597-4e16-8007-a8b36cf61376", "x-misp-object--10efb953-d0cc-4219-8b64-fd1aea48048d", "x-misp-object--e72fba22-ef47-4486-b345-e02af2e3f2ba", "x-misp-object--c484d968-23eb-42f0-95b4-c646ff1c4a46", "x-misp-object--672456f3-351d-4587-8114-0c562fcb6082", "x-misp-object--a643b2e6-13d0-4844-bb44-3708ee4f1430", "x-misp-object--cde25116-2c43-45fe-90a9-9d17cf9e4e7c", "x-misp-object--a41b07c7-d703-4a24-95e3-7d4c50770c9b", "x-misp-object--e71d92c3-fb0b-4408-95c7-c3afe71baae7", "x-misp-object--5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0", "x-misp-object--77a6bb0a-b55e-4b33-ae86-c7ae2004d914", "x-misp-object--c54a631e-db6e-4cc7-856d-07a974bfc25a", "x-misp-object--0840973f-94a7-411c-9c35-bebd86da7b47", "x-misp-object--7e1bd57e-b8fe-46ce-acd5-c763793f28c5", "x-misp-object--01b8d2c8-326f-4555-a514-65bbf934d953", "indicator--2835626e-b913-4889-a9d9-fdbe227feadb", "x-misp-object--a28ef769-5398-4eb7-9b00-fab900d14c43", "x-misp-object--5c2bd08b-1259-4095-9c9e-3b74506b1585", "x-misp-object--85b2b880-d3e8-4dea-bea6-10c2a491856b", "indicator--fb3000f4-1ebc-42d4-8e4a-2275d659efe6", "x-misp-object--5cbeb48f-30a6-478a-bea9-9928524630c6", "indicator--f53a44f1-158b-4212-bc9e-8e257362a32c", "x-misp-object--3bd1c560-3b57-4248-b95c-72723eebd90c", "indicator--edc8ba48-d186-4b7f-a8e4-54fdfee91503", "x-misp-object--cf7832e0-5495-4a89-95df-cb4dd915842e", "indicator--f8e43169-3421-43af-8b25-be605a3ea859", "x-misp-object--2e77adf4-a30d-4dcf-9fcd-9a263b1971c7", "indicator--770417f7-66d8-4c14-a590-25829420ef72", "x-misp-object--d250cbbd-0387-4477-9487-647ba7f369ed", "indicator--18939e64-0afb-4ae4-8995-189b92423b98", "x-misp-object--55b685d6-7fdc-4538-b113-d253384b213a", "x-misp-object--e5e57871-79b1-4440-95b3-49bc62c724e5", "indicator--8d7a2d17-30f8-46c6-aa2c-c99caf8b8208", "x-misp-object--ece0181f-f705-463f-bea6-08263cc535ba", "indicator--87463bc1-9173-4071-827c-db9c3d3396bc", "x-misp-object--f31cc4ab-1875-4f2d-87c9-04b8673ddbe8", "x-misp-object--f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365", "relationship--54bc5a55-f8ec-43e3-9533-25419525af82", "relationship--8869555c-13cd-450a-b6db-32dd8d268229", "relationship--1b7e0564-4e54-48d9-8457-0adbb50b0038", "relationship--bb1c21d1-4a8d-454d-9435-78373f432dbf", "relationship--0c4be757-be11-4134-a1a1-f1b08d0ef39b", "relationship--e1aaba0e-7e5d-40e7-8a4d-1a124f0e3cf7", "relationship--d0bb206a-e5e9-40f6-a2e4-0c67a8727ab6", "relationship--fd6643d2-7136-4798-ba1a-62bee2cc3bcd", "relationship--7027089c-f606-434d-abbb-13009b2a959e", "relationship--c956c0d6-65be-49f0-970c-45e5489668b1", "relationship--ec39048d-4c37-4c94-a13e-9ba28496bb18", "relationship--b2769580-bf1d-4f0f-a527-c4b7f9fa8274", "relationship--62594d80-f3a5-4424-9841-9e136a30f8cd", "relationship--6a49bac4-5dd3-4778-ba60-afe286bb7c2a", "relationship--344f77fa-9cb6-4e1b-9c0b-a03c80626eb4", "relationship--ead47b81-f8c9-42a5-b4f9-f757030f0439", "relationship--e999ddf3-94f3-4005-bbed-69cca6e69d14", "relationship--17030762-d59f-4cc9-b9ac-de7a7138cf39", "relationship--77276007-35ae-4524-8598-86d43c67bb21", "relationship--89563aad-d7b8-44ee-8006-ab7e75cbc952", "relationship--6f42828f-0367-4e2d-82a7-bdd67a9a79a5", "relationship--b44e642b-1908-4008-a91c-4a29576ff270", "relationship--6a02847c-3c06-4532-82d7-d9cf452e754d", "relationship--cef0f843-d0bc-42c9-99f9-b3ced9ae9f27", "relationship--1e8bf86a-4a69-4067-b80e-aa0f65db0a07", "relationship--4b1d9fd5-132c-4a3d-9fa8-074cd422844b", "relationship--67c8be50-935d-4da5-ae06-eb03d4758bd7", "relationship--52fdf65f-b21d-4c5c-bbf5-9be854c70c41", "relationship--282d5e47-a4c5-4966-a84e-9da9f5f84b6a", "relationship--488eeb61-b2e6-438f-bf77-0edb0605958f", "relationship--e7b8febb-ea95-4e7c-b0ca-4c9ca2504f46", "relationship--a613e9e4-b5ef-434b-938e-d466073f3983", "relationship--a78e1ab4-10fb-4a61-9b52-adae428a215a", "relationship--ee5429f0-1c37-44db-95b6-b5a605ab226c", "relationship--28552773-3993-45d1-a32e-e033475e625d", "relationship--9da9e215-ea94-4f89-acac-7359ffd0cee0", "relationship--c9dd9fa2-343f-412a-adfb-2564305cf5fd", "relationship--286ca42c-d1a6-4a14-ab3e-75cce8c8272c", "relationship--1217e168-e947-4623-8279-e086c6c4fa33", "relationship--f391ec27-4d1f-47a9-ba9f-8b6a0733fa9a", "relationship--2d788dee-d48b-44c9-99c6-7c5247f13b0b", "relationship--45fee5d0-8830-4b42-a87f-3263851881ef", "relationship--0c7a2862-257a-4a01-b22a-e4a758e2fe75", "relationship--d4e4b3c7-e4c0-4a6b-ae39-fa51cf644023", "relationship--b2f2b0b7-03cb-4202-b155-9a6687ad8109", "relationship--525a1807-45bd-487a-b749-0be8f3c5d8a6", "relationship--296ffa2d-9532-45bc-8d05-d3780829251a", "relationship--a5250e43-39c1-4d8b-bdbe-043b4d6e45b9", "relationship--5ec5f0a4-2471-446c-ab32-1b0294cf356b", "relationship--f12247b1-47a7-4c9f-8a64-8fa449f4066a", "relationship--cba62434-7e45-47db-8658-255ff86b7371", "relationship--e073f5a7-a045-4bd8-8554-b430775c7a3d", "relationship--0f08c661-bc0f-4e59-a9a1-67b2a85d8682", "relationship--2fe467aa-d68f-4763-98aa-c29a69b4b194", "relationship--c9e5e5fe-5a65-495f-ba23-48ff7bab2197", "relationship--8de4f7da-7ec0-4bee-90bf-b61e536a1697", "relationship--dbdf1e48-aaef-4209-9137-74ef63260a9f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"FruitFly\"", "misp-galaxy:tool=\"MacDownloader\"", "misp-galaxy:ransomware=\"MacRansom\"", "misp-galaxy:rat=\"MacSpy\"", "misp-galaxy:tool=\"Empyre\"", "misp-galaxy:tool=\"Proton\"", "misp-galaxy:tool=\"Mughthesec\"", "misp-galaxy:tool=\"Pwnet\"", "misp-galaxy:tool=\"CpuMeaner\"", "misp-galaxy:ransomware=\"FileCoder\"", "misp-galaxy:banker=\"Dok\"", "misp-galaxy:mitre-malware=\"XAgentOSX\"", "misp-galaxy:tool=\"X-Agent\"", "misp-galaxy:tool=\"Turla\"", "osint:source-type=\"blog-post\"", "osint:source-type=\"technical-report\"", "malware_classification:malware-category=\"Ransomware\"", "ms-caro-malware-full:malware-family=\"Banker\"", "circl:incident-classification=\"malware\"", "malware_classification:malware-category=\"Trojan\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5725af-c85c-4245-9e36-442b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:02.000Z", "modified": "2018-02-09T14:13:02.000Z", "first_observed": "2018-02-09T14:13:02Z", "last_observed": "2018-02-09T14:13:02Z", "number_observed": 1, "object_refs": [ "url--5a5725af-c85c-4245-9e36-442b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5725af-c85c-4245-9e36-442b950d210f", "value": "https://objective-see.com/blog/blog_0x25.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5726ab-e594-48e0-9f19-099b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:02.000Z", "modified": "2018-02-09T14:13:02.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "For the second year in a row, I've decided to post a blog that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively cover all new Mac malware of 2017 - in one place. For each, we'll dive into various technical details such as identifying the malware's infection vector, persistence mechanism, features & goals, and describe how to clean an infected system." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a58693b-6748-42fb-8b4e-4507950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:02.000Z", "modified": "2018-02-09T14:13:02.000Z", "first_observed": "2018-02-09T14:13:02Z", "last_observed": "2018-02-09T14:13:02Z", "number_observed": 1, "object_refs": [ "url--5a58693b-6748-42fb-8b4e-4507950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"technical-report\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a58693b-6748-42fb-8b4e-4507950d210f", "value": "https://www.virusbulletin.com/uploads/pdf/magazine/2017/VB2017-Wardle.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a58693c-6350-40a4-9cf2-4b13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:02.000Z", "modified": "2018-02-09T14:13:02.000Z", "first_observed": "2018-02-09T14:13:02Z", "last_observed": "2018-02-09T14:13:02Z", "number_observed": 1, "object_refs": [ "url--5a58693c-6350-40a4-9cf2-4b13950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"technical-report\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a58693c-6350-40a4-9cf2-4b13950d210f", "value": "https://www.cybersixgill.com/wp-content/uploads/2017/02/02072017%20-%20Proton%20-%20A%20New%20MAC%20OS%20RAT%20-%20Sixgill%20Threat%20Report.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6e-9420-44eb-9341-420d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:03.000Z", "modified": "2018-02-09T14:13:03.000Z", "first_observed": "2018-02-09T14:13:03Z", "last_observed": "2018-02-09T14:13:03Z", "number_observed": 1, "object_refs": [ "url--5a586a6e-9420-44eb-9341-420d950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6e-9420-44eb-9341-420d950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-c7e0-4330-a459-4a3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:03.000Z", "modified": "2018-02-09T14:13:03.000Z", "first_observed": "2018-02-09T14:13:03Z", "last_observed": "2018-02-09T14:13:03Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-c7e0-4330-a459-4a3f950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-c7e0-4330-a459-4a3f950d210f", "value": "https://objective-see.com/blog/blog_0x17.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-7aa0-4a57-bad2-4a74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:04.000Z", "modified": "2018-02-09T14:13:04.000Z", "first_observed": "2018-02-09T14:13:04Z", "last_observed": "2018-02-09T14:13:04Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-7aa0-4a57-bad2-4a74950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-7aa0-4a57-bad2-4a74950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-b1f0-4118-a840-4916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:04.000Z", "modified": "2018-02-09T14:13:04.000Z", "first_observed": "2018-02-09T14:13:04Z", "last_observed": "2018-02-09T14:13:04Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-b1f0-4118-a840-4916950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-b1f0-4118-a840-4916950d210f", "value": "https://iranthreats.github.io/resources/macdownloader-macos-malware/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-bdc0-4812-a215-4367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:04.000Z", "modified": "2018-02-09T14:13:04.000Z", "first_observed": "2018-02-09T14:13:04Z", "last_observed": "2018-02-09T14:13:04Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-bdc0-4812-a215-4367950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-bdc0-4812-a215-4367950d210f", "value": "https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-5334-4881-9275-4493950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:05.000Z", "modified": "2018-02-09T14:13:05.000Z", "first_observed": "2018-02-09T14:13:05Z", "last_observed": "2018-02-09T14:13:05Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-5334-4881-9275-4493950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-5334-4881-9275-4493950d210f", "value": "https://objective-see.com/blog/blog_0x1F.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-8e08-456a-95b3-44ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:05.000Z", "modified": "2018-02-09T14:13:05.000Z", "first_observed": "2018-02-09T14:13:05Z", "last_observed": "2018-02-09T14:13:05Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-8e08-456a-95b3-44ca950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-8e08-456a-95b3-44ca950d210f", "value": "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-387c-4485-90b5-420b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:06.000Z", "modified": "2018-02-09T14:13:06.000Z", "first_observed": "2018-02-09T14:13:06Z", "last_observed": "2018-02-09T14:13:06Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-387c-4485-90b5-420b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-387c-4485-90b5-420b950d210f", "value": "https://www.welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:06.000Z", "modified": "2018-02-09T14:13:06.000Z", "first_observed": "2018-02-09T14:13:06Z", "last_observed": "2018-02-09T14:13:06Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f", "value": "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-1b60-43b2-88a3-4966950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:06.000Z", "modified": "2018-02-09T14:13:06.000Z", "first_observed": "2018-02-09T14:13:06Z", "last_observed": "2018-02-09T14:13:06Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-1b60-43b2-88a3-4966950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-1b60-43b2-88a3-4966950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-8dac-4932-9d31-40e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:07.000Z", "modified": "2018-02-09T14:13:07.000Z", "first_observed": "2018-02-09T14:13:07Z", "last_observed": "2018-02-09T14:13:07Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-8dac-4932-9d31-40e3950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-8dac-4932-9d31-40e3950d210f", "value": "https://objective-see.com/blog/blog_0x18.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-3130-4211-9d3e-47e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:07.000Z", "modified": "2018-02-09T14:13:07.000Z", "first_observed": "2018-02-09T14:13:07Z", "last_observed": "2018-02-09T14:13:07Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-3130-4211-9d3e-47e1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-3130-4211-9d3e-47e1950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a586a6f-d9c8-45d5-9a8d-4246950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:08.000Z", "modified": "2018-02-09T14:13:08.000Z", "first_observed": "2018-02-09T14:13:08Z", "last_observed": "2018-02-09T14:13:08Z", "number_observed": 1, "object_refs": [ "url--5a586a6f-d9c8-45d5-9a8d-4246950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a586a6f-d9c8-45d5-9a8d-4246950d210f", "value": "https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a586d3d-d860-4ac4-83d1-4457950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:08.000Z", "modified": "2018-02-09T14:13:08.000Z", "description": "command and control (C&C) servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '99.153.29.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a586d3d-d274-479d-83c9-4b8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:08.000Z", "modified": "2018-02-09T14:13:08.000Z", "description": "command and control (C&C) servers", "pattern": "[domain-name:value = 'eidk.hopto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5870d4-b0a0-42b8-85d7-45c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T08:24:52.000Z", "modified": "2018-01-12T08:24:52.000Z", "pattern": "[file:hashes.SHA256 = '94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T08:24:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5870d4-673c-4b17-a384-46df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T08:24:52.000Z", "modified": "2018-01-12T08:24:52.000Z", "pattern": "[file:hashes.SHA256 = '694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T08:24:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5871a8-b690-4501-9bb8-43cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T08:28:24.000Z", "modified": "2018-01-12T08:28:24.000Z", "description": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "pattern": "[file:hashes.SHA256 = 'befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T08:28:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5874a6-93e4-40c1-bcad-405b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:09.000Z", "modified": "2018-02-09T14:13:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.188.230.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5874a6-5d4c-46e9-a090-4ec9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:09.000Z", "modified": "2018-02-09T14:13:09.000Z", "pattern": "[file:name = 'gro.otpoh.kdie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5874a6-0fbc-4bcd-b43b-4a09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:10.000Z", "modified": "2018-02-09T14:13:10.000Z", "pattern": "[file:name = 'gro.sndkcud.kdie']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5874a6-8290-4544-9472-4222950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:10.000Z", "modified": "2018-02-09T14:13:10.000Z", "pattern": "[domain-name:value = 'eidk.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587b98-1324-48ec-bc3e-4949950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:11.000Z", "modified": "2018-02-09T14:13:11.000Z", "pattern": "[file:name = 'checkadr.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587b98-616c-412d-9933-4c69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:11.000Z", "modified": "2018-02-09T14:13:11.000Z", "pattern": "[url:value = 'http://46.17.97.37/Servermac.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587b98-265c-4f10-91f4-4f9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:11.000Z", "modified": "2018-02-09T14:13:11.000Z", "pattern": "[file:name = 'eula-help.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587b98-3eec-4e65-b45e-4364950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:12.000Z", "modified": "2018-02-09T14:13:12.000Z", "pattern": "[url:value = 'http://192.168.3.217/DroperTest']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587b98-8cdc-4b4c-9072-4f66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:12.000Z", "modified": "2018-02-09T14:13:12.000Z", "pattern": "[file:name = 'appId.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587d0d-e7cc-4f45-8596-4575950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:12.000Z", "modified": "2018-02-09T14:13:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.17.97.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587d0d-7858-424b-aa19-4dc1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:13.000Z", "modified": "2018-02-09T14:13:13.000Z", "pattern": "[domain-name:value = 'officialswebsites.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587d0d-abc0-4374-9497-4376950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:13.000Z", "modified": "2018-02-09T14:13:13.000Z", "pattern": "[domain-name:value = 'utc.officialswebsites.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587f73-26fc-49f3-bb30-4c1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:14.000Z", "modified": "2018-02-09T14:13:14.000Z", "pattern": "[url:value = 'https://www.securitychecking.org:443/index.asp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588997-15ac-4228-967b-4a1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:10:31.000Z", "modified": "2018-01-12T10:10:31.000Z", "pattern": "[file:hashes.SHA256 = '128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:10:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588b7d-77b4-43bb-a98f-4df2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:14.000Z", "modified": "2018-02-09T14:13:14.000Z", "description": "command and control server", "pattern": "[domain-name:value = 'handbrake.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588b7d-78e4-451b-997f-45ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:14.000Z", "modified": "2018-02-09T14:13:14.000Z", "description": "command and control server", "pattern": "[domain-name:value = 'handbrakestore.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588b7d-1500-4e04-b20a-41e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:15.000Z", "modified": "2018-02-09T14:13:15.000Z", "description": "command and control server", "pattern": "[domain-name:value = 'handbrake.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588c8c-c138-4cc7-84b9-421a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:15.000Z", "modified": "2018-02-09T14:13:15.000Z", "description": "C2", "pattern": "[url:value = 'http://23.227.196.215/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588c8d-f950-4fc4-aa8a-4942950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:16.000Z", "modified": "2018-02-09T14:13:16.000Z", "description": "C2", "pattern": "[url:value = 'http://apple-iclods.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588c8d-2f50-4f57-bdeb-48bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:16.000Z", "modified": "2018-02-09T14:13:16.000Z", "description": "C2", "pattern": "[url:value = 'http://apple-checker.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588c8d-0c00-4303-b758-4d53950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:16.000Z", "modified": "2018-02-09T14:13:16.000Z", "description": "C2", "pattern": "[url:value = 'http://apple-uptoday.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588c8d-4ba8-4400-84dd-47e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:17.000Z", "modified": "2018-02-09T14:13:17.000Z", "description": "C2", "pattern": "[url:value = 'http://apple-search.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588cd4-2674-48e6-ba6d-4936950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:17.000Z", "modified": "2018-02-09T14:13:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.227.196.215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588cd4-296c-4c6b-b525-447d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:17.000Z", "modified": "2018-02-09T14:13:17.000Z", "pattern": "[domain-name:value = 'apple-iclods.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588cd4-0e2c-4f16-9612-4c46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:18.000Z", "modified": "2018-02-09T14:13:18.000Z", "pattern": "[domain-name:value = 'apple-checker.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588cd4-1bd4-4974-80cc-46b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:18.000Z", "modified": "2018-02-09T14:13:18.000Z", "pattern": "[domain-name:value = 'apple-uptoday.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588cd4-83a8-4070-85fe-4751950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:19.000Z", "modified": "2018-02-09T14:13:19.000Z", "pattern": "[domain-name:value = 'apple-search.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588cd4-dcc0-4d12-b524-4832950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:19.000Z", "modified": "2018-02-09T14:13:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.227.196.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588ce9-3f18-41de-a8f3-6247950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:24:41.000Z", "modified": "2018-01-12T10:24:41.000Z", "pattern": "[file:hashes.SHA256 = '2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:24:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588edc-55c8-4142-9d86-40aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:20.000Z", "modified": "2018-02-09T14:13:20.000Z", "description": "Proton C2 domain", "pattern": "[domain-name:value = 'eltima.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588efe-f068-422e-8209-4f30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:20.000Z", "modified": "2018-02-09T14:13:20.000Z", "description": "URL distributing the trojanized application at the time of discovery.", "pattern": "[url:value = 'https://mac.eltima.com/download/elmediaplayer.dmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588efe-b770-4240-918f-40d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:20.000Z", "modified": "2018-02-09T14:13:20.000Z", "description": "URL distributing the trojanized application at the time of discovery.", "pattern": "[url:value = 'http://www.elmedia-video-player.com/download/elmediaplayer.dmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588efe-6e7c-49fa-88b0-4926950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:21.000Z", "modified": "2018-02-09T14:13:21.000Z", "description": "URL distributing the trojanized application at the time of discovery.", "pattern": "[url:value = 'https://mac.eltima.com/download/downloader_mac.dmg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588fc0-2f8c-44e1-8bc0-4901950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:36:48.000Z", "modified": "2018-01-12T10:36:48.000Z", "description": "ZIP archive with the Proton malware and Python scripts", "pattern": "[file:hashes.SHA1 = '10a09c09fd5dd76202e308718a357abc7de291b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:36:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58923e-99bc-4f6e-871e-4f47950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:47:26.000Z", "modified": "2018-01-12T10:47:26.000Z", "description": "Launcher (or wrapper)", "pattern": "[file:hashes.SHA1 = '30d77908ac9d37c4c14d32ea3e0b8df4c7e75464']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:47:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58927b-3168-4cc8-8adb-45d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:48:27.000Z", "modified": "2018-01-12T10:48:27.000Z", "description": "Proton malware, not signed", "pattern": "[file:hashes.SHA1 = 'ef5a11a1bb5b2423554309688aa7947f4afa5388']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:48:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5892db-aadc-434f-b8d2-4545950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:21.000Z", "modified": "2018-02-09T14:13:21.000Z", "pattern": "[domain-name:value = 'symantecblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58b14a-6e58-4ce3-8c6d-408b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:22.000Z", "modified": "2018-02-09T14:13:22.000Z", "pattern": "[domain-name:value = 'apple-iclods.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58b167-75d4-4ae8-b97e-49b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:22.000Z", "modified": "2018-02-09T14:13:22.000Z", "pattern": "[url:value = 'http://23.227.196.215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58b167-8a0c-444d-b52f-4b59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:22.000Z", "modified": "2018-02-09T14:13:22.000Z", "pattern": "[url:value = 'http://apple-iclods.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58b167-c74c-41ef-9ae2-4f42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:23.000Z", "modified": "2018-02-09T14:13:23.000Z", "pattern": "[url:value = 'http://apple-checker.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58b167-1de8-4feb-a032-477d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:23.000Z", "modified": "2018-02-09T14:13:23.000Z", "pattern": "[url:value = 'http://apple-uptoday.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bd65-4eb8-43e1-9555-4f95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:51:33.000Z", "modified": "2018-01-12T13:51:33.000Z", "description": "Dok", "pattern": "[file:hashes.SHA256 = '3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:51:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bd65-ec78-4531-82ff-439a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:51:33.000Z", "modified": "2018-01-12T13:51:33.000Z", "description": "Dok", "pattern": "[file:hashes.SHA256 = 'cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:51:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bd65-b0bc-4851-8266-4e43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:51:33.000Z", "modified": "2018-01-12T13:51:33.000Z", "description": "Dok", "pattern": "[file:hashes.SHA256 = '4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:51:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bece-2560-4d95-bfdc-4996950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:57:34.000Z", "modified": "2018-01-12T13:57:34.000Z", "pattern": "[file:hashes.SHA256 = '7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:57:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58becf-33ac-4d37-bbee-4aaf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:57:35.000Z", "modified": "2018-01-12T13:57:35.000Z", "pattern": "[file:hashes.SHA256 = '4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:57:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bfe5-fcf4-4b2f-a229-4f94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:24.000Z", "modified": "2018-02-09T14:13:24.000Z", "pattern": "[file:name = '/Library/LaunchDaemons/com.adobe.update.plist']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bfe6-3008-4b03-90dc-41e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:24.000Z", "modified": "2018-02-09T14:13:24.000Z", "pattern": "[file:name = '/Library/Scripts/installd.sh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c0fb-5c08-4a71-94fc-4dcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:24.000Z", "modified": "2018-02-09T14:13:24.000Z", "pattern": "[domain-name:value = 'car-service.effers.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c0fb-3e30-4946-b9e9-449c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:25.000Z", "modified": "2018-02-09T14:13:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.87.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a586fc6-e0fc-4f06-b55a-46a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T08:20:22.000Z", "modified": "2018-01-12T08:20:22.000Z", "pattern": "[file:hashes.SHA256 = 'b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0' AND file:name = 'macsvc' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T08:20:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5870b4-5c68-4077-8cce-4138950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T08:24:20.000Z", "modified": "2018-01-12T08:24:20.000Z", "pattern": "[file:hashes.SHA256 = 'bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55' AND file:name = 'afpscan' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T08:24:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587b0f-b46c-4403-be5e-423d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:08:31.000Z", "modified": "2018-01-12T09:08:31.000Z", "pattern": "[file:hashes.SHA256 = '52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c' AND file:name = 'addone flashplayer.app.zip' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587cfc-3568-4d8d-bcc1-4920950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:16:44.000Z", "modified": "2018-01-12T09:16:44.000Z", "pattern": "[file:hashes.SHA256 = '7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7' AND file:name = 'Bitdefender Adware Removal Tool' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587e34-dc78-4406-897c-4cff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:21:56.000Z", "modified": "2018-01-12T09:21:56.000Z", "pattern": "[file:hashes.SHA256 = '07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d' AND file:name = 'U.S. Allies and Rivals Digest Trump\\'s Victory - Carnegie Endowment for International Peace.docm' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:21:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588039-c95c-4895-ad28-43ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:30:33.000Z", "modified": "2018-01-12T09:30:33.000Z", "pattern": "[domain-name:value = 'www.securitychecking.org' AND domain-name:resolves_to_refs[*].value = '185.22.174.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:30:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588e6f-c80c-4f1e-ab63-5fa4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:31:14.000Z", "modified": "2018-01-12T10:31:14.000Z", "pattern": "[file:hashes.SHA1 = '0603353852e174fc0337642e3957c7423f182a8c' AND file:x_misp_state = 'Harmless']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:31:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588e83-b4f8-44e1-8e4c-5f67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:31:34.000Z", "modified": "2018-01-12T10:31:34.000Z", "pattern": "[file:hashes.SHA1 = 'e9dcdae1406ab1132dc9d507fd63503e5c4d41d9' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:31:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588e93-5dfc-45e3-b6a4-4456950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:31:50.000Z", "modified": "2018-01-12T10:31:50.000Z", "pattern": "[file:hashes.SHA1 = '8cfa551d15320f0157ece3bdf30b1c62765a93a5' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588ea4-afa0-4611-bfb8-5f67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:32:07.000Z", "modified": "2018-01-12T10:32:07.000Z", "pattern": "[file:hashes.SHA1 = '0400b35d703d872adc64aa7ef914a260903998ca' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:32:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588f59-6d78-49a5-994d-47b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:35:08.000Z", "modified": "2018-01-12T10:35:08.000Z", "description": "ZIP archive with the Proton malware and Python scripts", "pattern": "[file:hashes.SHA1 = '9e5378165bb20e9a7f74a7fcc73b528f7b231a75' AND file:name = 'Elmedia Player.app/Contents/Resources/.pl.zip' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:35:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a589228-91e8-4b7e-a099-4ccd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:47:07.000Z", "modified": "2018-01-12T10:47:07.000Z", "description": "Launcher (or wrapper)", "pattern": "[file:hashes.SHA1 = 'c9472d791c076a10dce5ff0d3ab6e7706524b741' AND file:name = 'Elmedia Player.app/Contents/MacOS/Elmedia Player' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:47:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a589262-4dd4-4e98-8159-6247950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T10:48:05.000Z", "modified": "2018-01-12T10:48:05.000Z", "description": "Proton malware, not signed", "pattern": "[file:hashes.SHA1 = '3ef34e2581937babd2b7ce63ab1d92cd9440181a' AND file:name = 'Updater.app/Contents/MacOS/Updater' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T10:48:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bada-0930-472d-8af6-4307950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:40:45.000Z", "modified": "2018-01-12T13:40:45.000Z", "description": "ZIP of App bundle", "pattern": "[file:hashes.SHA1 = '1b7380d283ceebcabb683464ba0bb6dd73d6e886' AND file:name = 'Office 2016 Patcher.zip' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:40:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bcda-a8f8-43a6-acb8-4fbc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:49:17.000Z", "modified": "2018-01-12T13:49:17.000Z", "description": "ZIP of App bundle", "pattern": "[file:hashes.SHA1 = 'a91a529f89b1ab8792c345f823e101b55d656a08' AND file:name = 'Adobe Premiere Pro CC 2017 Patcher.zip' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:49:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bcf9-4efc-4891-99c0-4a32950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:49:48.000Z", "modified": "2018-01-12T13:49:48.000Z", "description": "Mach-O", "pattern": "[file:hashes.SHA1 = 'e55fe159e6e3a8459e9363401fcc864335fee321' AND file:name = 'Office 2016 Patcher' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:49:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58bd15-e480-4b26-b998-45da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T13:50:16.000Z", "modified": "2018-01-12T13:50:16.000Z", "description": "Mach-O", "pattern": "[file:hashes.SHA1 = '3820b23c1057f8c3522c47737f25183a3c15e4db' AND file:name = 'Adobe Premiere Pro CC 2017 Patcher' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T13:50:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c01c-b8f4-40e3-98cd-4936950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:03:08.000Z", "modified": "2018-01-12T14:03:08.000Z", "pattern": "[file:hashes.SHA256 = 'b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea' AND file:name = 'Install Adobe Flash Player.app.zip' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:03:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c036-a548-4862-a538-446a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:03:34.000Z", "modified": "2018-01-12T14:03:34.000Z", "pattern": "[file:hashes.SHA256 = '5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060' AND file:name = 'Install' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:03:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c050-7084-4c75-9670-400a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:04:00.000Z", "modified": "2018-01-12T14:04:00.000Z", "pattern": "[file:hashes.SHA256 = '0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9' AND file:name = 'install.sh' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:04:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c075-f7d4-4c8b-8e4b-4bb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:04:37.000Z", "modified": "2018-01-12T14:04:37.000Z", "pattern": "[file:hashes.SHA256 = '7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30' AND file:name = 'Install Adobe Flash Player' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:04:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c093-809c-40dc-b89c-4465950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:05:07.000Z", "modified": "2018-01-12T14:05:07.000Z", "pattern": "[file:hashes.SHA256 = 'd5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2' AND file:name = 'Installdp' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:05:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c0ae-c4dc-4e61-adac-4746950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:05:34.000Z", "modified": "2018-01-12T14:05:34.000Z", "pattern": "[file:hashes.SHA256 = 'b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0' AND file:name = 'com.adobe.update' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:05:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c0c3-26d0-4a90-8753-4cf7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:05:55.000Z", "modified": "2018-01-12T14:05:55.000Z", "pattern": "[file:hashes.SHA256 = '6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506' AND file:name = 'installd.sh' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:05:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a58c0d9-822c-4fc7-96ad-4dbc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:06:17.000Z", "modified": "2018-01-12T14:06:17.000Z", "pattern": "[file:hashes.SHA256 = '92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387' AND file:name = 'queue' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:06:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a0ee044-7122-498a-9723-2e6a34cfe282", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "pattern": "[file:hashes.MD5 = '766f058837b08f890bb97198c21b6cc1' AND file:hashes.SHA1 = 'a91a529f89b1ab8792c345f823e101b55d656a08' AND file:hashes.SHA256 = 'c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:32.000Z", "modified": "2018-01-12T14:07:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/", "category": "External analysis", "uuid": "5a58c124-f528-425a-945d-401002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Other", "uuid": "5a58c124-1cd0-4c4d-8d7c-4db102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-08-02T19:52:45", "category": "Other", "uuid": "5a58c124-83a4-409a-93a3-474702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd355e08-3cf3-4834-aff2-942c4d631ef8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "pattern": "[file:hashes.MD5 = '29fb77664fc4f13ea5f65cfe01b292af' AND file:hashes.SHA1 = '8cfa551d15320f0157ece3bdf30b1c62765a93a5' AND file:hashes.SHA256 = 'c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d553ed19-0a19-4bff-a1cb-29a2174a1504", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:32.000Z", "modified": "2018-01-12T14:07:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1508668992/", "category": "External analysis", "uuid": "5a58c124-4378-4212-99ee-435c02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/58", "category": "Other", "uuid": "5a58c124-bc04-4d71-89f6-4c7c02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-22T10:43:12", "category": "Other", "uuid": "5a58c125-baf8-4e35-93df-4ada02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--607b7d37-5391-4828-9785-747ca987e6d0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "pattern": "[file:hashes.MD5 = 'ff44372fce42ffe13222e7237d4cdef1' AND file:hashes.SHA1 = 'ef5a11a1bb5b2423554309688aa7947f4afa5388' AND file:hashes.SHA256 = '061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c962297e-54fe-479d-bc30-24c2e4425ad9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:33.000Z", "modified": "2018-01-12T14:07:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7/analysis/1511177323/", "category": "External analysis", "comment": "Proton malware, not signed", "uuid": "5a58c125-5db4-4da5-9a07-4a9902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/58", "category": "Other", "comment": "Proton malware, not signed", "uuid": "5a58c125-b6dc-4beb-bc75-4e4002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T11:28:43", "category": "Other", "comment": "Proton malware, not signed", "uuid": "5a58c125-9158-43b5-9839-45a602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--845b2d47-0368-4a40-91d0-479d97eacda4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "pattern": "[file:hashes.MD5 = 'c7a2a5c0fbe4df3afd9dbedecf8321da' AND file:hashes.SHA1 = 'e9dcdae1406ab1132dc9d507fd63503e5c4d41d9' AND file:hashes.SHA256 = 'b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--22650c01-93d0-43cb-9b39-9e6b3db474eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:33.000Z", "modified": "2018-01-12T14:07:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/", "category": "External analysis", "uuid": "5a58c125-7bfc-4172-995d-492d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/59", "category": "Other", "uuid": "5a58c125-bbcc-43e0-b20b-485102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T09:02:17", "category": "Other", "uuid": "5a58c125-579c-4620-a593-4efc02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8cb5ebee-fcb0-4f05-a707-708b1eaddd59", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "pattern": "[file:hashes.MD5 = '0ca749b61c7e76e6ec07c33aab01aab3' AND file:hashes.SHA1 = '9e5378165bb20e9a7f74a7fcc73b528f7b231a75' AND file:hashes.SHA256 = '553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9f51aaa1-7f34-4b9a-b4a4-34413e3295e3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:33.000Z", "modified": "2018-01-12T14:07:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/", "category": "External analysis", "uuid": "5a58c125-2dd4-4e08-a8eb-40ac02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/60", "category": "Other", "uuid": "5a58c125-e1e0-4a1d-a360-460d02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T19:44:34", "category": "Other", "uuid": "5a58c125-06bc-43be-aab6-4d6d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "pattern": "[file:hashes.MD5 = '9f5013e080d628a35ba190621e0998c2' AND file:hashes.SHA1 = '3ef34e2581937babd2b7ce63ab1d92cd9440181a' AND file:hashes.SHA256 = 'cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--21ee3580-cfc9-41d7-99c2-00615d045962", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:33.000Z", "modified": "2018-01-12T14:07:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/", "category": "External analysis", "uuid": "5a58c125-56c4-4949-b3c5-416f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/59", "category": "Other", "uuid": "5a58c125-c294-4611-8b13-42e002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T11:45:55", "category": "Other", "uuid": "5a58c125-8914-456b-b452-404802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "pattern": "[file:hashes.MD5 = '5f145ed27ec88add379676729cbad15f' AND file:hashes.SHA1 = '10a09c09fd5dd76202e308718a357abc7de291b5' AND file:hashes.SHA256 = '2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--eb9962e1-8c34-45bf-b7be-9ce7bc3fec07", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:34.000Z", "modified": "2018-01-12T14:07:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7/analysis/1511434500/", "category": "External analysis", "comment": "ZIP archive with the Proton malware and Python scripts", "uuid": "5a58c126-08b0-47d4-b924-4cf202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/60", "category": "Other", "comment": "ZIP archive with the Proton malware and Python scripts", "uuid": "5a58c126-dac8-4d6e-9d75-48a902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-23T10:55:00", "category": "Other", "comment": "ZIP archive with the Proton malware and Python scripts", "uuid": "5a58c126-4d14-42b2-9895-4fb802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a10445d8-f9e8-485b-8d4a-167ce8bea45d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "pattern": "[file:hashes.MD5 = '20f20918149fa3a972a87b3364248772' AND file:hashes.SHA1 = '3820b23c1057f8c3522c47737f25183a3c15e4db' AND file:hashes.SHA256 = 'c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cb259893-8a4b-4847-b19a-50a9bb705885", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:34.000Z", "modified": "2018-01-12T14:07:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/", "category": "External analysis", "uuid": "5a58c126-08ac-404d-a0ae-4ea102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/59", "category": "Other", "uuid": "5a58c126-aa14-43ec-87e2-482702de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-03T00:09:00", "category": "Other", "uuid": "5a58c126-0764-4002-afca-4c5c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f41bbf4c-5ca3-4e62-af09-e1a9145ee05e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "pattern": "[file:hashes.MD5 = '1b8be665af7729618d70bad773aac423' AND file:hashes.SHA1 = '1b7380d283ceebcabb683464ba0bb6dd73d6e886' AND file:hashes.SHA256 = 'd19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf3e1c52-bd79-4344-beed-865e505b5210", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:34.000Z", "modified": "2018-01-12T14:07:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/", "category": "External analysis", "uuid": "5a58c126-33a8-4741-976e-440402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/60", "category": "Other", "uuid": "5a58c126-c5f0-4350-a0c0-47d602de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-23T22:37:07", "category": "Other", "uuid": "5a58c126-9664-463a-bb7a-46e102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44885bf0-1f38-4d25-b9d9-80c3b47bed40", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "pattern": "[file:hashes.MD5 = 'cc3297083ad89cabfd58d251cbbe3ca9' AND file:hashes.SHA1 = 'c9472d791c076a10dce5ff0d3ab6e7706524b741' AND file:hashes.SHA256 = '2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e4dd2223-b1b9-40d2-b87b-9e819a6a68fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:34.000Z", "modified": "2018-01-12T14:07:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/", "category": "External analysis", "uuid": "5a58c126-b024-4447-a928-4c8c02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/60", "category": "Other", "uuid": "5a58c126-5fec-48c6-b0af-4df102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T11:30:10", "category": "Other", "uuid": "5a58c126-7388-4421-a4e6-4b7a02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf5df298-de3c-4398-9e6d-833e38d5c81f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "pattern": "[file:hashes.MD5 = '1a6f74f29c985259fe1f6c4821c51373' AND file:hashes.SHA1 = '0400b35d703d872adc64aa7ef914a260903998ca' AND file:hashes.SHA256 = '247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ddd10108-2f29-4846-bea0-1e80d1c62981", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:34.000Z", "modified": "2018-01-12T14:07:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/", "category": "External analysis", "uuid": "5a58c126-a598-4cee-b6d2-4cca02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Other", "uuid": "5a58c126-5fc4-4512-ac9a-47c602de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-10T19:20:36", "category": "Other", "uuid": "5a58c127-03d4-4cdd-afd4-466302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4451bac1-bdc3-4bbd-a01d-ec5902aea71d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "pattern": "[file:hashes.MD5 = 'ff80d97674e148687affd6a4e3ccf00a' AND file:hashes.SHA1 = '30d77908ac9d37c4c14d32ea3e0b8df4c7e75464' AND file:hashes.SHA256 = '4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3efc2992-b363-4793-87b3-5ec2032cdd31", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d/analysis/1511434515/", "category": "External analysis", "comment": "Launcher (or wrapper)", "uuid": "5a58c127-e140-45dd-9460-462d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/56", "category": "Other", "comment": "Launcher (or wrapper)", "uuid": "5a58c127-9e20-4ff5-860f-428b02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-23T10:55:15", "category": "Other", "comment": "Launcher (or wrapper)", "uuid": "5a58c127-f8f4-467f-9072-4c6602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9086285-81ea-4ede-b4d3-0c086cd67629", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "pattern": "[file:hashes.MD5 = 'fc22fbe8dda4258a9f0ceb7e15a04fc2' AND file:hashes.SHA1 = 'e55fe159e6e3a8459e9363401fcc864335fee321' AND file:hashes.SHA256 = '91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bb34db62-0780-4909-ad47-8d825362d6cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/", "category": "External analysis", "uuid": "5a58c127-bffc-4d77-a7b4-4ac202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/60", "category": "Other", "uuid": "5a58c127-35d0-41dd-9c8a-406402de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-03T00:09:01", "category": "Other", "uuid": "5a58c127-9b88-42e8-be0e-4a4602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49b4e424-a863-47c4-907c-e282e6e65df3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "pattern": "[file:hashes.MD5 = 'c411c46b480e84aae81abbe47c628dae' AND file:hashes.SHA1 = '0603353852e174fc0337642e3957c7423f182a8c' AND file:hashes.SHA256 = 'c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b5786be9-5a78-4df3-b021-1dec3dec8d55", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/", "category": "External analysis", "uuid": "5a58c127-cf20-45a3-8d13-409f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "4/59", "category": "Other", "uuid": "5a58c127-e0e8-456a-814b-41b902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-10T19:20:33", "category": "Other", "uuid": "5a58c127-a940-41c2-9e04-4bde02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c4fe5fd-d899-4e20-b4b5-e39398733757", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "pattern": "[file:hashes.MD5 = '2ee232b1a56f21bdd0b46ba0acd12a22' AND file:hashes.SHA1 = 'db3f0426f6e434555e6b6bb4053e508f74580387' AND file:hashes.SHA256 = 'cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4f4b9b57-b256-4d40-ae26-c8602137bfb6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7/analysis/1495101805/", "category": "External analysis", "comment": "Dok", "uuid": "5a58c127-a370-4e4c-ae0b-466b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/57", "category": "Other", "comment": "Dok", "uuid": "5a58c127-2fe0-4b75-9436-471902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-05-18T10:03:25", "category": "Other", "comment": "Dok", "uuid": "5a58c127-6b98-4802-9762-400802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a49ac8ee-df74-445f-9d00-eff900554eb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "pattern": "[file:hashes.MD5 = 'e8bdde90574d5bf285d9abb0c8a113a8' AND file:hashes.SHA1 = 'f5d3425482dc4f4f738277ff3ba315b496894899' AND file:hashes.SHA256 = '7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:35.000Z", "modified": "2018-01-12T14:07:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145/analysis/1494408249/", "category": "External analysis", "uuid": "5a58c128-10a0-4988-b743-418602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/57", "category": "Other", "uuid": "5a58c128-c720-4ebb-8203-472b02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-05-10T09:24:09", "category": "Other", "uuid": "5a58c128-a12c-4f6c-b6dc-469202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:39.000Z", "modified": "2018-01-12T14:07:39.000Z", "pattern": "[file:hashes.MD5 = '7bb4f5d962a5b3bb18db9ce08c0b6cbf' AND file:hashes.SHA1 = '66e520e18accd92abb4722a6cd6a285981ac5bd1' AND file:hashes.SHA256 = 'bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--84bccfef-2072-49f1-b605-8bca7e67be2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/", "category": "External analysis", "uuid": "5a58c128-1c0c-453e-afe1-432602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "5a58c128-2de0-4e78-9e87-4fb602de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:05:19", "category": "Other", "uuid": "5a58c128-f8f4-45ca-b414-404c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25d83980-fd95-481d-a330-6e969b0253eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:39.000Z", "modified": "2018-01-12T14:07:39.000Z", "pattern": "[file:hashes.MD5 = '473c6a0b2af67c241a29d87e7fd33634' AND file:hashes.SHA1 = 'fb4a50ae8a4a5e76a3f88935e4374d4287a53b7d' AND file:hashes.SHA256 = '4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0f57df59-7f2e-4538-ad44-9198ae1eb7e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7/analysis/1506371408/", "category": "External analysis", "comment": "Dok", "uuid": "5a58c128-5100-44bd-81b1-420602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Other", "comment": "Dok", "uuid": "5a58c128-ad88-447c-b50d-441802de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-09-25T20:30:08", "category": "Other", "comment": "Dok", "uuid": "5a58c128-3fb8-4d31-a6d9-432302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:39.000Z", "modified": "2018-01-12T14:07:39.000Z", "pattern": "[file:hashes.MD5 = '1de4838f13c49d9f959d04b363326ac1' AND file:hashes.SHA1 = '598ebb19bf9fbc17c0bf85ce4ece91fa061f74a6' AND file:hashes.SHA256 = '07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/", "category": "External analysis", "uuid": "5a58c128-94c8-4d37-8f35-48d702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/61", "category": "Other", "uuid": "5a58c128-8470-4abc-9828-48aa02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-14T08:08:18", "category": "Other", "uuid": "5a58c128-6f04-4358-81ca-4fe902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:39.000Z", "modified": "2018-01-12T14:07:39.000Z", "pattern": "[file:hashes.MD5 = '787d664e842961f2a335139407f91a70' AND file:hashes.SHA1 = 'a323168f95d1a1c65186888c6dd16cd2f9f8539a' AND file:hashes.SHA256 = '52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1de4ff44-ee71-4017-a208-7510bc2224ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/", "category": "External analysis", "uuid": "5a58c128-1f14-43ba-9f74-48d802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "5a58c128-ded4-439e-a6d2-48f302de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T09:51:58", "category": "Other", "uuid": "5a58c128-e378-46d6-915f-417602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:39.000Z", "modified": "2018-01-12T14:07:39.000Z", "pattern": "[file:hashes.MD5 = '9d9cca200dd0e5f9d59225131d5269b0' AND file:hashes.SHA1 = 'cd42b88569faa946a4b9d6f7408b958dcbcf7554' AND file:hashes.SHA256 = '83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76a37ccf-a61f-4466-b91b-dfb81cd4087d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:36.000Z", "modified": "2018-01-12T14:07:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/", "category": "External analysis", "uuid": "5a58c129-dd54-4313-8925-4f4f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Other", "uuid": "5a58c129-b444-48e8-a098-4cba02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:04:09", "category": "Other", "uuid": "5a58c129-b744-45c2-a5c1-47b202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:40.000Z", "modified": "2018-01-12T14:07:40.000Z", "pattern": "[file:hashes.MD5 = 'e4744b9f927dc8048a19dca15590660c' AND file:hashes.SHA1 = '18957d7549b4e296fcaeb122ff241d9799804fa3' AND file:hashes.SHA256 = 'ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1514646222/", "category": "External analysis", "uuid": "5a58c129-53f8-4fe7-80be-4cf002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/59", "category": "Other", "uuid": "5a58c129-237c-400c-930b-465f02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:03:42", "category": "Other", "uuid": "5a58c129-ab20-4015-aa35-474802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:40.000Z", "modified": "2018-01-12T14:07:40.000Z", "pattern": "[file:hashes.MD5 = 'f8e3c8e43593ecbd9b62f6e18c8d6474' AND file:hashes.SHA1 = '3c4904832392e70e415b0520d45ff7a1c93c2c4e' AND file:hashes.SHA256 = 'b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d7545769-a98f-47ac-89e1-9074f18b2266", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/", "category": "External analysis", "uuid": "5a58c129-c95c-4d21-b95c-428a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Other", "uuid": "5a58c129-fd44-44ab-91ab-43bb02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:05:06", "category": "Other", "uuid": "5a58c129-2424-40da-9197-49e602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c1cfefa-96a0-4099-a720-69b64d16fe5f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:40.000Z", "modified": "2018-01-12T14:07:40.000Z", "pattern": "[file:hashes.MD5 = '87a4bff26626ccf022bda7373241275c' AND file:hashes.SHA1 = '7cf55e0de9f191dc16a10de1e47fb25aa0a79856' AND file:hashes.SHA256 = '3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2beed4ba-5af8-427c-8270-b6a6456df65c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94/analysis/1501706972/", "category": "External analysis", "comment": "Dok", "uuid": "5a58c129-ae58-4973-8304-472102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/59", "category": "Other", "comment": "Dok", "uuid": "5a58c129-8524-49dd-a159-44ac02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-08-02T20:49:32", "category": "Other", "comment": "Dok", "uuid": "5a58c129-2d98-493d-a833-463902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9cb63957-a223-4016-bf62-7eac015b02a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:40.000Z", "modified": "2018-01-12T14:07:40.000Z", "pattern": "[file:hashes.MD5 = '72d4d364ed91dd9418d144a2db837a6d' AND file:hashes.SHA1 = '794bcba867307bdbd5f947f6c939eb4df1d2c9b8' AND file:hashes.SHA256 = 'befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--83cea96d-ea16-4220-b8d5-88ca68baf4d5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271/analysis/1514807982/", "category": "External analysis", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "uuid": "5a58c129-08e8-4d94-b754-49a702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/58", "category": "Other", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "uuid": "5a58c129-957c-4b15-a39b-487e02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-01T11:59:42", "category": "Other", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "uuid": "5a58c129-f0d8-4d88-a99c-437c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90395b9d-bff0-4af6-adaf-a864379542da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:40.000Z", "modified": "2018-01-12T14:07:40.000Z", "pattern": "[file:hashes.MD5 = 'f8e4cab429263406fbf11b41fd539839' AND file:hashes.SHA1 = '5b5a34dfc102f0c18b0b0e83c6fda431969e7957' AND file:hashes.SHA256 = '7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--494c3c26-d774-4f6a-aa08-5eba8f2211db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:37.000Z", "modified": "2018-01-12T14:07:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/", "category": "External analysis", "uuid": "5a58c129-9c80-42c7-9549-46a102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/56", "category": "Other", "uuid": "5a58c129-9440-40d5-b718-4ec402de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-07-11T10:45:12", "category": "Other", "uuid": "5a58c12a-cb2c-48d7-9fbb-4fa102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41a354b8-fbc4-48fc-8976-bd9a3593a07c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:41.000Z", "modified": "2018-01-12T14:07:41.000Z", "pattern": "[file:hashes.MD5 = '14c1cd9c5f263d5ba988838e0c3e3cf6' AND file:hashes.SHA1 = 'd9685bea995e57ae89d10122cb76022554179ff7' AND file:hashes.SHA256 = '4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--77040fb6-0d6c-459f-986f-92b37cffe118", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5/analysis/1512340695/", "category": "External analysis", "uuid": "5a58c12a-f260-4da2-ac1a-4cc602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/59", "category": "Other", "uuid": "5a58c12a-3350-4b41-a95a-431c02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-03T22:38:15", "category": "Other", "uuid": "5a58c12a-2a2c-4aeb-b525-4b6b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--480e2ec8-94b2-4682-a591-c2e86c390ead", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:41.000Z", "modified": "2018-01-12T14:07:41.000Z", "pattern": "[file:hashes.MD5 = '3adf6025eb710f2bf1918ee2f116153d' AND file:hashes.SHA1 = '03ab5fdb40db260dbc35aadba202e920e57eb348' AND file:hashes.SHA256 = '94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e6e5e5d4-0dc1-4dca-a921-aa923f455fcf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647/analysis/1507843547/", "category": "External analysis", "uuid": "5a58c12a-1c30-410f-85d5-417502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/64", "category": "Other", "uuid": "5a58c12a-59d4-44b7-bc9d-484b02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-12T21:25:47", "category": "Other", "uuid": "5a58c12a-ec04-4bff-b537-48b002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74bef4c3-487c-4941-b138-c8c0e3413b50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:41.000Z", "modified": "2018-01-12T14:07:41.000Z", "pattern": "[file:hashes.MD5 = '4fe4b9560e99e33dabca553e2eeee510' AND file:hashes.SHA1 = '70a1c4ed3a09a44a41d54c4fd4b409a5fc3159f6' AND file:hashes.SHA256 = '2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--78a04ae2-f33b-4b5a-b0ad-64f842d70385", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea/analysis/1513289308/", "category": "External analysis", "uuid": "5a58c12a-58c8-4f7f-98bf-402b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/59", "category": "Other", "uuid": "5a58c12a-9834-4b50-8cae-4e8902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-14T22:08:28", "category": "Other", "uuid": "5a58c12a-1c8c-4b5e-bde2-4e1d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f840571-741e-4096-92d6-78e58c49109c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:41.000Z", "modified": "2018-01-12T14:07:41.000Z", "pattern": "[file:hashes.MD5 = 'd4a14a1516d5ec9452a29de24ba85d0e' AND file:hashes.SHA1 = '1e493ebde7fa77d5ae503aa7758fac87d11da116' AND file:hashes.SHA256 = '694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T14:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--268e55cb-3597-4e16-8007-a8b36cf61376", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T14:07:38.000Z", "modified": "2018-01-12T14:07:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26/analysis/1490814542/", "category": "External analysis", "uuid": "5a58c12a-c3cc-4fbb-a5e8-471102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/61", "category": "Other", "uuid": "5a58c12a-004c-4834-bc4d-4d1f02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-03-29T19:09:02", "category": "Other", "uuid": "5a58c12a-eb88-4d06-b8f2-418c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--10efb953-d0cc-4219-8b64-fd1aea48048d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:25.000Z", "modified": "2018-02-09T14:13:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/", "category": "External analysis", "uuid": "5a7dac85-b2ac-41f6-b740-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/60", "category": "Other", "uuid": "5a7dac86-9a60-4639-8728-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-03T00:09:01", "category": "Other", "uuid": "5a7dac86-78c8-4dde-995a-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e72fba22-ef47-4486-b345-e02af2e3f2ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:27.000Z", "modified": "2018-02-09T14:13:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/", "category": "External analysis", "uuid": "5a7dac87-ab30-4a0f-a272-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Other", "uuid": "5a7dac87-37d0-4aea-8fc1-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-08-02T19:52:45", "category": "Other", "uuid": "5a7dac88-374c-486c-b8e4-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c484d968-23eb-42f0-95b4-c646ff1c4a46", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:28.000Z", "modified": "2018-02-09T14:13:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/", "category": "External analysis", "uuid": "5a7dac88-529c-43c9-b17f-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "4/59", "category": "Other", "uuid": "5a7dac89-ebc8-432d-b5c8-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-10T19:20:33", "category": "Other", "uuid": "5a7dac89-c4f4-428d-8287-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--672456f3-351d-4587-8114-0c562fcb6082", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:29.000Z", "modified": "2018-02-09T14:13:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1517291247/", "category": "External analysis", "uuid": "5a7dac89-a63c-4489-a367-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/57", "category": "Other", "uuid": "5a7dac8a-7ff8-48e9-a679-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-30T05:47:27", "category": "Other", "uuid": "5a7dac8a-4064-4004-8980-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a643b2e6-13d0-4844-bb44-3708ee4f1430", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:31.000Z", "modified": "2018-02-09T14:13:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/", "category": "External analysis", "uuid": "5a7dac8b-8cf8-4255-86ff-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/59", "category": "Other", "uuid": "5a7dac8b-c124-442a-a439-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-03T00:09:00", "category": "Other", "uuid": "5a7dac8c-5b90-4234-b8fd-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cde25116-2c43-45fe-90a9-9d17cf9e4e7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:32.000Z", "modified": "2018-02-09T14:13:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/", "category": "External analysis", "uuid": "5a7dac8c-323c-403a-9a56-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/60", "category": "Other", "uuid": "5a7dac8d-d7f8-4a96-95f5-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T11:30:10", "category": "Other", "uuid": "5a7dac8d-725c-499e-b7f4-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a41b07c7-d703-4a24-95e3-7d4c50770c9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:33.000Z", "modified": "2018-02-09T14:13:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/", "category": "External analysis", "uuid": "5a7dac8e-07e0-4c33-9b6a-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Other", "uuid": "5a7dac8e-a368-417b-b760-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-10T19:20:36", "category": "Other", "uuid": "5a7dac8e-33c8-46cf-a13e-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e71d92c3-fb0b-4408-95c7-c3afe71baae7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:35.000Z", "modified": "2018-02-09T14:13:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/", "category": "External analysis", "uuid": "5a7dac8f-7b34-4b78-8bd4-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/59", "category": "Other", "uuid": "5a7dac8f-f828-45bf-b4df-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T11:45:55", "category": "Other", "uuid": "5a7dac90-3068-4807-84b7-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:36.000Z", "modified": "2018-02-09T14:13:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/", "category": "External analysis", "uuid": "5a7dac90-6f48-4a9e-8db0-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/60", "category": "Other", "uuid": "5a7dac91-22a8-49a5-b55b-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-23T22:37:07", "category": "Other", "uuid": "5a7dac91-2880-45a8-aa36-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--77a6bb0a-b55e-4b33-ae86-c7ae2004d914", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:37.000Z", "modified": "2018-02-09T14:13:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/", "category": "External analysis", "uuid": "5a7dac91-e6a4-4c17-a91f-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/60", "category": "Other", "uuid": "5a7dac92-6310-4a33-b91a-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T19:44:34", "category": "Other", "uuid": "5a7dac92-e444-4b6d-9955-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c54a631e-db6e-4cc7-856d-07a974bfc25a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:39.000Z", "modified": "2018-02-09T14:13:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/", "category": "External analysis", "uuid": "5a7dac93-7824-4f8e-bd52-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/59", "category": "Other", "uuid": "5a7dac93-360c-40e2-84e1-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T09:02:17", "category": "Other", "uuid": "5a7dac94-b604-42a2-b52f-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0840973f-94a7-411c-9c35-bebd86da7b47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:40.000Z", "modified": "2018-02-09T14:13:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/", "category": "External analysis", "uuid": "5a7dac94-0788-4ac3-b2cd-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/61", "category": "Other", "uuid": "5a7dac95-d758-489d-8de5-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-14T08:08:18", "category": "Other", "uuid": "5a7dac95-1268-470f-b2e9-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7e1bd57e-b8fe-46ce-acd5-c763793f28c5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:42.000Z", "modified": "2018-02-09T14:13:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/", "category": "External analysis", "uuid": "5a7dac96-fa78-4f88-9729-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/56", "category": "Other", "uuid": "5a7dac96-a828-424a-9fa2-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-07-11T10:45:12", "category": "Other", "uuid": "5a7dac96-5e3c-4566-9d7f-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--01b8d2c8-326f-4555-a514-65bbf934d953", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:43.000Z", "modified": "2018-02-09T14:13:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/", "category": "External analysis", "uuid": "5a7dac97-3a78-48c9-8423-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "5a7dac98-7c80-4d0c-8310-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T09:51:58", "category": "Other", "uuid": "5a7dac98-e9a4-4565-a4ea-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2835626e-b913-4889-a9d9-fdbe227feadb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:47.000Z", "modified": "2018-02-09T14:13:47.000Z", "pattern": "[file:hashes.MD5 = '77b4ffe73491d534946d010bfca138f7' AND file:hashes.SHA1 = 'd20482372f9e63a54854d639cc79d0b65bc8382b' AND file:hashes.SHA256 = 'b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a28ef769-5398-4eb7-9b00-fab900d14c43", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:46.000Z", "modified": "2018-02-09T14:13:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea/analysis/1511755782/", "category": "External analysis", "uuid": "5a7dac9a-7b60-4984-bad7-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/57", "category": "Other", "uuid": "5a7dac9a-0944-420b-9074-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-27T04:09:42", "category": "Other", "uuid": "5a7dac9b-1724-4270-8e32-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c2bd08b-1259-4095-9c9e-3b74506b1585", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:47.000Z", "modified": "2018-02-09T14:13:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/", "category": "External analysis", "uuid": "5a7dac9b-b914-4fe7-b2a2-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Other", "uuid": "5a7dac9c-3468-45b3-94be-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:04:09", "category": "Other", "uuid": "5a7dac9c-a888-46c1-9692-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--85b2b880-d3e8-4dea-bea6-10c2a491856b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:48.000Z", "modified": "2018-02-09T14:13:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/", "category": "External analysis", "uuid": "5a7dac9d-c880-4055-b1d5-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "5a7dac9d-8c18-4c2f-9d02-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:05:19", "category": "Other", "uuid": "5a7dac9d-11f0-4b60-9bfe-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb3000f4-1ebc-42d4-8e4a-2275d659efe6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:53.000Z", "modified": "2018-02-09T14:13:53.000Z", "pattern": "[file:hashes.MD5 = 'f48ee47a79d5da606e9eff0401971075' AND file:hashes.SHA1 = '087aa8d2fcfffa85707214928d9f4ca16e8af5ac' AND file:hashes.SHA256 = '6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5cbeb48f-30a6-478a-bea9-9928524630c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:51.000Z", "modified": "2018-02-09T14:13:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506/analysis/1494501354/", "category": "External analysis", "uuid": "5a7dac9f-46b8-4185-b9a5-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/56", "category": "Other", "uuid": "5a7daca0-fca0-44dc-8b88-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-05-11T11:15:54", "category": "Other", "uuid": "5a7daca0-6900-4a96-b16b-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f53a44f1-158b-4212-bc9e-8e257362a32c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:56.000Z", "modified": "2018-02-09T14:13:56.000Z", "pattern": "[file:hashes.MD5 = '5e996bcbb6f15d345a4a59758dc4d75f' AND file:hashes.SHA1 = '73994f62dfac62e32968abeb5206043464eb4792' AND file:hashes.SHA256 = '92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3bd1c560-3b57-4248-b95c-72723eebd90c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:54.000Z", "modified": "2018-02-09T14:13:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387/analysis/1517417420/", "category": "External analysis", "uuid": "5a7daca2-3940-4dc5-992d-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/57", "category": "Other", "uuid": "5a7daca3-b854-4cf7-92a4-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-31T16:50:20", "category": "Other", "uuid": "5a7daca3-0674-4c54-904f-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--edc8ba48-d186-4b7f-a8e4-54fdfee91503", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:58.000Z", "modified": "2018-02-09T14:13:58.000Z", "pattern": "[file:hashes.MD5 = '3a5fc199189cf39ec58ec6fb2c3c7d93' AND file:hashes.SHA1 = 'd972e12685591b71432faaf70c71ced4b6e522a0' AND file:hashes.SHA256 = '7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:13:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cf7832e0-5495-4a89-95df-cb4dd915842e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:57.000Z", "modified": "2018-02-09T14:13:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30/analysis/1518176286/", "category": "External analysis", "uuid": "5a7daca5-a77c-46db-a274-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/59", "category": "Other", "uuid": "5a7daca5-aafc-4d39-ba71-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-09T11:38:06", "category": "Other", "uuid": "5a7daca6-e190-46bd-88c9-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8e43169-3421-43af-8b25-be605a3ea859", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:01.000Z", "modified": "2018-02-09T14:14:01.000Z", "pattern": "[file:hashes.MD5 = '6c74ff2cc39b5362ee5dec576ece211b' AND file:hashes.SHA1 = 'a201f1760ca4f99dff682a4e5c656f149f5d8e7c' AND file:hashes.SHA256 = '5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2e77adf4-a30d-4dcf-9fcd-9a263b1971c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:13:59.000Z", "modified": "2018-02-09T14:13:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060/analysis/1511748584/", "category": "External analysis", "uuid": "5a7daca7-2690-4c19-9ad1-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/57", "category": "Other", "uuid": "5a7daca8-efc0-48bf-82c4-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-27T02:09:44", "category": "Other", "uuid": "5a7daca8-f524-4e70-83ce-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--770417f7-66d8-4c14-a590-25829420ef72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:04.000Z", "modified": "2018-02-09T14:14:04.000Z", "pattern": "[file:hashes.MD5 = 'a90379e02cf9b66c3863131730a4b099' AND file:hashes.SHA1 = '26f1dc4618b87b52ff1c5e27a5ba260d5f034a0f' AND file:hashes.SHA256 = '0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:14:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d250cbbd-0387-4477-9487-647ba7f369ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:02.000Z", "modified": "2018-02-09T14:14:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9/analysis/1493992385/", "category": "External analysis", "uuid": "5a7dacaa-53c0-407f-a48e-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "17/56", "category": "Other", "uuid": "5a7dacab-a424-4aaf-8a77-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-05-05T13:53:05", "category": "Other", "uuid": "5a7dacab-3264-4ca4-aaa3-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18939e64-0afb-4ae4-8995-189b92423b98", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:06.000Z", "modified": "2018-02-09T14:14:06.000Z", "pattern": "[file:hashes.MD5 = '000e4225f382f9eee675dcaf3cbf9c7e' AND file:hashes.SHA1 = '0a0ae94f92a50937d920bf02dd26b477c840a915' AND file:hashes.SHA256 = 'd5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--55b685d6-7fdc-4538-b113-d253384b213a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:05.000Z", "modified": "2018-02-09T14:14:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2/analysis/1503971137/", "category": "External analysis", "uuid": "5a7dacad-3ff4-46ee-b49a-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Other", "uuid": "5a7dacad-5b28-4055-9bec-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-08-29T01:45:37", "category": "Other", "uuid": "5a7dacae-2d68-4151-bd0e-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e5e57871-79b1-4440-95b3-49bc62c724e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:06.000Z", "modified": "2018-02-09T14:14:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1515766221/", "category": "External analysis", "uuid": "5a7dacae-4ec8-4dc8-aec5-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/59", "category": "Other", "uuid": "5a7dacaf-824c-45b4-8c23-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-12T14:10:21", "category": "Other", "uuid": "5a7dacaf-84f0-4857-9453-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d7a2d17-30f8-46c6-aa2c-c99caf8b8208", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:10.000Z", "modified": "2018-02-09T14:14:10.000Z", "pattern": "[file:hashes.MD5 = 'a79ac543b0836b53a3623e0b4cb6a6f7' AND file:hashes.SHA1 = 'd6a09a1c2964b228143092e200d17531a8aefc9d' AND file:hashes.SHA256 = 'b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:14:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ece0181f-f705-463f-bea6-08263cc535ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:09.000Z", "modified": "2018-02-09T14:14:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0/analysis/1494500661/", "category": "External analysis", "uuid": "5a7dacb1-a620-4047-a010-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/56", "category": "Other", "uuid": "5a7dacb1-d0d4-4978-a631-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-05-11T11:04:21", "category": "Other", "uuid": "5a7dacb2-ccc8-449d-9e9c-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87463bc1-9173-4071-827c-db9c3d3396bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:13.000Z", "modified": "2018-02-09T14:14:13.000Z", "pattern": "[file:hashes.MD5 = '5b3e0b74cdb0622074fd997af51161dd' AND file:hashes.SHA1 = 'af9b9164d6f3616bf31fb98acf8a0cb72c312774' AND file:hashes.SHA256 = '128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-09T14:14:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f31cc4ab-1875-4f2d-87c9-04b8673ddbe8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:11.000Z", "modified": "2018-02-09T14:14:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe/analysis/1517416889/", "category": "External analysis", "uuid": "5a7dacb4-7fc8-40bd-929a-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/56", "category": "Other", "uuid": "5a7dacb4-0fc8-43af-a265-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-31T16:41:29", "category": "Other", "uuid": "5a7dacb4-9a34-49d6-992c-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-09T14:14:13.000Z", "modified": "2018-02-09T14:14:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/", "category": "External analysis", "uuid": "5a7dacb5-5a14-45a2-8173-7f0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Other", "uuid": "5a7dacb5-5968-4307-821f-7f0002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-30T15:05:06", "category": "Other", "uuid": "5a7dacb6-050c-4529-bf24-7f0002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54bc5a55-f8ec-43e3-9533-25419525af82", "created": "2018-02-16T09:00:03.000Z", "modified": "2018-02-16T09:00:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a588e6f-c80c-4f1e-ab63-5fa4950d210f", "target_ref": "x-misp-object--c484d968-23eb-42f0-95b4-c646ff1c4a46" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8869555c-13cd-450a-b6db-32dd8d268229", "created": "2018-02-16T09:00:03.000Z", "modified": "2018-02-16T09:00:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a588e83-b4f8-44e1-8e4c-5f67950d210f", "target_ref": "x-misp-object--c54a631e-db6e-4cc7-856d-07a974bfc25a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b7e0564-4e54-48d9-8457-0adbb50b0038", "created": "2018-02-16T09:00:03.000Z", "modified": "2018-02-16T09:00:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a588e93-5dfc-45e3-b6a4-4456950d210f", "target_ref": "x-misp-object--672456f3-351d-4587-8114-0c562fcb6082" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bb1c21d1-4a8d-454d-9435-78373f432dbf", "created": "2018-02-16T09:00:03.000Z", "modified": "2018-02-16T09:00:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a588ea4-afa0-4611-bfb8-5f67950d210f", "target_ref": "x-misp-object--a41b07c7-d703-4a24-95e3-7d4c50770c9b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c4be757-be11-4134-a1a1-f1b08d0ef39b", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a588f59-6d78-49a5-994d-47b5950d210f", "target_ref": "x-misp-object--77a6bb0a-b55e-4b33-ae86-c7ae2004d914" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e1aaba0e-7e5d-40e7-8a4d-1a124f0e3cf7", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a589228-91e8-4b7e-a099-4ccd950d210f", "target_ref": "x-misp-object--cde25116-2c43-45fe-90a9-9d17cf9e4e7c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0bb206a-e5e9-40f6-a2e4-0c67a8727ab6", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a589262-4dd4-4e98-8159-6247950d210f", "target_ref": "x-misp-object--e71d92c3-fb0b-4408-95c7-c3afe71baae7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fd6643d2-7136-4798-ba1a-62bee2cc3bcd", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a58bada-0930-472d-8af6-4307950d210f", "target_ref": "x-misp-object--5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7027089c-f606-434d-abbb-13009b2a959e", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a58bcda-a8f8-43a6-acb8-4fbc950d210f", "target_ref": "x-misp-object--e72fba22-ef47-4486-b345-e02af2e3f2ba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c956c0d6-65be-49f0-970c-45e5489668b1", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a58bcf9-4efc-4891-99c0-4a32950d210f", "target_ref": "x-misp-object--10efb953-d0cc-4219-8b64-fd1aea48048d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec39048d-4c37-4c94-a13e-9ba28496bb18", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a58bd15-e480-4b26-b998-45da950d210f", "target_ref": "x-misp-object--a643b2e6-13d0-4844-bb44-3708ee4f1430" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b2769580-bf1d-4f0f-a527-c4b7f9fa8274", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1a0ee044-7122-498a-9723-2e6a34cfe282", "target_ref": "x-misp-object--2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62594d80-f3a5-4424-9841-9e136a30f8cd", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dd355e08-3cf3-4834-aff2-942c4d631ef8", "target_ref": "x-misp-object--d553ed19-0a19-4bff-a1cb-29a2174a1504" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a49bac4-5dd3-4778-ba60-afe286bb7c2a", "created": "2018-02-16T09:00:04.000Z", "modified": "2018-02-16T09:00:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--607b7d37-5391-4828-9785-747ca987e6d0", "target_ref": "x-misp-object--c962297e-54fe-479d-bc30-24c2e4425ad9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--344f77fa-9cb6-4e1b-9c0b-a03c80626eb4", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--845b2d47-0368-4a40-91d0-479d97eacda4", "target_ref": "x-misp-object--22650c01-93d0-43cb-9b39-9e6b3db474eb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ead47b81-f8c9-42a5-b4f9-f757030f0439", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8cb5ebee-fcb0-4f05-a707-708b1eaddd59", "target_ref": "x-misp-object--9f51aaa1-7f34-4b9a-b4a4-34413e3295e3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e999ddf3-94f3-4005-bbed-69cca6e69d14", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b", "target_ref": "x-misp-object--21ee3580-cfc9-41d7-99c2-00615d045962" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--17030762-d59f-4cc9-b9ac-de7a7138cf39", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea", "target_ref": "x-misp-object--eb9962e1-8c34-45bf-b7be-9ce7bc3fec07" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77276007-35ae-4524-8598-86d43c67bb21", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a10445d8-f9e8-485b-8d4a-167ce8bea45d", "target_ref": "x-misp-object--cb259893-8a4b-4847-b19a-50a9bb705885" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--89563aad-d7b8-44ee-8006-ab7e75cbc952", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f41bbf4c-5ca3-4e62-af09-e1a9145ee05e", "target_ref": "x-misp-object--bf3e1c52-bd79-4344-beed-865e505b5210" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f42828f-0367-4e2d-82a7-bdd67a9a79a5", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--44885bf0-1f38-4d25-b9d9-80c3b47bed40", "target_ref": "x-misp-object--e4dd2223-b1b9-40d2-b87b-9e819a6a68fb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b44e642b-1908-4008-a91c-4a29576ff270", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bf5df298-de3c-4398-9e6d-833e38d5c81f", "target_ref": "x-misp-object--ddd10108-2f29-4846-bea0-1e80d1c62981" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a02847c-3c06-4532-82d7-d9cf452e754d", "created": "2018-02-16T09:00:05.000Z", "modified": "2018-02-16T09:00:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4451bac1-bdc3-4bbd-a01d-ec5902aea71d", "target_ref": "x-misp-object--3efc2992-b363-4793-87b3-5ec2032cdd31" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cef0f843-d0bc-42c9-99f9-b3ced9ae9f27", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9086285-81ea-4ede-b4d3-0c086cd67629", "target_ref": "x-misp-object--bb34db62-0780-4909-ad47-8d825362d6cf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e8bf86a-4a69-4067-b80e-aa0f65db0a07", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--49b4e424-a863-47c4-907c-e282e6e65df3", "target_ref": "x-misp-object--b5786be9-5a78-4df3-b021-1dec3dec8d55" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b1d9fd5-132c-4a3d-9fa8-074cd422844b", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c4fe5fd-d899-4e20-b4b5-e39398733757", "target_ref": "x-misp-object--4f4b9b57-b256-4d40-ae26-c8602137bfb6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67c8be50-935d-4da5-ae06-eb03d4758bd7", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a49ac8ee-df74-445f-9d00-eff900554eb8", "target_ref": "x-misp-object--d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52fdf65f-b21d-4c5c-bbf5-9be854c70c41", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2", "target_ref": "x-misp-object--84bccfef-2072-49f1-b605-8bca7e67be2f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--282d5e47-a4c5-4966-a84e-9da9f5f84b6a", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2", "target_ref": "x-misp-object--85b2b880-d3e8-4dea-bea6-10c2a491856b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--488eeb61-b2e6-438f-bf77-0edb0605958f", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--25d83980-fd95-481d-a330-6e969b0253eb", "target_ref": "x-misp-object--0f57df59-7f2e-4538-ad44-9198ae1eb7e7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7b8febb-ea95-4e7c-b0ca-4c9ca2504f46", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "target_ref": "x-misp-object--5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a613e9e4-b5ef-434b-938e-d466073f3983", "created": "2018-02-16T09:00:06.000Z", "modified": "2018-02-16T09:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "target_ref": "x-misp-object--0840973f-94a7-411c-9c35-bebd86da7b47" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a78e1ab4-10fb-4a61-9b52-adae428a215a", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3", "target_ref": "x-misp-object--1de4ff44-ee71-4017-a208-7510bc2224ab" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee5429f0-1c37-44db-95b6-b5a605ab226c", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3", "target_ref": "x-misp-object--01b8d2c8-326f-4555-a514-65bbf934d953" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28552773-3993-45d1-a32e-e033475e625d", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58", "target_ref": "x-misp-object--76a37ccf-a61f-4466-b91b-dfb81cd4087d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9da9e215-ea94-4f89-acac-7359ffd0cee0", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58", "target_ref": "x-misp-object--5c2bd08b-1259-4095-9c9e-3b74506b1585" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9dd9fa2-343f-412a-adfb-2564305cf5fd", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed", "target_ref": "x-misp-object--98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--286ca42c-d1a6-4a14-ab3e-75cce8c8272c", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed", "target_ref": "x-misp-object--e5e57871-79b1-4440-95b3-49bc62c724e5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1217e168-e947-4623-8279-e086c6c4fa33", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8", "target_ref": "x-misp-object--d7545769-a98f-47ac-89e1-9074f18b2266" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f391ec27-4d1f-47a9-ba9f-8b6a0733fa9a", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8", "target_ref": "x-misp-object--f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d788dee-d48b-44c9-99c6-7c5247f13b0b", "created": "2018-02-16T09:00:07.000Z", "modified": "2018-02-16T09:00:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2c1cfefa-96a0-4099-a720-69b64d16fe5f", "target_ref": "x-misp-object--2beed4ba-5af8-427c-8270-b6a6456df65c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45fee5d0-8830-4b42-a87f-3263851881ef", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9cb63957-a223-4016-bf62-7eac015b02a4", "target_ref": "x-misp-object--83cea96d-ea16-4220-b8d5-88ca68baf4d5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c7a2862-257a-4a01-b22a-e4a758e2fe75", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--90395b9d-bff0-4af6-adaf-a864379542da", "target_ref": "x-misp-object--494c3c26-d774-4f6a-aa08-5eba8f2211db" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4e4b3c7-e4c0-4a6b-ae39-fa51cf644023", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--90395b9d-bff0-4af6-adaf-a864379542da", "target_ref": "x-misp-object--7e1bd57e-b8fe-46ce-acd5-c763793f28c5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b2f2b0b7-03cb-4202-b155-9a6687ad8109", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--41a354b8-fbc4-48fc-8976-bd9a3593a07c", "target_ref": "x-misp-object--77040fb6-0d6c-459f-986f-92b37cffe118" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--525a1807-45bd-487a-b749-0be8f3c5d8a6", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--480e2ec8-94b2-4682-a591-c2e86c390ead", "target_ref": "x-misp-object--e6e5e5d4-0dc1-4dca-a921-aa923f455fcf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--296ffa2d-9532-45bc-8d05-d3780829251a", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--74bef4c3-487c-4941-b138-c8c0e3413b50", "target_ref": "x-misp-object--78a04ae2-f33b-4b5a-b0ad-64f842d70385" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5250e43-39c1-4d8b-bdbe-043b4d6e45b9", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1f840571-741e-4096-92d6-78e58c49109c", "target_ref": "x-misp-object--268e55cb-3597-4e16-8007-a8b36cf61376" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5ec5f0a4-2471-446c-ab32-1b0294cf356b", "created": "2018-02-16T09:00:08.000Z", "modified": "2018-02-16T09:00:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2835626e-b913-4889-a9d9-fdbe227feadb", "target_ref": "x-misp-object--a28ef769-5398-4eb7-9b00-fab900d14c43" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f12247b1-47a7-4c9f-8a64-8fa449f4066a", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fb3000f4-1ebc-42d4-8e4a-2275d659efe6", "target_ref": "x-misp-object--5cbeb48f-30a6-478a-bea9-9928524630c6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cba62434-7e45-47db-8658-255ff86b7371", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f53a44f1-158b-4212-bc9e-8e257362a32c", "target_ref": "x-misp-object--3bd1c560-3b57-4248-b95c-72723eebd90c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e073f5a7-a045-4bd8-8554-b430775c7a3d", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--edc8ba48-d186-4b7f-a8e4-54fdfee91503", "target_ref": "x-misp-object--cf7832e0-5495-4a89-95df-cb4dd915842e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f08c661-bc0f-4e59-a9a1-67b2a85d8682", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f8e43169-3421-43af-8b25-be605a3ea859", "target_ref": "x-misp-object--2e77adf4-a30d-4dcf-9fcd-9a263b1971c7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2fe467aa-d68f-4763-98aa-c29a69b4b194", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--770417f7-66d8-4c14-a590-25829420ef72", "target_ref": "x-misp-object--d250cbbd-0387-4477-9487-647ba7f369ed" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9e5e5fe-5a65-495f-ba23-48ff7bab2197", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--18939e64-0afb-4ae4-8995-189b92423b98", "target_ref": "x-misp-object--55b685d6-7fdc-4538-b113-d253384b213a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8de4f7da-7ec0-4bee-90bf-b61e536a1697", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8d7a2d17-30f8-46c6-aa2c-c99caf8b8208", "target_ref": "x-misp-object--ece0181f-f705-463f-bea6-08263cc535ba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dbdf1e48-aaef-4209-9137-74ef63260a9f", "created": "2018-02-16T09:00:09.000Z", "modified": "2018-02-16T09:00:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--87463bc1-9173-4071-827c-db9c3d3396bc", "target_ref": "x-misp-object--f31cc4ab-1875-4f2d-87c9-04b8673ddbe8" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }