{ "type": "bundle", "id": "bundle--5bec8d43-b990-4129-a9f4-45d08064ab0b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "name": "citizenlab", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5bec8d43-b990-4129-a9f4-45d08064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "name": "MISSING LINK: Tibetan Groups Targeted with Mobile Exploits", "published": "2021-05-26T12:21:53Z", "object_refs": [ "indicator--5d76dfaf-574c-4253-b1f1-67578064ab0b", "x-misp-attribute--5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b", "x-misp-attribute--5d76c9b2-5654-4b42-a28f-61dc8064ab0b", "indicator--5d76c70f-df94-4cd0-b977-4cea8064ab0b", "indicator--5d76c98c-95a0-4186-9d08-61de8064ab0b", "indicator--5d76c98c-be94-4716-9cc3-61de8064ab0b", "indicator--5d76c98c-0998-4c3d-94fa-61de8064ab0b", "indicator--5d76c98c-77cc-4a32-b989-61de8064ab0b", "indicator--5d76c98c-a620-4e86-969b-61de8064ab0b", "indicator--5d76c98c-8960-4e6c-be1c-61de8064ab0b", "indicator--5d76c98c-52b4-4bb9-b61b-61de8064ab0b", "indicator--5d76c98c-1b78-4933-98f8-61de8064ab0b", "indicator--5d76c98c-3358-4897-a52b-61de8064ab0b", "indicator--5d76c98c-6be4-4b4a-9a37-61de8064ab0b", "indicator--5d76c98c-0cb4-4be5-b3d6-61de8064ab0b", "indicator--5d76c98c-f230-436d-a69f-61de8064ab0b", "indicator--5bec8d6d-71e0-40b6-add8-171c8064ab0b", "indicator--5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b", "indicator--5d76c7a0-2dac-4e65-a0ca-67208064ab0b", "indicator--5d76c7a0-3c28-4110-aa88-67208064ab0b", "indicator--5d76cc33-7aac-4eb8-a1be-66c48064ab0b", "indicator--5d76cf56-94f8-4a16-84d5-67af8064ab0b", "indicator--5d76d19b-0704-42fa-95c5-61df8064ab0b", "indicator--5d76d6f2-f44c-4b21-ba2d-67578064ab0b", "indicator--5d76dae6-bdc4-4cca-8161-61de8064ab0b", "indicator--5d76dcf6-f094-47a0-8fd4-4cea8064ab0b", "indicator--5d76de15-2544-4f39-baed-61db8064ab0b", "indicator--5bec8d7b-b658-4050-8b3c-45cc8064ab0b", "indicator--5bed8343-d968-4c72-a106-2b328064ab0b", "indicator--5bed84bf-8710-4cba-b9eb-05688064ab0b", "observed-data--5d76c6d3-b878-442a-b476-61de8064ab0b", "url--5d76c6d3-b878-442a-b476-61de8064ab0b", "observed-data--5d76c6d3-b644-45e2-a9d7-61de8064ab0b", "url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b", "observed-data--5d76c6d3-14c4-4b77-85be-61de8064ab0b", "url--5d76c6d3-14c4-4b77-85be-61de8064ab0b", "observed-data--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b", "url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b", "observed-data--5d76c6d3-a174-4130-a62c-61de8064ab0b", "url--5d76c6d3-a174-4130-a62c-61de8064ab0b", "observed-data--5d76c6d3-ce00-497f-9284-61de8064ab0b", "url--5d76c6d3-ce00-497f-9284-61de8064ab0b", "observed-data--5d76c6d3-1708-4847-8b18-61de8064ab0b", "url--5d76c6d3-1708-4847-8b18-61de8064ab0b", "observed-data--5d76c6d3-bb64-4b8d-b773-61de8064ab0b", "url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b", "observed-data--5d76c6d3-d218-49a3-96f3-61de8064ab0b", "url--5d76c6d3-d218-49a3-96f3-61de8064ab0b", "observed-data--5d76c6d3-0658-494c-afb4-61de8064ab0b", "url--5d76c6d3-0658-494c-afb4-61de8064ab0b", "observed-data--5d76c6d3-8624-44df-8338-61de8064ab0b", "url--5d76c6d3-8624-44df-8338-61de8064ab0b", "observed-data--5d76c6d3-1170-4f0e-ade3-61de8064ab0b", "url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b", "observed-data--5d76c6d3-578c-4a96-88fe-61de8064ab0b", "url--5d76c6d3-578c-4a96-88fe-61de8064ab0b", "observed-data--5d76c6d3-7058-403d-a9b1-61de8064ab0b", "url--5d76c6d3-7058-403d-a9b1-61de8064ab0b", "observed-data--5d76c6d3-5824-4b00-8dda-61de8064ab0b", "url--5d76c6d3-5824-4b00-8dda-61de8064ab0b", "observed-data--5d76c6d3-b8ec-438c-8161-61de8064ab0b", "url--5d76c6d3-b8ec-438c-8161-61de8064ab0b", "observed-data--5d76c6d3-a530-4671-8fab-61de8064ab0b", "url--5d76c6d3-a530-4671-8fab-61de8064ab0b", "observed-data--5d76c6d3-bd08-4528-9fab-61de8064ab0b", "url--5d76c6d3-bd08-4528-9fab-61de8064ab0b", "observed-data--5d76c6d3-936c-411b-a0c9-61de8064ab0b", "url--5d76c6d3-936c-411b-a0c9-61de8064ab0b", "observed-data--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b", "url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b", "observed-data--5d76c6d3-2150-4f97-80c4-61de8064ab0b", "url--5d76c6d3-2150-4f97-80c4-61de8064ab0b", "observed-data--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b", "url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b", "observed-data--5d76c6d3-8604-4125-b369-61de8064ab0b", "url--5d76c6d3-8604-4125-b369-61de8064ab0b", "observed-data--5d76c6d4-7398-45b0-b5e9-61de8064ab0b", "url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b", "observed-data--5d76c6d4-0854-4d51-8fb7-61de8064ab0b", "url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b", "observed-data--5d76c6d4-2fb8-46f2-a589-61de8064ab0b", "url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b", "observed-data--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b", "url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b", "observed-data--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b", "url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b", "observed-data--5d76c6d4-52b4-413f-bf04-61de8064ab0b", "url--5d76c6d4-52b4-413f-bf04-61de8064ab0b", "observed-data--5d76c6d4-dde0-484e-ac13-61de8064ab0b", "url--5d76c6d4-dde0-484e-ac13-61de8064ab0b", "observed-data--5d76c6d4-3b64-4591-b0df-61de8064ab0b", "url--5d76c6d4-3b64-4591-b0df-61de8064ab0b", "observed-data--5d76c730-b4c0-4746-af7e-61db8064ab0b", "url--5d76c730-b4c0-4746-af7e-61db8064ab0b", "indicator--5d892cd4-fba0-4c21-90d9-0b328064ab0b", "observed-data--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "observed-data--5d76e2eb-df2c-4913-b458-67578064ab0b", "email-message--5d76e2eb-df2c-4913-b458-67578064ab0b", "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b", "observed-data--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "observed-data--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "observed-data--5d8545bf-ec98-4d0c-a8a3-55038064ab0b", "file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b", "observed-data--5d8545d4-ee30-435b-827e-55078064ab0b", "file--5d8545d4-ee30-435b-827e-55078064ab0b", "observed-data--5d8545e3-c264-43d8-9666-55068064ab0b", "file--5d8545e3-c264-43d8-9666-55068064ab0b", "observed-data--5d854603-8bf4-44fe-96ae-47ce8064ab0b", "file--5d854603-8bf4-44fe-96ae-47ce8064ab0b", "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb", "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460", "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f", "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786", "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581", "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f", "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b", "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f", "indicator--d6592ce4-117e-4cd7-9969-abe216690882", "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9", "relationship--4b094c2c-4ed0-46d7-beb1-9a016e52569c", "relationship--77247f09-63a9-477e-85ff-d934ecb7391f", "relationship--e37d9cd6-a465-4d74-b5de-c2bf6f56c811", "relationship--03f9fb7d-5c10-4222-9d39-6df72badc6ac", "relationship--f27a7080-8a63-4bb1-85eb-d373b84463db" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76dfaf-574c-4253-b1f1-67578064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:33:51.000Z", "modified": "2019-09-09T23:33:51.000Z", "description": "iOS payload", "pattern": "[file:hashes.SHA256 = '0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:50.000Z", "modified": "2019-09-09T21:52:50.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "whois-registrant-email", "x_misp_value": "dashenqu832@outlook.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d76c9b2-5654-4b42-a28f-61dc8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:50.000Z", "modified": "2019-09-09T21:52:50.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "whois-registrant-email", "x_misp_value": "ornaments798@outlook.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c70f-df94-4cd0-b977-4cea8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:33:59.000Z", "modified": "2019-09-09T23:33:59.000Z", "pattern": "[domain-name:value = 'www.energy-mail.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:33:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-95a0-4186-9d08-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'antmoving.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-be94-4716-9cc3-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'beemail.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-0998-4c3d-94fa-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'bf.mk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-77cc-4a32-b989-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'energy-mail.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-a620-4e86-969b-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'gmailapp.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-8960-4e6c-be1c-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'izelense.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-52b4-4bb9-b61b-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'mailanalysis.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-1b78-4933-98f8-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'mailcontactanalysis.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-3358-4897-a52b-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'mailnotes.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-6be4-4b4a-9a37-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'polarismail.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-0cb4-4be5-b3d6-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'rf.mk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c98c-f230-436d-a69f-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:52:12.000Z", "modified": "2019-09-09T21:52:12.000Z", "pattern": "[domain-name:value = 'walkingnote.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:52:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bec8d6d-71e0-40b6-add8-171c8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2018-11-14T21:02:55.000Z", "modified": "2018-11-14T21:02:55.000Z", "pattern": "[domain-name:value = 'www.msap.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-14T21:02:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2018-11-14T21:02:58.000Z", "modified": "2018-11-14T21:02:58.000Z", "pattern": "[domain-name:value = 'msap.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-14T21:02:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c7a0-2dac-4e65-a0ca-67208064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:44:00.000Z", "modified": "2019-09-09T21:44:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.75.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T21:44:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76c7a0-3c28-4110-aa88-67208064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:39:17.000Z", "modified": "2019-09-20T21:39:17.000Z", "description": "Android exploit server", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.149.154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-20T21:39:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76cc33-7aac-4eb8-a1be-66c48064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:34:08.000Z", "modified": "2019-09-09T23:34:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.78.79.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:34:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76cf56-94f8-4a16-84d5-67af8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T22:16:54.000Z", "modified": "2019-09-09T22:16:54.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.28.93.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T22:16:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76d19b-0704-42fa-95c5-61df8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:34:47.000Z", "modified": "2019-09-09T23:34:47.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.169.2.57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:34:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76d6f2-f44c-4b21-ba2d-67578064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T22:49:22.000Z", "modified": "2019-09-09T22:49:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.189.65.198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T22:49:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76dae6-bdc4-4cca-8161-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:06:14.000Z", "modified": "2019-09-09T23:06:14.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '140.82.17.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:06:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76dcf6-f094-47a0-8fd4-4cea8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:35:01.000Z", "modified": "2019-09-09T23:35:01.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.53.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:35:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d76de15-2544-4f39-baed-61db8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:19:49.000Z", "modified": "2019-09-09T23:19:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.91.137']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-09T23:19:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bec8d7b-b658-4050-8b3c-45cc8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:41:18.000Z", "modified": "2019-09-20T21:41:18.000Z", "description": "iOS exploit server", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.202.59.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-20T21:41:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bed8343-d968-4c72-a106-2b328064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:40:08.000Z", "modified": "2019-09-20T21:40:08.000Z", "description": "iOS C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.42.58.59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-20T21:40:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bed84bf-8710-4cba-b9eb-05688064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2018-11-15T14:37:51.000Z", "modified": "2018-11-15T14:37:51.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.251.16.87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-15T14:37:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-b878-442a-b476-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-b878-442a-b476-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-b878-442a-b476-61de8064ab0b", "value": "http://bit.ly/2z1WayM" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-b644-45e2-a9d7-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b", "value": "http://www.msap.services/1R7mqD" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-14c4-4b77-85be-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-14c4-4b77-85be-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-14c4-4b77-85be-61de8064ab0b", "value": "http://bit.ly/2AYy61a" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b", "value": "http//www.msap.services/2bKr8Z" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-a174-4130-a62c-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-a174-4130-a62c-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-a174-4130-a62c-61de8064ab0b", "value": "http://www.msap.services/6FeBOy" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-ce00-497f-9284-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-ce00-497f-9284-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-ce00-497f-9284-61de8064ab0b", "value": "http://suo.im/5ot25j" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-1708-4847-8b18-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-1708-4847-8b18-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-1708-4847-8b18-61de8064ab0b", "value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL29wZW4/aWQ9MUlTakl2eFoxX1g5YkdJSnQtMlpKeDRDRWwzdVVhRmlv" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-bb64-4b8d-b773-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b", "value": "http://www.msap.services/yHJbS6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-d218-49a3-96f3-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-d218-49a3-96f3-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-d218-49a3-96f3-61de8064ab0b", "value": "http://bit.ly/2qHg3Xt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-0658-494c-afb4-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-0658-494c-afb4-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-0658-494c-afb4-61de8064ab0b", "value": "http://www.msap.services/S5gDoN" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-8624-44df-8338-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-8624-44df-8338-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-8624-44df-8338-61de8064ab0b", "value": "http://bit.ly/2T2CoeX" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-1170-4f0e-ade3-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b", "value": "http://www.msap.services/EzpOhU" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-578c-4a96-88fe-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-578c-4a96-88fe-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-578c-4a96-88fe-61de8064ab0b", "value": "http://bit.ly/2PSvdau" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-7058-403d-a9b1-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-7058-403d-a9b1-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-7058-403d-a9b1-61de8064ab0b", "value": "http://www.msap.services/GfHuRi" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-5824-4b00-8dda-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-5824-4b00-8dda-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-5824-4b00-8dda-61de8064ab0b", "value": "http://suo.im/5okeFb" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-b8ec-438c-8161-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-b8ec-438c-8161-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-b8ec-438c-8161-61de8064ab0b", "value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAxOC8xMS8wMi9vYml0dWFyaWVzL2xvZGktZ3lhcmktZGVhZC5odG1s" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-a530-4671-8fab-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-a530-4671-8fab-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-a530-4671-8fab-61de8064ab0b", "value": "http://bit.ly/2SVPqdY" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-bd08-4528-9fab-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-bd08-4528-9fab-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-bd08-4528-9fab-61de8064ab0b", "value": "http://www.msap.services/F8XGNe" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-936c-411b-a0c9-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-936c-411b-a0c9-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-936c-411b-a0c9-61de8064ab0b", "value": "http://bit.ly/2QroNMt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b", "value": "http://www.msap.services/70FtQX" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-2150-4f97-80c4-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-2150-4f97-80c4-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-2150-4f97-80c4-61de8064ab0b", "value": "http://msap.services/yHJbS6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b", "value": "http://bit.ly/2B4GwEf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d3-8604-4125-b369-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d3-8604-4125-b369-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d3-8604-4125-b369-61de8064ab0b", "value": "http://www.msap.services/XgL5A9" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-7398-45b0-b5e9-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:35.000Z", "modified": "2019-09-09T21:40:35.000Z", "first_observed": "2019-09-09T21:40:35Z", "last_observed": "2019-09-09T21:40:35Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b", "value": "http://bit.ly/2T6pCMf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-0854-4d51-8fb7-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b", "value": "http://www.msap.services/ZpzstM" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-2fb8-46f2-a589-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b", "value": "http://bit.ly/2Drl90q" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b", "value": "http://www.msap.services/ZQfqzs" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b", "value": "https://bit.ly/2MgSRwL" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-52b4-413f-bf04-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-52b4-413f-bf04-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-52b4-413f-bf04-61de8064ab0b", "value": "https://www.energy-mail.org/B20V54" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-dde0-484e-ac13-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-dde0-484e-ac13-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-dde0-484e-ac13-61de8064ab0b", "value": "https://bit.ly/2XePmYt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c6d4-3b64-4591-b0df-61de8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:40:36.000Z", "modified": "2019-09-09T21:40:36.000Z", "first_observed": "2019-09-09T21:40:36Z", "last_observed": "2019-09-09T21:40:36Z", "number_observed": 1, "object_refs": [ "url--5d76c6d4-3b64-4591-b0df-61de8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c6d4-3b64-4591-b0df-61de8064ab0b", "value": "http://45.76.149.154:5000/web/info?org=aHR0cDovL3d3dy5waGF5dWwuY29tL25ld3MvYXJ0aWNsZS5hc3B4P2lkPTQxNDc0JmZiY2xpZD1Jd0FSM1RadGdjanppUkhNZFJuOEdhZ1RMUV9iMHFrX0VBZWY2YldxRU5SanhaZkkzRFdPNFpsRExPcFdz" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76c730-b4c0-4746-af7e-61db8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T21:42:08.000Z", "modified": "2019-09-09T21:42:08.000Z", "first_observed": "2019-09-09T21:42:08Z", "last_observed": "2019-09-09T21:42:08Z", "number_observed": 1, "object_refs": [ "url--5d76c730-b4c0-4746-af7e-61db8064ab0b" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d76c730-b4c0-4746-af7e-61db8064ab0b", "value": "http://43.251.16.87:5000//dev/loader" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d892cd4-fba0-4c21-90d9-0b328064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-23T20:36:36.000Z", "modified": "2019-09-23T20:36:36.000Z", "description": "Scotch user agent", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'hots scot']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-23T20:36:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:40:27.000Z", "modified": "2019-09-09T23:40:27.000Z", "first_observed": "2019-09-09T23:40:27Z", "last_observed": "2019-09-09T23:40:27Z", "number_observed": 1, "object_refs": [ "email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b" ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "is_multipart": false, "from_ref": "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "value": "antmoving.online@gmail.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76e2eb-df2c-4913-b458-67578064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:40:27.000Z", "modified": "2019-09-09T23:40:27.000Z", "first_observed": "2019-09-09T23:40:27Z", "last_observed": "2019-09-09T23:40:27Z", "number_observed": 1, "object_refs": [ "email-message--5d76e2eb-df2c-4913-b458-67578064ab0b", "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b" ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5d76e2eb-df2c-4913-b458-67578064ab0b", "is_multipart": false, "from_ref": "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b", "value": "energymail.org@gmail.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:40:27.000Z", "modified": "2019-09-09T23:40:27.000Z", "first_observed": "2019-09-09T23:40:27Z", "last_observed": "2019-09-09T23:40:27Z", "number_observed": 1, "object_refs": [ "email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b" ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "is_multipart": false, "from_ref": "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b", "value": "jameslewis199106@gmail.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-09T23:40:27.000Z", "modified": "2019-09-09T23:40:27.000Z", "first_observed": "2019-09-09T23:40:27Z", "last_observed": "2019-09-09T23:40:27Z", "number_observed": 1, "object_refs": [ "email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b" ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "is_multipart": false, "from_ref": "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "value": "touchxun658@gmail.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d8545bf-ec98-4d0c-a8a3-55038064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:33:51.000Z", "modified": "2019-09-20T21:33:51.000Z", "first_observed": "2019-09-20T21:33:51Z", "last_observed": "2019-09-20T21:33:51Z", "number_observed": 1, "object_refs": [ "file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b" ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b", "hashes": { "SHA-256": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d8545d4-ee30-435b-827e-55078064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:34:12.000Z", "modified": "2019-09-20T21:34:12.000Z", "first_observed": "2019-09-20T21:34:12Z", "last_observed": "2019-09-20T21:34:12Z", "number_observed": 1, "object_refs": [ "file--5d8545d4-ee30-435b-827e-55078064ab0b" ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d8545d4-ee30-435b-827e-55078064ab0b", "hashes": { "SHA-256": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d8545e3-c264-43d8-9666-55068064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:34:27.000Z", "modified": "2019-09-20T21:34:27.000Z", "first_observed": "2019-09-20T21:34:27Z", "last_observed": "2019-09-20T21:34:27Z", "number_observed": 1, "object_refs": [ "file--5d8545e3-c264-43d8-9666-55068064ab0b" ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d8545e3-c264-43d8-9666-55068064ab0b", "hashes": { "SHA-256": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d854603-8bf4-44fe-96ae-47ce8064ab0b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-20T21:34:59.000Z", "modified": "2019-09-20T21:34:59.000Z", "first_observed": "2019-09-20T21:34:59Z", "last_observed": "2019-09-20T21:34:59Z", "number_observed": 1, "object_refs": [ "file--5d854603-8bf4-44fe-96ae-47ce8064ab0b" ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d854603-8bf4-44fe-96ae-47ce8064ab0b", "hashes": { "SHA-256": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:27.000Z", "modified": "2019-09-25T10:32:27.000Z", "pattern": "[file:hashes.MD5 = 'fb7bab3571e557ee7f88309dc472f748' AND file:hashes.SHA1 = '68533858c90515369a1d2f36d72cb3537de58437' AND file:hashes.SHA256 = 'b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-25T10:32:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:27.000Z", "modified": "2019-09-25T10:32:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-24T22:38:19", "category": "Other", "comment": "Loader", "uuid": "4462e200-9d40-4c54-9e90-5d20c74e6bfd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88/analysis/1569364699/", "category": "Payload delivery", "comment": "Loader", "uuid": "8d1378f4-ea14-4387-8d7a-d85ca5b071de" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/57", "category": "Payload delivery", "comment": "Loader", "uuid": "8b05523a-b753-4eba-81e0-b89f5a6ab696" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:28.000Z", "modified": "2019-09-25T10:32:28.000Z", "pattern": "[file:hashes.MD5 = '111ba6564931fccb7f4d0e940b492520' AND file:hashes.SHA1 = '33ea7c4ad4f6d0b59b7b4de906735483e6e8cff7' AND file:hashes.SHA256 = 'e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-25T10:32:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:28.000Z", "modified": "2019-09-25T10:32:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-25T04:23:12", "category": "Other", "comment": "Whisky", "uuid": "d5e4a39f-9daa-4aa4-aba5-8c71ae50e624" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3/analysis/1569385392/", "category": "Payload delivery", "comment": "Whisky", "uuid": "271b9e9f-9c1b-4d87-a122-3ecacf84a57b" }, { "type": "text", "object_relation": "detection-ratio", "value": "2/56", "category": "Payload delivery", "comment": "Whisky", "uuid": "c4751a17-01e5-4b62-8e6c-576d2aab11cf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:28.000Z", "modified": "2019-09-25T10:32:28.000Z", "pattern": "[file:hashes.MD5 = '0d5158b33dc32cfd3c020f9dd13bde55' AND file:hashes.SHA1 = 'df4c6cd8e046d7072cd833575593069f28a02674' AND file:hashes.SHA256 = '6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-25T10:32:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:28.000Z", "modified": "2019-09-25T10:32:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-25T04:23:29", "category": "Other", "comment": "libbourbon", "uuid": "a9483f0b-b532-4933-8cf6-cfd2109189e6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7/analysis/1569385409/", "category": "Payload delivery", "comment": "libbourbon", "uuid": "7b7d7f13-40a7-4906-91fc-d315674418f3" }, { "type": "text", "object_relation": "detection-ratio", "value": "2/55", "category": "Payload delivery", "comment": "libbourbon", "uuid": "0bbfca68-2eb1-4495-86ec-ab68a0d267c9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:28.000Z", "modified": "2019-09-25T10:32:28.000Z", "pattern": "[file:hashes.MD5 = 'fb713151159601eef43226aadd7bb5a6' AND file:hashes.SHA1 = 'fedb77270570b8c401577b65595a9b32e2fa368a' AND file:hashes.SHA256 = '0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-25T10:32:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:29.000Z", "modified": "2019-09-25T10:32:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-24T22:38:17", "category": "Other", "comment": "Scotch", "uuid": "9c01d4ea-e2be-4494-94a3-e63a19dd0abe" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa/analysis/1569364697/", "category": "Payload delivery", "comment": "Scotch", "uuid": "4350a59c-0d18-4044-9956-66634701dbc3" }, { "type": "text", "object_relation": "detection-ratio", "value": "1/58", "category": "Payload delivery", "comment": "Scotch", "uuid": "5634a47e-9a8c-483f-af69-13deaf6d152a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6592ce4-117e-4cd7-9969-abe216690882", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:30.000Z", "modified": "2019-09-25T10:32:30.000Z", "pattern": "[file:hashes.MD5 = 'fa3aeb8ce67077e54b09e0e4c80e3814' AND file:hashes.SHA1 = '24ef2efdb2348cf9db3fb5bf79555e1ffe411c68' AND file:hashes.SHA256 = '0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-25T10:32:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9", "created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05", "created": "2019-09-25T10:32:30.000Z", "modified": "2019-09-25T10:32:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-25T10:00:33", "category": "Other", "comment": "iOS payload", "uuid": "98623fdf-dc92-4290-bc36-de3d32dff2e4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/analysis/1569405633/", "category": "External analysis", "comment": "iOS payload", "uuid": "14f169f7-d2c4-4be0-bef3-adc7ff0e345d" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/55", "category": "Artifacts dropped", "comment": "iOS payload", "uuid": "bbd53242-0d06-4119-ad7b-2884119a5c84" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b094c2c-4ed0-46d7-beb1-9a016e52569c", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb", "target_ref": "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77247f09-63a9-477e-85ff-d934ecb7391f", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f", "target_ref": "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e37d9cd6-a465-4d74-b5de-c2bf6f56c811", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581", "target_ref": "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03f9fb7d-5c10-4222-9d39-6df72badc6ac", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b", "target_ref": "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f27a7080-8a63-4bb1-85eb-d373b84463db", "created": "2021-05-24T09:59:33.000Z", "modified": "2021-05-24T09:59:33.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d6592ce4-117e-4cd7-9969-abe216690882", "target_ref": "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }