{ "type": "bundle", "id": "bundle--5c38eb9d-a470-4466-8aa5-461802de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:14.000Z", "modified": "2019-01-11T19:34:14.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5c38eb9d-a470-4466-8aa5-461802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:14.000Z", "modified": "2019-01-11T19:34:14.000Z", "name": "ServHelper and FlawedGrace - New malware introduced by TA505", "published": "2019-01-11T19:35:09Z", "object_refs": [ "observed-data--5c38ebb5-2b1c-43f9-b582-4ce402de0b81", "url--5c38ebb5-2b1c-43f9-b582-4ce402de0b81", "x-misp-attribute--5c38ebd9-1e0c-47f9-b3de-4e5f02de0b81", "indicator--5c38ec28-4288-404a-8d79-409502de0b81", "indicator--5c38ec29-ca90-4d61-b587-483402de0b81", "indicator--5c38ec29-cbcc-426b-a112-479a02de0b81", "indicator--5c38ec81-8114-453f-a76f-462c02de0b81", "indicator--5c38ec82-7328-43ae-a83c-4e0d02de0b81", "indicator--5c38ec84-6238-4587-a4c2-47e802de0b81", "indicator--5c38ecc6-ad9c-4c16-8b57-406702de0b81", "indicator--5c38ecc7-3d94-48ef-86dd-4af602de0b81", "indicator--5c38ecc8-9afc-4b51-a387-462b02de0b81", "indicator--5c38ed48-9170-4e7a-9c80-457902de0b81", "indicator--5c38ed49-f930-49d8-a74d-479002de0b81", "indicator--5c38ed4b-94a4-4a0a-99ed-493702de0b81", "indicator--5c38ed4c-1850-4b83-acff-41a902de0b81", "indicator--5c38ed4d-4cfc-4dcb-9589-426502de0b81", "indicator--5c38ed4e-a218-45c1-8b89-417302de0b81", "indicator--5c38ed7b-e224-4af8-9dc7-42ee02de0b81", "indicator--5c38ed7c-9934-48fb-bd11-468502de0b81", "indicator--5c38ed7c-c294-4a13-8ca0-4a6c02de0b81", "indicator--5c38ed7d-78a4-4209-9d86-487802de0b81", "indicator--5c38ed7d-5044-42a1-ad79-448802de0b81", "indicator--5c38eda9-e79c-4d21-81f8-f12202de0b81", "indicator--5c38edaa-4f38-4119-9419-f12202de0b81", "indicator--93f50fcd-264a-4734-b4c0-bfec7f37860f", "x-misp-object--42ba88bf-bca8-4ff2-b33d-d23ce9877340", "indicator--c14e45cb-8dfc-4140-b541-135402f6af96", "x-misp-object--7d6c516a-90e2-4597-9b08-c10fa4cd2a81", "indicator--35fdb030-5cd9-4621-b76c-2dfab467bc3b", "x-misp-object--c8cbc23d-0f33-4643-977f-fe2fd3da8a19", "indicator--0d6c7429-1495-4d3f-bfe1-d3834a273606", "x-misp-object--9dd16ec7-f062-459f-968c-c5bb43d3a327", "indicator--dc0e2eae-79dc-496c-8e6f-51c6a3f7b419", "x-misp-object--8d3be9f6-584f-4b1d-bfbf-c9dff2c08ad7", "indicator--9e493185-b642-4a33-9cc1-0b141391605d", "x-misp-object--6624c405-ed32-4075-9501-29967d631716", "indicator--40d64a11-4524-4a53-b736-9326233a65d9", "x-misp-object--6a7c6829-6213-4f4a-9141-eb2394cd32a7", "indicator--4170ad0b-e0f8-4246-8505-63d85a0e84bd", "x-misp-object--8d4ff865-dbce-44b3-86ac-0e461519ea20", "indicator--6ef8a2ea-6ae3-4fa0-afe7-bdb2e9607a56", "x-misp-object--027e06a2-ba9d-4604-9a8d-5230c140eae8", "relationship--5e51a4cf-6b5c-4bd6-bec2-552e9e80f8ba", "relationship--f23665ba-03d5-4fbe-8bd6-30161f8adc7a", "relationship--a3b762c6-3445-49d0-94e2-1f0b6392b308", "relationship--19022709-7d58-450c-bf63-6579d2554875", "relationship--4419ae05-3a76-47d1-b8b3-0de5b34b4b46", "relationship--dac7106c-15a4-4ca5-b64f-ec772819bb2e", "relationship--810217a7-1f2f-4dca-b53f-d4aa6383d4b8", "relationship--d8d9c7de-f415-43e9-802e-abb0f5970f39", "relationship--436844ed-9582-4eef-a909-03df0c90201d" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c38ebb5-2b1c-43f9-b582-4ce402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:17:09.000Z", "modified": "2019-01-11T19:17:09.000Z", "first_observed": "2019-01-11T19:17:09Z", "last_observed": "2019-01-11T19:17:09Z", "number_observed": 1, "object_refs": [ "url--5c38ebb5-2b1c-43f9-b582-4ce402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c38ebb5-2b1c-43f9-b582-4ce402de0b81", "value": "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5c38ebd9-1e0c-47f9-b3de-4e5f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:17:45.000Z", "modified": "2019-01-11T19:17:45.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "For much of 2018, we observed threat actors increasingly distributing downloaders, backdoors, information stealers, remote access Trojans (RATs), and more as they abandoned ransomware as their primary payload. In November 2018, TA505, a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named \u00e2\u20ac\u0153ServHelper\u00e2\u20ac\u009d. ServHelper has two variants: one focused on remote desktop functions and a second that primarily functions as a downloader. Additionally we have observed the downloader variant download a malware we call \u00e2\u20ac\u0153FlawedGrace.\u00e2\u20ac\u009d FlawedGrace is a full-featured RAT that we first observed in November 2017. TA505 appears to be actively targeting banks, retail businesses, and restaurants as they distribute these malware families. This targeting falls in line with other activity we reported earlier in 2018.[1] [2]" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ec28-4288-404a-8d79-409502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:19:04.000Z", "modified": "2019-01-11T19:19:04.000Z", "description": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign attachment", "pattern": "[file:hashes.SHA256 = '52c72a9de2f6e892f07827add85ad913b0541cd5c8449aadc2722f8eb75e548c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:19:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ec29-ca90-4d61-b587-483402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:19:05.000Z", "modified": "2019-01-11T19:19:05.000Z", "description": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign payload", "pattern": "[url:value = 'http://officemysuppbox.com/staterepository']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:19:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ec29-cbcc-426b-a112-479a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:19:05.000Z", "modified": "2019-01-11T19:19:05.000Z", "description": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper", "pattern": "[file:hashes.SHA256 = '1b0859ddbdebcb9d2bb46de00d73aa21bc617614b8123054426556783b211bc8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:19:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ec81-8114-453f-a76f-462c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:20:33.000Z", "modified": "2019-01-11T19:20:33.000Z", "description": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper C&C", "pattern": "[url:value = 'https://checksolutions.pw/ghuae/huadh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ec82-7328-43ae-a83c-4e0d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:20:34.000Z", "modified": "2019-01-11T19:20:34.000Z", "description": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper C&C", "pattern": "[url:value = 'https://rgoianrdfa.pw/ghuae/huadh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:20:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ec84-6238-4587-a4c2-47e802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:20:36.000Z", "modified": "2019-01-11T19:20:36.000Z", "description": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper C&C", "pattern": "[url:value = 'https://arhidsfderm.pw/ghuae/huadh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:20:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ecc6-ad9c-4c16-8b57-406702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:21:42.000Z", "modified": "2019-01-11T19:21:42.000Z", "description": "November 15 \u00e2\u20ac\u0153Downloader\u00e2\u20ac\u009d campaign attachment", "pattern": "[file:hashes.SHA256 = 'eb66ebb95a3dcecae64c61f611a9332fbf460d1b8039d3ab7e4f220104a4bec4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:21:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ecc7-3d94-48ef-86dd-4af602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:21:43.000Z", "modified": "2019-01-11T19:21:43.000Z", "description": "November 15 \u00e2\u20ac\u0153Downloader\u00e2\u20ac\u009d campaign payload", "pattern": "[url:value = 'http://offficebox.com/host32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:21:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ecc8-9afc-4b51-a387-462b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:21:44.000Z", "modified": "2019-01-11T19:21:44.000Z", "description": "November 15 \u00e2\u20ac\u0153Downloader\u00e2\u20ac\u009d campaign ServHelper", "pattern": "[file:hashes.SHA256 = '3cd7e0a8321259e8446b2a9da775aae674715c74ff4923cfc8ec5102f380d41a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed48-9170-4e7a-9c80-457902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:23:52.000Z", "modified": "2019-01-11T19:23:52.000Z", "description": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign attachment", "pattern": "[file:hashes.SHA256 = 'f4b9219f329803dd45afd5646351de456e608dd946830c961ec66c6c25e52cac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:23:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed49-f930-49d8-a74d-479002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:23:53.000Z", "modified": "2019-01-11T19:23:53.000Z", "description": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign payload", "pattern": "[url:value = 'http://office365onlinehome.com/host32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:23:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed4b-94a4-4a0a-99ed-493702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:23:55.000Z", "modified": "2019-01-11T19:23:55.000Z", "description": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign ServHelper", "pattern": "[file:hashes.SHA256 = 'd56429d6d0222022fe8f4cb35a28cd4fb83f87b666a186eb54d9785f01bb4b58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:23:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed4c-1850-4b83-acff-41a902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:23:56.000Z", "modified": "2019-01-11T19:23:56.000Z", "description": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign ServHelper C&C", "pattern": "[url:value = 'https://afgdhjkrm.pw/aggdst/Hasrt.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:23:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed4d-4cfc-4dcb-9589-426502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:23:57.000Z", "modified": "2019-01-11T19:23:57.000Z", "description": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign FlawedGrace", "pattern": "[file:hashes.SHA256 = 'efcee275d23b6e71589452b1cb3095ff92b10ab68cd07957b2ad6be587647b74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:23:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed4e-a218-45c1-8b89-417302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:23:58.000Z", "modified": "2019-01-11T19:23:58.000Z", "description": "On port 443 - December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign FlawedGrace C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.27.241' AND network-traffic:dst_port = '443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:23:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed7b-e224-4af8-9dc7-42ee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:24:43.000Z", "modified": "2019-01-11T19:24:43.000Z", "description": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper", "pattern": "[file:hashes.SHA256 = '9fccd107bd0aee3a2f39ad76a49758309c95545d8154b808eec24d2b51dc4579']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:24:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed7c-9934-48fb-bd11-468502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:24:44.000Z", "modified": "2019-01-11T19:24:44.000Z", "description": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper", "pattern": "[url:value = 'http://dedsolutions.bit/sav/s.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:24:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed7c-c294-4a13-8ca0-4a6c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:24:44.000Z", "modified": "2019-01-11T19:24:44.000Z", "description": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper", "pattern": "[url:value = 'http://dedoshop.pw/sav/s.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:24:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed7d-78a4-4209-9d86-487802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:24:45.000Z", "modified": "2019-01-11T19:24:45.000Z", "description": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper", "pattern": "[url:value = 'http://asgaage.pw/sav/s.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:24:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38ed7d-5044-42a1-ad79-448802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:24:45.000Z", "modified": "2019-01-11T19:24:45.000Z", "description": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper", "pattern": "[url:value = 'http://sghee.pw/sav/s.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:24:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38eda9-e79c-4d21-81f8-f12202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:25:29.000Z", "modified": "2019-01-11T19:25:29.000Z", "description": "\u00e2\u20ac\u0153loaddll\u00e2\u20ac\u009d command ServHelper", "pattern": "[file:hashes.SHA256 = 'a9492312f1258567c3633ed077990fe053776cd576aa60ac7589c6bd7829d549']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c38edaa-4f38-4119-9419-f12202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:25:30.000Z", "modified": "2019-01-11T19:25:30.000Z", "description": "\u00e2\u20ac\u0153loaddll\u00e2\u20ac\u009d command ServHelper", "pattern": "[url:value = 'https://vesecase.com/support/form.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93f50fcd-264a-4734-b4c0-bfec7f37860f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:43.000Z", "modified": "2019-01-11T19:33:43.000Z", "pattern": "[file:hashes.MD5 = '4b9054475ff9aa15be35b42264715354' AND file:hashes.SHA1 = 'a088dfaee1779878353a1dc347a91a892e5dfd74' AND file:hashes.SHA256 = 'efcee275d23b6e71589452b1cb3095ff92b10ab68cd07957b2ad6be587647b74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--42ba88bf-bca8-4ff2-b33d-d23ce9877340", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:44.000Z", "modified": "2019-01-11T19:33:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T18:46:42", "category": "Other", "uuid": "8a72aaeb-4f03-47e2-a3e4-adb505a7051b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/efcee275d23b6e71589452b1cb3095ff92b10ab68cd07957b2ad6be587647b74/analysis/1547232402/", "category": "External analysis", "uuid": "7156ecf8-44d3-4ea7-b9ea-f06a090614d6" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/63", "category": "Other", "uuid": "08a7810c-0763-4997-b152-80ddfc699815" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c14e45cb-8dfc-4140-b541-135402f6af96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:45.000Z", "modified": "2019-01-11T19:33:45.000Z", "pattern": "[file:hashes.MD5 = 'daf7d35eeed3058c821bde464913f9ca' AND file:hashes.SHA1 = 'e2c8cb0d6a89b995a9ec77b2838863c08e33d6a5' AND file:hashes.SHA256 = '9fccd107bd0aee3a2f39ad76a49758309c95545d8154b808eec24d2b51dc4579']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7d6c516a-90e2-4597-9b08-c10fa4cd2a81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:47.000Z", "modified": "2019-01-11T19:33:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T09:15:15", "category": "Other", "uuid": "589de291-5218-445f-8af9-6b3e8e0d4cf1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9fccd107bd0aee3a2f39ad76a49758309c95545d8154b808eec24d2b51dc4579/analysis/1547198115/", "category": "External analysis", "uuid": "e9665877-4b83-4dcb-b524-c1ec6348aaa3" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/68", "category": "Other", "uuid": "0a6d3f73-b8f8-4f65-90ca-e98976f2b898" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35fdb030-5cd9-4621-b76c-2dfab467bc3b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:48.000Z", "modified": "2019-01-11T19:33:48.000Z", "pattern": "[file:hashes.MD5 = '5cd4aecb962528166ad1a0b72f675c44' AND file:hashes.SHA1 = '1242dc4d1ece26ef15dc3bdb8ed13e8b04d6a178' AND file:hashes.SHA256 = '1b0859ddbdebcb9d2bb46de00d73aa21bc617614b8123054426556783b211bc8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c8cbc23d-0f33-4643-977f-fe2fd3da8a19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:50.000Z", "modified": "2019-01-11T19:33:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T09:32:27", "category": "Other", "uuid": "c41b5480-eac8-4ba5-b286-a39a2b93b45a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1b0859ddbdebcb9d2bb46de00d73aa21bc617614b8123054426556783b211bc8/analysis/1547199147/", "category": "External analysis", "uuid": "5e9a3b2e-2b50-4563-9093-17602afa0130" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/69", "category": "Other", "uuid": "69071e5c-1be3-4edf-b07b-f87e150428b7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d6c7429-1495-4d3f-bfe1-d3834a273606", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:51.000Z", "modified": "2019-01-11T19:33:51.000Z", "pattern": "[file:hashes.MD5 = 'db0b9554ef0c4b3004c2cdb43a9fb020' AND file:hashes.SHA1 = '2f760f967f042827cda567fa07713371d746aa11' AND file:hashes.SHA256 = '52c72a9de2f6e892f07827add85ad913b0541cd5c8449aadc2722f8eb75e548c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9dd16ec7-f062-459f-968c-c5bb43d3a327", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:52.000Z", "modified": "2019-01-11T19:33:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T09:02:13", "category": "Other", "uuid": "d4da3848-cf16-4df4-9301-83f9b703e5a0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/52c72a9de2f6e892f07827add85ad913b0541cd5c8449aadc2722f8eb75e548c/analysis/1547197333/", "category": "External analysis", "uuid": "75d2b444-f984-4e6b-b32b-5f6588f4eb5c" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/58", "category": "Other", "uuid": "1d1f3b46-6c15-4450-9871-039ddc29078f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc0e2eae-79dc-496c-8e6f-51c6a3f7b419", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:53.000Z", "modified": "2019-01-11T19:33:53.000Z", "pattern": "[file:hashes.MD5 = 'a6563a927d925b1231deaa090403bc9a' AND file:hashes.SHA1 = 'e501be071953aa308faad656cfa2d73a3902d8a4' AND file:hashes.SHA256 = 'a9492312f1258567c3633ed077990fe053776cd576aa60ac7589c6bd7829d549']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8d3be9f6-584f-4b1d-bfbf-c9dff2c08ad7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:55.000Z", "modified": "2019-01-11T19:33:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T09:12:29", "category": "Other", "uuid": "d0f5ecbe-6c20-4b4d-8170-ba4e93d94ebb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a9492312f1258567c3633ed077990fe053776cd576aa60ac7589c6bd7829d549/analysis/1547197949/", "category": "External analysis", "uuid": "cb9a7cb0-5e67-4e8d-a706-4ea332ac156e" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/70", "category": "Other", "uuid": "8c082351-3562-4c7e-b5bf-057e81fad3da" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e493185-b642-4a33-9cc1-0b141391605d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:56.000Z", "modified": "2019-01-11T19:33:56.000Z", "pattern": "[file:hashes.MD5 = 'bf4ea62bb7117b1d5f31873c84a95f5a' AND file:hashes.SHA1 = '3fc7d7f1d47b2ac971d778f580cf64a112127aa9' AND file:hashes.SHA256 = 'f4b9219f329803dd45afd5646351de456e608dd946830c961ec66c6c25e52cac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6624c405-ed32-4075-9501-29967d631716", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:57.000Z", "modified": "2019-01-11T19:33:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T10:52:12", "category": "Other", "uuid": "f70d9f53-8238-4721-9518-5eddacb58d1b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f4b9219f329803dd45afd5646351de456e608dd946830c961ec66c6c25e52cac/analysis/1547203932/", "category": "External analysis", "uuid": "d34102bb-440b-4393-b738-9ae187d0fefe" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/58", "category": "Other", "uuid": "b35598ba-ea92-4b89-97ae-fe5379e4a3f7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--40d64a11-4524-4a53-b736-9326233a65d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:33:58.000Z", "modified": "2019-01-11T19:33:58.000Z", "pattern": "[file:hashes.MD5 = '0f459932b21d0c6dfcc199951058c0a5' AND file:hashes.SHA1 = '9ff00fe5f0921a6a591b7db3a1838834348e123d' AND file:hashes.SHA256 = '3cd7e0a8321259e8446b2a9da775aae674715c74ff4923cfc8ec5102f380d41a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:33:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6a7c6829-6213-4f4a-9141-eb2394cd32a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:01.000Z", "modified": "2019-01-11T19:34:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T09:13:28", "category": "Other", "uuid": "a508cd3f-eb30-450e-82ea-6eac3d988f84" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3cd7e0a8321259e8446b2a9da775aae674715c74ff4923cfc8ec5102f380d41a/analysis/1547198008/", "category": "External analysis", "uuid": "7138648d-6ba2-4f2d-aeca-1fe74de7801e" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/70", "category": "Other", "uuid": "5466e6ec-78e0-4762-bb46-3112333840a2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4170ad0b-e0f8-4246-8505-63d85a0e84bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:03.000Z", "modified": "2019-01-11T19:34:03.000Z", "pattern": "[file:hashes.MD5 = 'b811a63eaa3f6a76d4176a64655c086f' AND file:hashes.SHA1 = '45f3b9f49d4c680de6fdede99427289a11317aa0' AND file:hashes.SHA256 = 'eb66ebb95a3dcecae64c61f611a9332fbf460d1b8039d3ab7e4f220104a4bec4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:34:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8d4ff865-dbce-44b3-86ac-0e461519ea20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:07.000Z", "modified": "2019-01-11T19:34:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T09:09:08", "category": "Other", "uuid": "c6f3b4ea-17b4-4132-99eb-5bcbd85146db" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eb66ebb95a3dcecae64c61f611a9332fbf460d1b8039d3ab7e4f220104a4bec4/analysis/1547197748/", "category": "External analysis", "uuid": "5c4776a4-dbe9-4950-8a7e-81a4f9519100" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/58", "category": "Other", "uuid": "832ae984-cfdb-4ba3-a7d7-ce24471b9b48" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ef8a2ea-6ae3-4fa0-afe7-bdb2e9607a56", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:10.000Z", "modified": "2019-01-11T19:34:10.000Z", "pattern": "[file:hashes.MD5 = 'c4a201a6f5e07136923f824bda4cd54f' AND file:hashes.SHA1 = 'a0bcdb0ce8999bfb75723236e15e4f557a784743' AND file:hashes.SHA256 = 'd56429d6d0222022fe8f4cb35a28cd4fb83f87b666a186eb54d9785f01bb4b58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-11T19:34:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--027e06a2-ba9d-4604-9a8d-5230c140eae8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-01-11T19:34:14.000Z", "modified": "2019-01-11T19:34:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-01-11T10:52:31", "category": "Other", "uuid": "73a12bc5-bfd2-4c6d-b138-4b6258f0dd17" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d56429d6d0222022fe8f4cb35a28cd4fb83f87b666a186eb54d9785f01bb4b58/analysis/1547203951/", "category": "External analysis", "uuid": "c043dc85-8fc5-4e39-abd0-c8237f97d111" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/69", "category": "Other", "uuid": "9213d232-6ae9-4629-8593-4d493d7007ac" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e51a4cf-6b5c-4bd6-bec2-552e9e80f8ba", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--93f50fcd-264a-4734-b4c0-bfec7f37860f", "target_ref": "x-misp-object--42ba88bf-bca8-4ff2-b33d-d23ce9877340" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f23665ba-03d5-4fbe-8bd6-30161f8adc7a", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c14e45cb-8dfc-4140-b541-135402f6af96", "target_ref": "x-misp-object--7d6c516a-90e2-4597-9b08-c10fa4cd2a81" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3b762c6-3445-49d0-94e2-1f0b6392b308", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--35fdb030-5cd9-4621-b76c-2dfab467bc3b", "target_ref": "x-misp-object--c8cbc23d-0f33-4643-977f-fe2fd3da8a19" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--19022709-7d58-450c-bf63-6579d2554875", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0d6c7429-1495-4d3f-bfe1-d3834a273606", "target_ref": "x-misp-object--9dd16ec7-f062-459f-968c-c5bb43d3a327" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4419ae05-3a76-47d1-b8b3-0de5b34b4b46", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dc0e2eae-79dc-496c-8e6f-51c6a3f7b419", "target_ref": "x-misp-object--8d3be9f6-584f-4b1d-bfbf-c9dff2c08ad7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dac7106c-15a4-4ca5-b64f-ec772819bb2e", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9e493185-b642-4a33-9cc1-0b141391605d", "target_ref": "x-misp-object--6624c405-ed32-4075-9501-29967d631716" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--810217a7-1f2f-4dca-b53f-d4aa6383d4b8", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--40d64a11-4524-4a53-b736-9326233a65d9", "target_ref": "x-misp-object--6a7c6829-6213-4f4a-9141-eb2394cd32a7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8d9c7de-f415-43e9-802e-abb0f5970f39", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4170ad0b-e0f8-4246-8505-63d85a0e84bd", "target_ref": "x-misp-object--8d4ff865-dbce-44b3-86ac-0e461519ea20" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--436844ed-9582-4eef-a909-03df0c90201d", "created": "2019-01-11T19:34:17.000Z", "modified": "2019-01-11T19:34:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6ef8a2ea-6ae3-4fa0-afe7-bdb2e9607a56", "target_ref": "x-misp-object--027e06a2-ba9d-4604-9a8d-5230c140eae8" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }