{ "type": "bundle", "id": "bundle--5df37253-ecc0-40ff-9ab9-4c44950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-16T08:27:45.000Z", "modified": "2019-12-16T08:27:45.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5df37253-ecc0-40ff-9ab9-4c44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-16T08:27:45.000Z", "modified": "2019-12-16T08:27:45.000Z", "name": "OSINT - GALLIUM: Targeting global telecom", "published": "2019-12-16T08:34:35Z", "object_refs": [ "observed-data--5df372b8-5b40-478d-a93d-4cf1950d210f", "url--5df372b8-5b40-478d-a93d-4cf1950d210f", "indicator--5df37fb5-e9a4-4ed8-9abe-4850950d210f", "indicator--5df37fba-2648-4954-980c-444a950d210f", "indicator--5df37fc0-7bf4-4030-bf71-4e71950d210f", "indicator--5df37fc6-d1d4-4b40-a7ac-46e3950d210f", "indicator--5df37fc6-48d8-4b0d-af0b-4814950d210f", "indicator--5df37fc7-46b0-42c1-8578-4923950d210f", "indicator--5df37fc7-7f30-479f-8358-43f4950d210f", "x-misp-attribute--5df38aa1-7a6c-4df4-bbfa-4ca0950d210f", "observed-data--5df399d4-fa1c-48d7-bca2-48b4950d210f", "url--5df399d4-fa1c-48d7-bca2-48b4950d210f", "indicator--1ab9b5d3-f394-4a58-b890-e4ec2f6c7f58", "indicator--9c77c3fa-73df-450c-b5b3-ce88e70e25c6", "indicator--6841f72d-d8d2-4cea-bff0-ecd5e746cb44", "indicator--0d9e0fdd-9a73-472b-9de0-3eb7b1a3ce73", "indicator--81b35f61-e33f-4ce5-9264-a42e4061dc89", "indicator--34fb3676-5716-43dd-8a1c-8b180f793c25", "indicator--10f1f733-c7ee-41a9-bfc7-de76c69a386e", "indicator--55309c26-5c02-464f-939a-d71ccd33e1a2", "indicator--52ea1550-80eb-4398-9011-e294c4b04153", "indicator--fd50853a-5080-4c08-875a-13b25c64f6fb", "indicator--473b147e-5cd4-4acb-ae0d-03cbe777e19a", "indicator--c609fe42-cc46-4ff3-bda8-83175257560a", "indicator--826b488e-d80e-46eb-81d0-a2d7f255c391", "indicator--5ae707a9-1413-40e1-9bfb-0ab797935daf", "indicator--2ff483f1-bfd4-4bc0-834a-6090bd524eb7", "indicator--887e619e-e714-4276-88ab-5bee4ce7e1bf", "indicator--9714d7cb-273f-451a-bbe2-46a44d787eb5", "indicator--9a81a9ad-91c8-415b-9a7d-a24f2cd80fc7", "indicator--af74e22f-def9-4891-a20e-3ba3717f3023", "indicator--2fb968c9-e5e3-4b24-8b1d-efd3ada12b7b", "indicator--da89646f-07af-4568-9b31-2c65c6b02730", "indicator--6e35ecff-22ac-425f-a762-9be0777ba592", "indicator--996a2bc0-ccfe-498c-8c90-76cc314ce0d2", "indicator--bbac27c8-bbc2-4b2f-a6eb-14a3a2a8372f", "indicator--f263f4bd-a56e-4765-ab3d-a0119f26e56e", "indicator--08f20998-85ef-4436-babb-88289b5eb454", "indicator--3d8a573b-fb90-4313-ba6d-947ba1898b88", "indicator--227aa6db-279d-4d22-913b-c1c913c53bca", "indicator--05335725-d07e-4334-a7b2-1955bc6986af", "indicator--f853a427-6331-46ab-b63c-3af015ff2e9c", "indicator--18187a32-3e83-48fb-b46f-0a1f393cee30", "indicator--8866af47-785b-49c3-8434-6e9e9645bce9", "indicator--ec7c6a1d-bcdb-4b78-b97d-dc882cd85149", "indicator--a53cd17d-fea7-4aa3-a253-49d0fd227668", "indicator--453c9095-c7d4-4f7b-8e18-5592705bb6cc", "indicator--97b788de-edb1-441f-87eb-77692b92d705", "indicator--e2f4d2bb-d70b-4c5e-9993-9770649645ea", "indicator--656bff64-0ad2-4a70-889b-ef9a0a41f8a5", "indicator--693e7281-40be-4cb3-8d42-f1b88c69afd9", "x-misp-object--5792ac9e-9214-4610-b440-f5afaa5d1539", "indicator--70155b79-cdd0-440e-bedd-0386e13c85eb", "x-misp-object--ce794ae7-39c0-4845-8bf8-38b89a365563", "indicator--102841b3-7248-485e-b1a8-9cc72ed1efbb", "x-misp-object--33bc1e10-c0af-465f-96e8-cf37ab9202bf", "indicator--b6b3ac5a-b33a-422f-93c1-17a9ea2530b1", "x-misp-object--3d5fb681-223c-43f5-95ca-1fd0a5901117", "indicator--978422c6-1b76-46fe-8ee6-09cf6b05a382", "x-misp-object--5cf9c477-54ee-4314-8618-94b32a714bd2", "indicator--db7f46ee-b12d-4740-b7f4-2a6a75d4d220", "x-misp-object--cd155fb0-ffa7-4c2d-9abe-9da8b19e38a9", "indicator--39743303-990f-4a10-ab79-e6d47f402ed7", "x-misp-object--b72db847-00e8-40b7-98f4-4f75dfb66774", "indicator--0437445d-8bc7-47a2-96a6-4f86ad3906bc", "x-misp-object--bbc49ff1-0987-4ad0-8546-454088138ebd", "indicator--53bc836d-94d5-4620-b23a-ce3bf3cc4b2e", "x-misp-object--34935b31-c353-4fff-bbf8-6138b7a1509a", "indicator--cdcde630-7eb0-4b15-ac5b-de2ce5429c42", "x-misp-object--e7833a09-cac6-42ca-8b1a-945a7bfec0f6", "indicator--57ef2d67-fc65-4c12-ab9f-10ea2a89f9e0", "x-misp-object--0cc004d1-66e1-471f-af25-5ed9301bc765", "indicator--98de906b-cea2-4397-b05f-17ca7375d016", "x-misp-object--59638fcb-5d31-4187-8809-1ea84b8f6941", "relationship--ce4bab44-39db-47ea-990a-2a5293294d6b", "relationship--b77948fd-90d2-4c7f-b886-6d0801aaa8e4", "relationship--f55c9f92-7566-4ae0-8a40-8ecee8f9975b", "relationship--d23a87ac-9344-4de7-a554-12922b1db624", "relationship--a97a70eb-f1ca-4c6d-92bb-d22e29d57d76", "relationship--a09a0713-8835-4966-aff0-35565e7be988", "relationship--f1d7ec7e-41f4-44d4-aaf3-788a5d06b4fa", "relationship--48556c3b-1f92-4d7f-897a-a10fd1d773ad", "relationship--c40afe6e-3c60-4aba-a4c0-6f3dfc6c4921", "relationship--aa58f756-6999-47b6-9dd8-2b0bc6f8f10c", "relationship--a7bafd83-7519-4b9a-9919-9bfa0d5f30c6", "relationship--d0d6b12c-8718-419d-bfd6-59c8463439d0" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:malpedia=\"HTran\"", "misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN\"", "misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"", "misp-galaxy:mitre-tool=\"HTRAN\"", "misp-galaxy:mitre-tool=\"HTRAN - S0040\"", "misp-galaxy:tool=\"Htran\"", "misp-galaxy:malpedia=\"MimiKatz\"", "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz\"", "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"", "misp-galaxy:mitre-tool=\"Mimikatz\"", "misp-galaxy:mitre-tool=\"Mimikatz - S0002\"", "misp-galaxy:tool=\"Mimikatz\"", "misp-galaxy:mitre-enterprise-attack-tool=\"PsExec\"", "misp-galaxy:mitre-enterprise-attack-tool=\"PsExec - S0029\"", "misp-galaxy:mitre-tool=\"PsExec\"", "misp-galaxy:mitre-tool=\"PsExec - S0029\"", "misp-galaxy:tool=\"PsExec\"", "misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor\"", "misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"", "misp-galaxy:mitre-tool=\"Windows Credential Editor\"", "misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\"", "misp-galaxy:tool=\"Windows Credential Editor\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:source-type=\"blog-post\"", "misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper\"", "misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper - S0020\"", "misp-galaxy:mitre-malware=\"China Chopper\"", "misp-galaxy:mitre-malware=\"China Chopper - S0020\"", "misp-galaxy:tool=\"China Chopper\"", "misp-galaxy:malpedia=\"Poison Ivy\"", "misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy\"", "misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"", "misp-galaxy:mitre-malware=\"PoisonIvy\"", "misp-galaxy:mitre-malware=\"PoisonIvy - S0012\"", "misp-galaxy:rat=\"PoisonIvy\"", "misp-galaxy:tool=\"Poison Ivy\"", "misp-galaxy:tool=\"poisonivy\"", "misp-galaxy:microsoft-activity-group=\"GALLIUM\"", "misp-galaxy:tool=\"Netcat\"", "misp-galaxy:tool=\"NBTScan\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5df372b8-5b40-478d-a93d-4cf1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T11:15:04.000Z", "modified": "2019-12-13T11:15:04.000Z", "first_observed": "2019-12-13T11:15:04Z", "last_observed": "2019-12-13T11:15:04Z", "number_observed": 1, "object_refs": [ "url--5df372b8-5b40-478d-a93d-4cf1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5df372b8-5b40-478d-a93d-4cf1950d210f", "value": "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fb5-e9a4-4ed8-9abe-4850950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:29.000Z", "modified": "2019-12-13T12:10:29.000Z", "pattern": "[domain-name:value = 'asyspy256.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fba-2648-4954-980c-444a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:34.000Z", "modified": "2019-12-13T12:10:34.000Z", "pattern": "[domain-name:value = 'hotkillmail9sddcc.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fc0-7bf4-4030-bf71-4e71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:40.000Z", "modified": "2019-12-13T12:10:40.000Z", "pattern": "[domain-name:value = 'rosaf112.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fc6-d1d4-4b40-a7ac-46e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:46.000Z", "modified": "2019-12-13T12:10:46.000Z", "pattern": "[domain-name:value = 'cvdfhjh1231.myftp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fc6-48d8-4b0d-af0b-4814950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:46.000Z", "modified": "2019-12-13T12:10:46.000Z", "pattern": "[domain-name:value = 'sz2016rose.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fc7-46b0-42c1-8578-4923950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:47.000Z", "modified": "2019-12-13T12:10:47.000Z", "pattern": "[domain-name:value = 'dffwescwer4325.myftp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df37fc7-7f30-479f-8358-43f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:10:47.000Z", "modified": "2019-12-13T12:10:47.000Z", "pattern": "[domain-name:value = 'cvdfhjh1231.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5df38aa1-7a6c-4df4-bbfa-4ca0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:05.000Z", "modified": "2019-12-13T12:57:05.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "TrojanDropper:Win32/BlackMould.A!dha\r\nTrojan:Win32/BlackMould.B!dha\r\nTrojan:Win32/QuarkBandit.A!dha\r\nTrojan:Win32/Sidelod.A!dha" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5df399d4-fa1c-48d7-bca2-48b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T14:01:56.000Z", "modified": "2019-12-13T14:01:56.000Z", "first_observed": "2019-12-13T14:01:56Z", "last_observed": "2019-12-13T14:01:56Z", "number_observed": 1, "object_refs": [ "url--5df399d4-fa1c-48d7-bca2-48b4950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5df399d4-fa1c-48d7-bca2-48b4950d210f", "value": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/GalliumIOCs.yaml" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ab9b5d3-f394-4a58-b890-e4ec2f6c7f58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:49.000Z", "modified": "2019-12-13T12:57:49.000Z", "pattern": "[file:hashes.SHA256 = '9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c77c3fa-73df-450c-b5b3-ce88e70e25c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:50.000Z", "modified": "2019-12-13T12:57:50.000Z", "pattern": "[file:hashes.SHA256 = '7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6841f72d-d8d2-4cea-bff0-ecd5e746cb44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:50.000Z", "modified": "2019-12-13T12:57:50.000Z", "pattern": "[file:hashes.SHA256 = '657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d9e0fdd-9a73-472b-9de0-3eb7b1a3ce73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:51.000Z", "modified": "2019-12-13T12:57:51.000Z", "pattern": "[file:hashes.SHA256 = '2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81b35f61-e33f-4ce5-9264-a42e4061dc89", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:51.000Z", "modified": "2019-12-13T12:57:51.000Z", "pattern": "[file:hashes.SHA256 = '52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34fb3676-5716-43dd-8a1c-8b180f793c25", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:52.000Z", "modified": "2019-12-13T12:57:52.000Z", "pattern": "[file:hashes.SHA256 = 'a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10f1f733-c7ee-41a9-bfc7-de76c69a386e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:52.000Z", "modified": "2019-12-13T12:57:52.000Z", "pattern": "[file:hashes.SHA256 = '5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55309c26-5c02-464f-939a-d71ccd33e1a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:53.000Z", "modified": "2019-12-13T12:57:53.000Z", "pattern": "[file:hashes.SHA256 = '6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52ea1550-80eb-4398-9011-e294c4b04153", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:54.000Z", "modified": "2019-12-13T12:57:54.000Z", "pattern": "[file:hashes.SHA256 = '3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd50853a-5080-4c08-875a-13b25c64f6fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:54.000Z", "modified": "2019-12-13T12:57:54.000Z", "pattern": "[file:hashes.SHA256 = '1922a419f57afb351b58330ed456143cc8de8b3ebcbd236d26a219b03b3464d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--473b147e-5cd4-4acb-ae0d-03cbe777e19a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:54.000Z", "modified": "2019-12-13T12:57:54.000Z", "pattern": "[file:hashes.SHA256 = 'fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c609fe42-cc46-4ff3-bda8-83175257560a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:55.000Z", "modified": "2019-12-13T12:57:55.000Z", "pattern": "[file:hashes.SHA256 = '7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--826b488e-d80e-46eb-81d0-a2d7f255c391", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:56.000Z", "modified": "2019-12-13T12:57:56.000Z", "pattern": "[file:hashes.SHA256 = '178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ae707a9-1413-40e1-9bfb-0ab797935daf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:57:56.000Z", "modified": "2019-12-13T12:57:56.000Z", "pattern": "[file:hashes.SHA256 = '51f70956fa8c487784fd21ab795f6ba2199b5c2d346acdeef1de0318a4c729d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ff483f1-bfd4-4bc0-834a-6090bd524eb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:58:12.000Z", "modified": "2019-12-13T12:58:12.000Z", "pattern": "[file:hashes.SHA256 = '889bca95f1a69e94aaade1e959ed0d3620531dc0fc563be9a8decf41899b4d79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:58:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--887e619e-e714-4276-88ab-5bee4ce7e1bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:58:12.000Z", "modified": "2019-12-13T12:58:12.000Z", "pattern": "[file:hashes.SHA256 = '332ddaa00e2eb862742cb8d7e24ce52a5d38ffb22f6c8bd51162bd35e84d7ddf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:58:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9714d7cb-273f-451a-bbe2-46a44d787eb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:58:13.000Z", "modified": "2019-12-13T12:58:13.000Z", "pattern": "[file:hashes.SHA256 = '44bcf82fa536318622798504e8369e9dcdb32686b95fcb44579f0b4efa79df08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:58:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9a81a9ad-91c8-415b-9a7d-a24f2cd80fc7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:58:13.000Z", "modified": "2019-12-13T12:58:13.000Z", "pattern": "[file:hashes.SHA256 = '63552772fdd8c947712a2cff00dfe25c7a34133716784b6d486227384f8cf3ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:58:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af74e22f-def9-4891-a20e-3ba3717f3023", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T12:58:14.000Z", "modified": "2019-12-13T12:58:14.000Z", "pattern": "[file:hashes.SHA256 = '056744a3c371b5938d63c396fe094afce8fb153796a65afa5103e1bffd7ca070']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T12:58:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2fb968c9-e5e3-4b24-8b1d-efd3ada12b7b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:10.000Z", "modified": "2019-12-13T13:51:10.000Z", "pattern": "[file:hashes.SHA1 = '53a44c2396d15c3a03723fa5e5db54cafd527635']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da89646f-07af-4568-9b31-2c65c6b02730", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:14.000Z", "modified": "2019-12-13T13:51:14.000Z", "pattern": "[file:hashes.SHA1 = '9c5e496921e3bc882dc40694f1dcc3746a75db19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e35ecff-22ac-425f-a762-9be0777ba592", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:15.000Z", "modified": "2019-12-13T13:51:15.000Z", "pattern": "[file:hashes.SHA1 = 'aeb573accfd95758550cf30bf04f389a92922844']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--996a2bc0-ccfe-498c-8c90-76cc314ce0d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:15.000Z", "modified": "2019-12-13T13:51:15.000Z", "pattern": "[file:hashes.SHA1 = '79ef78a797403a4ed1a616c68e07fff868a8650a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bbac27c8-bbc2-4b2f-a6eb-14a3a2a8372f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:15.000Z", "modified": "2019-12-13T13:51:15.000Z", "pattern": "[file:hashes.SHA1 = '4f6f38b4cec35e895d91c052b1f5a83d665c2196']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f263f4bd-a56e-4765-ab3d-a0119f26e56e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:16.000Z", "modified": "2019-12-13T13:51:16.000Z", "pattern": "[file:hashes.SHA1 = '1e8c2cac2e4ce7cbd33c3858eb2e24531cb8a84d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08f20998-85ef-4436-babb-88289b5eb454", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:16.000Z", "modified": "2019-12-13T13:51:16.000Z", "pattern": "[file:hashes.SHA1 = 'e841a63e47361a572db9a7334af459ddca11347a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d8a573b-fb90-4313-ba6d-947ba1898b88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:17.000Z", "modified": "2019-12-13T13:51:17.000Z", "pattern": "[file:hashes.SHA1 = 'c28f606df28a9bc8df75a4d5e5837fc5522dd34d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--227aa6db-279d-4d22-913b-c1c913c53bca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:17.000Z", "modified": "2019-12-13T13:51:17.000Z", "pattern": "[file:hashes.SHA1 = '2e94b305d6812a9f96e6781c888e48c7fb157b6b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--05335725-d07e-4334-a7b2-1955bc6986af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:18.000Z", "modified": "2019-12-13T13:51:18.000Z", "pattern": "[file:hashes.SHA1 = 'dd44133716b8a241957b912fa6a02efde3ce3025']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f853a427-6331-46ab-b63c-3af015ff2e9c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:18.000Z", "modified": "2019-12-13T13:51:18.000Z", "pattern": "[file:hashes.SHA1 = '8793bf166cb89eb55f0593404e4e933ab605e803']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18187a32-3e83-48fb-b46f-0a1f393cee30", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:19.000Z", "modified": "2019-12-13T13:51:19.000Z", "pattern": "[file:hashes.SHA1 = 'a39b57032dbb2335499a51e13470a7cd5d86b138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8866af47-785b-49c3-8434-6e9e9645bce9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:20.000Z", "modified": "2019-12-13T13:51:20.000Z", "pattern": "[file:hashes.SHA1 = '41cc2b15c662bc001c0eb92f6cc222934f0beeea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec7c6a1d-bcdb-4b78-b97d-dc882cd85149", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:20.000Z", "modified": "2019-12-13T13:51:20.000Z", "pattern": "[file:hashes.SHA1 = 'd209430d6af54792371174e70e27dd11d3def7a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a53cd17d-fea7-4aa3-a253-49d0fd227668", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:20.000Z", "modified": "2019-12-13T13:51:20.000Z", "pattern": "[file:hashes.SHA1 = '1c6452026c56efd2c94cea7e0f671eb55515edb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--453c9095-c7d4-4f7b-8e18-5592705bb6cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:33.000Z", "modified": "2019-12-13T13:51:33.000Z", "pattern": "[file:hashes.SHA1 = 'c6b41d3afdcdcaf9f442bbe772f5da871801fd5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97b788de-edb1-441f-87eb-77692b92d705", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:34.000Z", "modified": "2019-12-13T13:51:34.000Z", "pattern": "[file:hashes.SHA1 = '4923d460e22fbbf165bbbaba168e5a46b8157d9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2f4d2bb-d70b-4c5e-9993-9770649645ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:34.000Z", "modified": "2019-12-13T13:51:34.000Z", "pattern": "[file:hashes.SHA1 = 'f201504bd96e81d0d350c3a8332593ee1c9e09de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--656bff64-0ad2-4a70-889b-ef9a0a41f8a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:51:35.000Z", "modified": "2019-12-13T13:51:35.000Z", "pattern": "[file:hashes.SHA1 = 'ddd2db1127632a2a52943a2fe516a2e7d05d70d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:51:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--693e7281-40be-4cb3-8d42-f1b88c69afd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:32.000Z", "modified": "2019-12-13T13:57:32.000Z", "pattern": "[file:hashes.MD5 = '96f56b9aff235a11ed946b50344edabd' AND file:hashes.SHA1 = 'c28f606df28a9bc8df75a4d5e5837fc5522dd34d' AND file:hashes.SHA256 = '6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5792ac9e-9214-4610-b440-f5afaa5d1539", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:32.000Z", "modified": "2019-12-13T13:57:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:17:42", "category": "Other", "uuid": "d91da7de-b335-49e1-9593-9b2f71a3d378" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883/analysis/1576214262/", "category": "Payload delivery", "uuid": "4aebae14-d216-4f01-86cf-bfe16625140c" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/70", "category": "Payload delivery", "uuid": "b863ee68-dc5a-4623-9a84-17475c017e36" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70155b79-cdd0-440e-bedd-0386e13c85eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:32.000Z", "modified": "2019-12-13T13:57:32.000Z", "pattern": "[file:hashes.MD5 = 'c990e02f274127e7be060f40c9c79e8b' AND file:hashes.SHA1 = '1e8c2cac2e4ce7cbd33c3858eb2e24531cb8a84d' AND file:hashes.SHA256 = 'a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ce794ae7-39c0-4845-8bf8-38b89a365563", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T08:46:40", "category": "Other", "uuid": "e64cc1e0-3a43-4c86-8aea-73d544222bb7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3/analysis/1576226800/", "category": "Payload delivery", "uuid": "a1309c7b-f004-4c14-bbb2-b620d7abb255" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/70", "category": "Payload delivery", "uuid": "6ff64900-8e27-4c01-8e22-47c02f4b4b0c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--102841b3-7248-485e-b1a8-9cc72ed1efbb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "pattern": "[file:hashes.MD5 = '3586f78ad5596f68536dfd75df54db1e' AND file:hashes.SHA1 = '53a44c2396d15c3a03723fa5e5db54cafd527635' AND file:hashes.SHA256 = '9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--33bc1e10-c0af-465f-96e8-cf37ab9202bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T11:02:11", "category": "Other", "uuid": "34ae0591-d663-4bf6-8b97-619c6facf553" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd/analysis/1576234931/", "category": "Payload delivery", "uuid": "feff165f-3940-4e94-bf82-c1226cd73755" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/70", "category": "Payload delivery", "uuid": "083a323a-4de3-4a03-bd8a-675014dcf4f2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6b3ac5a-b33a-422f-93c1-17a9ea2530b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "pattern": "[file:hashes.MD5 = '723a98a3b0f9db7e15533848abe1fdfb' AND file:hashes.SHA1 = 'aeb573accfd95758550cf30bf04f389a92922844' AND file:hashes.SHA256 = '657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3d5fb681-223c-43f5-95ca-1fd0a5901117", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:07:33", "category": "Other", "uuid": "e07c14a6-4666-40b2-b3f6-7026967aa5da" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5/analysis/1576213653/", "category": "Payload delivery", "uuid": "eafe9e21-8c9d-4faa-bcfd-cada8479116b" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/69", "category": "Payload delivery", "uuid": "eeb1e6dc-a639-41e8-96f8-6e45e582a02f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--978422c6-1b76-46fe-8ee6-09cf6b05a382", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "pattern": "[file:hashes.MD5 = '55053850260a402fba7661a0c7920457' AND file:hashes.SHA1 = '4f6f38b4cec35e895d91c052b1f5a83d665c2196' AND file:hashes.SHA256 = '52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5cf9c477-54ee-4314-8618-94b32a714bd2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:33.000Z", "modified": "2019-12-13T13:57:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:13:03", "category": "Other", "uuid": "09c31cff-f211-4f0c-81a7-0b92fc02d931" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77/analysis/1576213983/", "category": "Payload delivery", "uuid": "02adb680-af12-432e-83c0-4e3bc1eeeb17" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/70", "category": "Payload delivery", "uuid": "67e13421-5ecb-4dd3-b55f-b912a978fb42" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db7f46ee-b12d-4740-b7f4-2a6a75d4d220", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "pattern": "[file:hashes.MD5 = '7824babea1ebfc326648659cb69544f3' AND file:hashes.SHA1 = '2e94b305d6812a9f96e6781c888e48c7fb157b6b' AND file:hashes.SHA256 = '3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cd155fb0-ffa7-4c2d-9abe-9da8b19e38a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:16:05", "category": "Other", "uuid": "b42cf5fe-00da-4f57-bbc8-6a980ad19874" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e/analysis/1576214165/", "category": "Payload delivery", "uuid": "e250b83b-9623-47d4-a980-f036c0d1724e" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/70", "category": "Payload delivery", "uuid": "4e1fff20-4041-45b9-a25a-42faccf6e274" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39743303-990f-4a10-ab79-e6d47f402ed7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "pattern": "[file:hashes.MD5 = '2e834d8dde313e992997cbda050a15f1' AND file:hashes.SHA1 = '9c5e496921e3bc882dc40694f1dcc3746a75db19' AND file:hashes.SHA256 = '7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b72db847-00e8-40b7-98f4-4f75dfb66774", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:06:11", "category": "Other", "uuid": "985d4c3a-1472-4c08-9f3b-c85db8f3eb43" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b/analysis/1576213571/", "category": "Payload delivery", "uuid": "809bee2f-38d3-46fa-967f-ad880079bf1f" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/69", "category": "Payload delivery", "uuid": "abccc32d-fad9-443d-bc3e-a0208d8bdf8d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0437445d-8bc7-47a2-96a6-4f86ad3906bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "pattern": "[file:hashes.MD5 = '07de7a95efb47958b6f61e91e396f8e1' AND file:hashes.SHA1 = '8793bf166cb89eb55f0593404e4e933ab605e803' AND file:hashes.SHA256 = 'fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bbc49ff1-0987-4ad0-8546-454088138ebd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:21:00", "category": "Other", "uuid": "3ba1c6dc-bc42-4ec7-aec3-4d2513c454aa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1/analysis/1576214460/", "category": "Payload delivery", "uuid": "9929cdda-8240-4fcb-8e10-e11bbc49b53f" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/70", "category": "Payload delivery", "uuid": "5b3b1dbd-56bc-4055-bd17-7c2614059c01" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53bc836d-94d5-4620-b23a-ce3bf3cc4b2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:34.000Z", "modified": "2019-12-13T13:57:34.000Z", "pattern": "[file:hashes.MD5 = 'a2d9b9d9e2207168206ea47644325cfc' AND file:hashes.SHA1 = '41cc2b15c662bc001c0eb92f6cc222934f0beeea' AND file:hashes.SHA256 = '178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--34935b31-c353-4fff-bbf8-6138b7a1509a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:35.000Z", "modified": "2019-12-13T13:57:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:20:05", "category": "Other", "uuid": "bee7bb03-3869-47f8-92e1-92caf4de588c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945/analysis/1576214405/", "category": "Payload delivery", "uuid": "0546eeff-6ac3-4e73-95c8-a7367eebeef3" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/70", "category": "Payload delivery", "uuid": "92b72726-f2f8-4031-bee1-3cebda095f1d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdcde630-7eb0-4b15-ac5b-de2ce5429c42", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:35.000Z", "modified": "2019-12-13T13:57:35.000Z", "pattern": "[file:hashes.MD5 = 'c1836091070bf23af23e9eaf62d45380' AND file:hashes.SHA1 = 'a39b57032dbb2335499a51e13470a7cd5d86b138' AND file:hashes.SHA256 = '7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e7833a09-cac6-42ca-8b1a-945a7bfec0f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:35.000Z", "modified": "2019-12-13T13:57:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:19:25", "category": "Other", "uuid": "25f4e334-dfa0-4571-82cd-632e8f09bc97" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c/analysis/1576214365/", "category": "Payload delivery", "uuid": "874c5a63-8f12-4c6b-a7d4-7d5e96f0bdec" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/70", "category": "Payload delivery", "uuid": "460c13d4-ec16-4513-b28f-de1554c90499" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57ef2d67-fc65-4c12-ab9f-10ea2a89f9e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:35.000Z", "modified": "2019-12-13T13:57:35.000Z", "pattern": "[file:hashes.MD5 = '9a97ddbb141d01ce0b1b994399cfb7dc' AND file:hashes.SHA1 = 'e841a63e47361a572db9a7334af459ddca11347a' AND file:hashes.SHA256 = '5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0cc004d1-66e1-471f-af25-5ed9301bc765", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:35.000Z", "modified": "2019-12-13T13:57:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-13T05:13:50", "category": "Other", "uuid": "1470140e-a854-4eff-876f-296372ed2b6f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022/analysis/1576214030/", "category": "Payload delivery", "uuid": "eb72bc03-9c83-4050-ade5-242671cf68a4" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/69", "category": "Payload delivery", "uuid": "aee60370-6aa3-49fc-b8fe-f370a4b083aa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98de906b-cea2-4397-b05f-17ca7375d016", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:35.000Z", "modified": "2019-12-13T13:57:35.000Z", "pattern": "[file:hashes.MD5 = 'fee9bc26f55c2049e1b64616a442dc7b' AND file:hashes.SHA1 = '79ef78a797403a4ed1a616c68e07fff868a8650a' AND file:hashes.SHA256 = '2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-13T13:57:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--59638fcb-5d31-4187-8809-1ea84b8f6941", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-13T13:57:36.000Z", "modified": "2019-12-13T13:57:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-20T16:14:01", "category": "Other", "uuid": "274253ce-2484-430a-b650-d496e365efb7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29/analysis/1542730441/", "category": "Payload delivery", "uuid": "edcc66d8-48c3-4d2b-9728-87b7904e6e5b" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/65", "category": "Payload delivery", "uuid": "73195f2e-781b-4453-8169-7acff91432c6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce4bab44-39db-47ea-990a-2a5293294d6b", "created": "2019-12-13T13:57:36.000Z", "modified": "2019-12-13T13:57:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--693e7281-40be-4cb3-8d42-f1b88c69afd9", "target_ref": "x-misp-object--5792ac9e-9214-4610-b440-f5afaa5d1539" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b77948fd-90d2-4c7f-b886-6d0801aaa8e4", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--70155b79-cdd0-440e-bedd-0386e13c85eb", "target_ref": "x-misp-object--ce794ae7-39c0-4845-8bf8-38b89a365563" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f55c9f92-7566-4ae0-8a40-8ecee8f9975b", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--102841b3-7248-485e-b1a8-9cc72ed1efbb", "target_ref": "x-misp-object--33bc1e10-c0af-465f-96e8-cf37ab9202bf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d23a87ac-9344-4de7-a554-12922b1db624", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b6b3ac5a-b33a-422f-93c1-17a9ea2530b1", "target_ref": "x-misp-object--3d5fb681-223c-43f5-95ca-1fd0a5901117" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a97a70eb-f1ca-4c6d-92bb-d22e29d57d76", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--978422c6-1b76-46fe-8ee6-09cf6b05a382", "target_ref": "x-misp-object--5cf9c477-54ee-4314-8618-94b32a714bd2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a09a0713-8835-4966-aff0-35565e7be988", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--db7f46ee-b12d-4740-b7f4-2a6a75d4d220", "target_ref": "x-misp-object--cd155fb0-ffa7-4c2d-9abe-9da8b19e38a9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1d7ec7e-41f4-44d4-aaf3-788a5d06b4fa", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--39743303-990f-4a10-ab79-e6d47f402ed7", "target_ref": "x-misp-object--b72db847-00e8-40b7-98f4-4f75dfb66774" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48556c3b-1f92-4d7f-897a-a10fd1d773ad", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0437445d-8bc7-47a2-96a6-4f86ad3906bc", "target_ref": "x-misp-object--bbc49ff1-0987-4ad0-8546-454088138ebd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c40afe6e-3c60-4aba-a4c0-6f3dfc6c4921", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--53bc836d-94d5-4620-b23a-ce3bf3cc4b2e", "target_ref": "x-misp-object--34935b31-c353-4fff-bbf8-6138b7a1509a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa58f756-6999-47b6-9dd8-2b0bc6f8f10c", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cdcde630-7eb0-4b15-ac5b-de2ce5429c42", "target_ref": "x-misp-object--e7833a09-cac6-42ca-8b1a-945a7bfec0f6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a7bafd83-7519-4b9a-9919-9bfa0d5f30c6", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--57ef2d67-fc65-4c12-ab9f-10ea2a89f9e0", "target_ref": "x-misp-object--0cc004d1-66e1-471f-af25-5ed9301bc765" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0d6b12c-8718-419d-bfd6-59c8463439d0", "created": "2019-12-13T13:57:37.000Z", "modified": "2019-12-13T13:57:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--98de906b-cea2-4397-b05f-17ca7375d016", "target_ref": "x-misp-object--59638fcb-5d31-4187-8809-1ea84b8f6941" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }