{ "type": "bundle", "id": "bundle--5ad5bc00-d988-48bb-9293-2135950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:11:57.000Z", "modified": "2018-04-20T09:11:57.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5ad5bc00-d988-48bb-9293-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:11:57.000Z", "modified": "2018-04-20T09:11:57.000Z", "name": "OSINT - Talos/Cisco Threat Roundup for April 6 - 13", "published": "2018-04-20T09:12:59Z", "object_refs": [ "indicator--5ad5bc17-d2b4-4902-8453-2133950d210f", "indicator--5ad5bc17-bb60-4d19-a86c-2133950d210f", "indicator--5ad5bc18-7ee8-4354-ba91-2133950d210f", "indicator--5ad5bc18-1580-4efa-b81c-2133950d210f", "indicator--5ad5bc18-346c-4a97-a0f9-2133950d210f", "indicator--5ad5bc27-d3f0-4174-86a2-2105950d210f", "indicator--5ad5bc28-8c90-49e9-8dd9-2105950d210f", "indicator--5ad5bc28-15b0-4355-836e-2105950d210f", "indicator--5ad5bc28-6cd4-4054-8e52-2105950d210f", "observed-data--5ad5bc34-d378-4050-9152-2134950d210f", "url--5ad5bc34-d378-4050-9152-2134950d210f", "indicator--5ad5bc56-ba44-4b4d-a342-4a3d950d210f", "indicator--5ad5bc56-ae30-40dd-b2ac-49b9950d210f", "indicator--5ad5bc57-a220-41bf-94f1-457a950d210f", "indicator--5ad5bc57-1784-41fc-b9b5-4dae950d210f", "indicator--5ad5bc57-c3f8-4904-8e25-4e98950d210f", "indicator--5ad5bc58-2758-4247-bcc6-4aac950d210f", "indicator--5ad5bc58-adf0-4b60-806e-4abb950d210f", "indicator--5ad5bc59-4570-49e8-88fb-431d950d210f", "indicator--5ad5bc59-8f48-4308-8bfb-49d8950d210f", "indicator--5ad5bc59-aa78-41b1-9d73-46bb950d210f", "indicator--5ad5bc5a-de94-4d91-901d-4658950d210f", "indicator--5ad5bc5a-4b04-477d-890c-4d36950d210f", "indicator--5ad5bc5b-7e08-4f15-af49-478d950d210f", "indicator--5ad5bc5b-f808-4a39-b552-4db5950d210f", "indicator--5ad5bc5c-da98-4b7a-b9f6-4201950d210f", "indicator--5ad5bc5c-c52c-4d38-8067-450f950d210f", "indicator--5ad5bc5c-5da8-42af-951d-4d53950d210f", "indicator--5ad5bc5d-e9b0-40b1-acc7-44b3950d210f", "indicator--5ad5bc5d-fd5c-4e4e-980c-49e6950d210f", "indicator--5ad5bc5e-ec34-4911-b09f-4b75950d210f", "indicator--5ad5bc5e-d19c-4bc2-bcd7-4bef950d210f", "indicator--5ad5bc5f-fe68-49c6-a3c9-4a6e950d210f", "indicator--5ad5bc5f-1d74-4651-a100-450a950d210f", "indicator--5ad5bc60-df30-4572-bdf6-47f5950d210f", "indicator--5ad5bc60-0670-4423-ad02-4b87950d210f", "indicator--5ad5bca9-d554-437a-bcaa-46f8950d210f", "indicator--5ad5bcbe-06c4-474e-ab97-4145950d210f", "observed-data--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f", "domain-name--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f", "indicator--5ad5bd2a-1fdc-4e2b-bf6d-2135950d210f", "indicator--5ad5bd2b-4298-4151-a76a-2135950d210f", "indicator--5ad5bd2b-dac8-4912-aec3-2135950d210f", "indicator--5ad5bd2b-7418-468b-ae9d-2135950d210f", "indicator--5ad5bd4d-1490-4fae-95c6-4454950d210f", "indicator--5ad5bd4d-4a24-4c7e-b423-4ea0950d210f", "indicator--5ad5bd4e-5980-4712-9599-4250950d210f", "indicator--5ad5bd4e-af4c-41b7-a076-4962950d210f", "indicator--5ad5bd4f-2c18-405a-adab-43d6950d210f", "indicator--5ad5bd4f-71ac-439d-a73d-45fd950d210f", "indicator--5ad5bd4f-52ec-437a-997b-414b950d210f", "indicator--5ad5bd50-e740-490f-86fa-4ee2950d210f", "indicator--5ad5bd50-f0d0-47a7-a915-4991950d210f", "indicator--5ad5bd50-a1cc-4857-aa5d-44f2950d210f", "indicator--5ad5bd6d-0178-4d74-8d40-4ba1950d210f", "observed-data--5ad5bd6e-7378-4136-8027-41a4950d210f", "windows-registry-key--5ad5bd6e-7378-4136-8027-41a4950d210f", "indicator--5ad5bd6e-c170-4c8b-856b-4635950d210f", "observed-data--5ad5bd6e-86dc-418e-9aa9-4362950d210f", "windows-registry-key--5ad5bd6e-86dc-418e-9aa9-4362950d210f", "indicator--5ad5bd6f-2d30-421e-9ba1-430d950d210f", "indicator--5ad5bd6f-e854-47a9-9995-4661950d210f", "indicator--5ad5bd70-aa20-4e06-9194-4635950d210f", "indicator--5ad5bd70-1c58-4be6-aef8-4f0e950d210f", "indicator--5ad5bd70-c500-4493-9481-4d18950d210f", "observed-data--5ad5bd71-4894-4eb5-a879-493a950d210f", "windows-registry-key--5ad5bd71-4894-4eb5-a879-493a950d210f", "indicator--5ad5bd71-a870-415f-8710-4ae5950d210f", "indicator--5ad5bd72-a33c-4f97-8452-4c2d950d210f", "indicator--5ad5bd72-8f20-4bf5-9743-43ec950d210f", "indicator--5ad5bd72-706c-4609-92d7-4930950d210f", "indicator--5ad5bd73-a3b0-4af3-ba12-47f1950d210f", "indicator--5ad5bd73-6a70-4b8b-af9b-4afc950d210f", "observed-data--5ad5bd74-37f4-46c9-a6bc-459a950d210f", "windows-registry-key--5ad5bd74-37f4-46c9-a6bc-459a950d210f", "indicator--5ad5bd74-85b4-4cf0-919e-4868950d210f", "indicator--5ad5bd95-354c-49a7-95bf-2135950d210f", "indicator--5ad5bd96-3784-4d69-a211-2135950d210f", "indicator--5ad5bd96-1d30-4389-9fb6-2135950d210f", "indicator--5ad5bd97-e4b4-4de5-95ab-2135950d210f", "indicator--5ad5bd97-6bbc-4b0b-9aa6-2135950d210f", "indicator--5ad5bd98-ed34-4052-ae05-2135950d210f", "indicator--5ad5bd98-cf6c-4d74-a084-2135950d210f", "indicator--5ad5bd98-e250-4bd5-a891-2135950d210f", "indicator--5ad5bd99-d9a0-47ea-a8be-2135950d210f", "indicator--5ad5bd99-4084-48e3-b142-2135950d210f", "indicator--5ad5bd9a-a804-41f0-a284-2135950d210f", "indicator--5ad5bd9a-95c0-4312-a2af-2135950d210f", "indicator--5ad5bd9a-6830-4f10-9018-2135950d210f", "indicator--5ad5bd9b-2c78-44ff-85f3-2135950d210f", "indicator--5ad5bd9b-8d54-4ba2-b249-2135950d210f", "indicator--5ad5bd9c-cad0-43fd-892d-2135950d210f", "indicator--5ad5bd9c-f994-4ea5-8975-2135950d210f", "indicator--5ad5bd9c-031c-40d6-98bf-2135950d210f", "indicator--5ad5bd9d-e554-4fc7-ba1d-2135950d210f", "indicator--5ad5bd9d-1e1c-434f-bbb3-2135950d210f", "indicator--5ad5bd9e-5030-431e-8562-2135950d210f", "indicator--5ad5bd9e-30e8-4ffa-968b-2135950d210f", "indicator--5ad5bd9f-7848-4529-bb8e-2135950d210f", "indicator--5ad5bd9f-a110-4657-ae42-2135950d210f", "indicator--5ad5bd9f-daa4-41b1-8eaa-2135950d210f", "indicator--5ad5bea5-9404-45af-be5e-2443950d210f", "indicator--5ad5bea5-be08-40da-84a4-2443950d210f", "indicator--5ad5bea5-9c44-4bf6-afee-2443950d210f", "indicator--5ad5bea5-76fc-4b80-bced-2443950d210f", "indicator--5ad5bea5-eb9c-472a-8557-2443950d210f", "indicator--5ad5bea5-ac8c-40ef-b307-2443950d210f", "indicator--5ad5bea5-6ea8-407f-95c6-2443950d210f", "indicator--5ad5bea5-1f94-4184-b3e3-2443950d210f", "indicator--5ad5bea5-e660-4caf-90e5-2443950d210f", "indicator--5ad5bea5-ad90-4ea3-9e89-2443950d210f", "indicator--5ad5bea5-56ac-4c9f-9041-2443950d210f", "indicator--5ad5bea5-ed08-4849-bd91-2443950d210f", "indicator--5ad5bea5-8940-486f-9da7-2443950d210f", "indicator--5ad5bea5-0ffc-473b-8bec-2443950d210f", "indicator--5ad5bea5-9528-41d6-aac3-2443950d210f", "indicator--5ad5bea5-26d4-4a61-a6f6-2443950d210f", "indicator--5ad5bea5-2bfc-420c-833f-2443950d210f", "indicator--5ad5bea5-4c18-42bd-9eec-2443950d210f", "indicator--5ad5bee6-e57c-4fb9-ba55-2134950d210f", "indicator--5ad5bee7-50fc-4a49-b96d-2134950d210f", "indicator--5ad5bee7-50d8-4a9d-abb0-2134950d210f", "indicator--5ad5bee7-bff0-428b-9e2c-2134950d210f", "indicator--5ad5bee8-3f50-41ef-9cf6-2134950d210f", "indicator--5ad5bee8-bf58-4dd4-875a-2134950d210f", "indicator--5ad5bee9-bec0-44e4-a6d2-2134950d210f", "indicator--5ad5bee9-016c-4288-a267-2134950d210f", "indicator--5ad5bee9-610c-41ee-9b39-2134950d210f", "indicator--5ad5beea-4204-4cc4-9acf-2134950d210f", "indicator--5ad5beea-41f8-4227-ad39-2134950d210f", "indicator--5ad5beeb-8114-421c-81fc-2134950d210f", "indicator--5ad5beeb-4c24-49b5-8ea1-2134950d210f", "indicator--5ad5beec-7568-4a94-85b2-2134950d210f", "indicator--5ad5beec-a088-46a9-93ae-2134950d210f", "indicator--5ad5beec-e600-4b55-9e92-2134950d210f", "indicator--5ad5beed-0220-4adf-9ea2-2134950d210f", "indicator--5ad5beed-73f0-40ba-a922-2134950d210f", "indicator--5ad5beee-b710-4fe7-8159-2134950d210f", "indicator--5ad5beee-39c8-495b-a7b5-2134950d210f", "indicator--5ad5beee-1e90-4d38-a935-2134950d210f", "indicator--5ad5beef-b80c-4f61-bfb4-2134950d210f", "indicator--5ad5beef-7498-49aa-abd0-2134950d210f", "indicator--5ad5bef0-b040-4436-b953-2134950d210f", "indicator--5ad5bef0-511c-42ee-8fe7-2134950d210f", "observed-data--5ad5c543-92b8-4648-af41-45a0950d210f", "mutex--5ad5c543-92b8-4648-af41-45a0950d210f", "indicator--5ad5d370-bae8-429c-862d-4a8c950d210f", "indicator--5ad5d371-c774-497c-8e27-4706950d210f", "indicator--5ad5d3a3-e298-4956-989d-243b950d210f", "indicator--5ad5d3a4-07a4-49e5-9c58-243b950d210f", "indicator--5ad5d3a4-3bc0-42e1-b7cc-243b950d210f", "indicator--5ad5d3a5-f828-4ef1-b2ea-243b950d210f", "indicator--5ad5d3a5-f920-4475-afea-243b950d210f", "indicator--5ad5d3a5-dc18-4c46-be57-243b950d210f", "indicator--5ad5d3a6-de3c-4eb1-ac25-243b950d210f", "indicator--5ad5d3a6-1fb8-4ff9-b1c9-243b950d210f", "indicator--5ad5d3a7-cbd0-42f5-aa2e-243b950d210f", "indicator--5ad5d3a7-c294-49cf-ac38-243b950d210f", "indicator--5ad5d3a7-dba4-4f49-a12c-243b950d210f", "indicator--5ad5d3a8-4e2c-4dbe-9db6-243b950d210f", "indicator--5ad5d3a8-c514-46bc-a3e1-243b950d210f", "indicator--5ad5d3a9-e248-4f8c-b955-243b950d210f", "indicator--5ad5d3a9-7924-4802-ba83-243b950d210f", "indicator--5ad5d3a9-c654-4aa7-9bd9-243b950d210f", "indicator--5ad5d3aa-fbc8-422b-93f5-243b950d210f", "indicator--5ad5d3aa-0b2c-491a-9b07-243b950d210f", "indicator--5ad5d3ab-9598-4729-821c-243b950d210f", "indicator--5ad5d3ab-1980-401f-af4c-243b950d210f", "indicator--5ad5d3ab-ceb4-4edf-b75e-243b950d210f", "indicator--5ad5d3ac-f5a0-48d0-948a-243b950d210f", "indicator--5ad5d3ac-1ac4-4e14-af1f-243b950d210f", "indicator--5ad5d3ad-b024-4bd7-9640-243b950d210f", "indicator--5ad5d3ad-599c-4727-8962-243b950d210f", "indicator--5ad5d964-4598-41ca-9c0f-a0a3950d210f", "indicator--5ad5d964-11b8-4b37-a4f1-a0a3950d210f", "indicator--5ad5d964-d98c-404f-8a50-a0a3950d210f", "indicator--5ad5d9ac-c5ac-4c4e-8211-a1d4950d210f", "indicator--5ad5d9ad-7214-4623-bdc6-a1d4950d210f", "indicator--5ad5d9ad-0f34-4b2d-9f8e-a1d4950d210f", "indicator--5ad5f0f5-1140-4653-a5ee-4b3b950d210f", "indicator--5ad5f0f6-4e00-4a26-a357-4ffb950d210f", "indicator--5ad5f0f6-8b6c-4695-bd9d-4c5b950d210f", "indicator--5ad5f0f7-88ec-437c-984f-4014950d210f", "indicator--5ad5f0f8-c34c-457c-aeb3-4438950d210f", "indicator--5ad5f0f8-5860-4a44-93bd-4ba2950d210f", "indicator--5ad5f0f8-1bb8-4caf-b2e7-431d950d210f", "indicator--5ad5f0f9-6a40-46c1-bd92-45c3950d210f", "indicator--5ad5f0f9-63f8-4f8c-97a5-4e18950d210f", "indicator--5ad5f0fa-6de8-4b15-8027-4191950d210f", "indicator--5ad5f0fa-1df8-4e66-90d0-4557950d210f", "indicator--5ad5f0fb-7134-4d0e-b0f5-4eb3950d210f", "indicator--5ad5f0fb-74dc-43d0-8b39-43ce950d210f", "indicator--5ad5f0fc-f2e4-4b91-8b27-4d61950d210f", "indicator--5ad5f0fe-67fc-464c-b0d2-4bb6950d210f", "indicator--5ad5f0ff-657c-457e-a74e-4b17950d210f", "indicator--5ad5f0ff-e98c-4f46-a8fd-4980950d210f", "indicator--5ad5f100-1c08-4320-b4d4-428b950d210f", "indicator--5ad5f100-2800-496f-993a-4b96950d210f", "indicator--5ad5f101-9ff0-4170-a6a9-4b43950d210f", "indicator--5ad5f101-3e6c-4095-9810-4b7d950d210f", "indicator--5ad5f210-eda0-4291-ac47-4b67950d210f", "indicator--5ad5f211-bf5c-4b0b-97b3-4038950d210f", "indicator--5ad5f211-bd54-47d6-bb3a-4a99950d210f", "indicator--5ad5f212-36ac-45c0-bd4a-4769950d210f", "indicator--5ad5f212-a40c-4b2a-8361-4d16950d210f", "indicator--5ad5f213-2dc8-410e-a58d-4eb8950d210f", "indicator--5ad5f213-a4e4-44fe-96af-401f950d210f", "indicator--5ad5f213-cf88-43e9-bfb1-4702950d210f", "indicator--5ad5f214-52e8-4a64-847b-4df9950d210f", "indicator--5ad5f3cb-f368-4ad1-bc5f-4cf2950d210f", "indicator--5ad5f3cc-dd28-4c1d-9af4-4cdc950d210f", "indicator--5ad5f3cd-a07c-455b-8173-4e32950d210f", "indicator--5ad5f3cd-6278-4b4f-8810-442a950d210f", "indicator--5ad5f3ce-6690-4d18-a2c1-4133950d210f", "indicator--5ad5f3ce-1a1c-4d2a-b2b9-4327950d210f", "indicator--5ad5f3ce-2198-4ffc-bffa-411f950d210f", "indicator--5ad5f3cf-7c58-4a5b-9781-4a06950d210f", "indicator--5ad5f3cf-eed4-48e1-bde5-4068950d210f", "indicator--5ad5f3d0-d0c8-42e6-b303-4076950d210f", "indicator--5ad5f3d0-aff8-4da4-8fa1-4153950d210f", "indicator--5ad5f3d1-9bf0-40a6-9a60-41a0950d210f", "indicator--5ad5f3d1-bb88-46bb-83eb-42b0950d210f", "indicator--5ad5f3d1-c0f0-4fe5-9d6e-4de7950d210f", "indicator--5ad5f3d2-0064-413f-b95f-4074950d210f", "indicator--5ad5f3d2-362c-4c19-81a0-4b69950d210f", "indicator--5ad5f3d3-6f60-4351-8b4f-4d33950d210f", "indicator--5ad5f3d3-6620-41d9-86f7-41fd950d210f", "indicator--5ad5f3d4-e690-42cd-a28e-4e80950d210f", "observed-data--5ad5f851-4c38-4407-a13b-436d950d210f", "windows-registry-key--5ad5f851-4c38-4407-a13b-436d950d210f", "observed-data--5ad5f852-fca4-4c49-862f-4202950d210f", "windows-registry-key--5ad5f852-fca4-4c49-862f-4202950d210f", "observed-data--5ad5f852-c810-4df5-a5f8-45a8950d210f", "windows-registry-key--5ad5f852-c810-4df5-a5f8-45a8950d210f", "observed-data--5ad5f853-8f58-492a-8488-4ad7950d210f", "windows-registry-key--5ad5f853-8f58-492a-8488-4ad7950d210f", "observed-data--5ad5f853-6b7c-45d1-bc66-49eb950d210f", "windows-registry-key--5ad5f853-6b7c-45d1-bc66-49eb950d210f", "indicator--5ad6f368-0d14-45d4-914d-4411950d210f", "indicator--5ad6f368-9a7c-4654-a670-47ff950d210f", "indicator--5ad6f369-00c4-46b6-8aea-4a91950d210f", "indicator--5ad6f369-bd00-4721-a3f3-4d28950d210f", "indicator--5ad6f369-2740-4db8-98d0-4b31950d210f", "observed-data--5ad6f36a-5780-4671-b8a3-42c4950d210f", "domain-name--5ad6f36a-5780-4671-b8a3-42c4950d210f", "indicator--5ad6f36a-a7b4-4397-9ce8-45e2950d210f", "indicator--5ad6f36b-6cd4-4054-a272-4445950d210f", "observed-data--5ad6f49a-fb1c-48bc-94f9-4419950d210f", "mutex--5ad6f49a-fb1c-48bc-94f9-4419950d210f", "indicator--5ad6f509-2e3c-4b5e-a4b4-48a3950d210f", "indicator--5ad6f50a-1a78-49de-8491-4aa3950d210f", "indicator--5ad6f50a-42c8-48b9-bf8a-46c7950d210f", "indicator--5ad6f50a-b92c-4855-88ac-492e950d210f", "indicator--5ad6f50b-d154-4795-b7f3-47e7950d210f", "indicator--5ad6f50b-d714-4dce-9ed7-4f30950d210f", "indicator--5ad6f50b-b668-4b71-bfcb-4a28950d210f", "indicator--5ad6f50c-07dc-4e7e-844e-49dd950d210f", "indicator--5ad6f50c-31ec-4ca7-9ecc-4e7a950d210f", "indicator--5ad6f50d-e290-458b-befc-4bbe950d210f", "indicator--5ad6f50d-1a8c-4844-ad53-40f5950d210f", "indicator--5ad6f50e-2550-41da-a161-445b950d210f", "indicator--5ad6f50e-f01c-4cec-88c9-4232950d210f", "indicator--5ad6f50e-efa0-4487-9291-4e90950d210f", "indicator--5ad6f50f-c064-4e25-a17f-4fcb950d210f", "indicator--5ad6f50f-3194-4722-9575-48af950d210f", "indicator--5ad6f510-5a7c-4901-930f-4c91950d210f", "indicator--5ad71113-447c-41a1-9bd4-4e24950d210f", "observed-data--5ad71113-7aa4-4bfd-b9ac-49c5950d210f", "windows-registry-key--5ad71113-7aa4-4bfd-b9ac-49c5950d210f", "indicator--5ad73c88-56bc-4414-803a-7ba2950d210f", "indicator--5ad73c88-9f88-4029-b6c6-7ba2950d210f", "indicator--5ad73c89-3e98-4607-87f0-7ba2950d210f", "indicator--5ad73c89-055c-4812-80a0-7ba2950d210f", "indicator--5ad73c8a-57d8-4f69-a836-7ba2950d210f", "indicator--5ad73c8a-27ec-4308-81b8-7ba2950d210f", "indicator--5ad73c8b-584c-4667-a86f-7ba2950d210f", "indicator--5ad73c8b-42c8-4947-a2c8-7ba2950d210f", "indicator--5ad73c8c-d530-4489-820d-7ba2950d210f", "indicator--5ad73c8c-99d0-48b7-be88-7ba2950d210f", "indicator--5ad73c8c-20f8-44cc-8a1b-7ba2950d210f", "indicator--5ad73c8d-1654-4e71-a6d4-7ba2950d210f", "indicator--5ad73c8d-2888-4ed3-a247-7ba2950d210f", "indicator--5ad73c8e-57e0-4131-aa43-7ba2950d210f", "indicator--5ad73c8e-83b4-4b62-9db9-7ba2950d210f", "indicator--5ad73c8f-df38-4dfa-a837-7ba2950d210f", "indicator--5ad73c8f-ae2c-445e-8e26-7ba2950d210f", "indicator--5ad73c90-5394-4e42-87b1-7ba2950d210f", "indicator--5ad73c90-3768-45e1-b5e5-7ba2950d210f", "indicator--5ad73c91-f2bc-45d2-8433-7ba2950d210f", "indicator--5ad73c91-d9f0-4c95-aff6-7ba2950d210f", "indicator--5ad73c92-da9c-43f3-95ae-7ba2950d210f", "indicator--5ad73c92-e460-4485-bc27-7ba2950d210f", "indicator--5ad73c93-67c8-4844-b5eb-7ba2950d210f", "indicator--5ad73c93-7f38-4ee0-8843-7ba2950d210f", "indicator--5ad73c93-efb8-439d-b748-7ba2950d210f", "indicator--5ad73c94-2d30-45ff-9fff-7ba2950d210f", "indicator--5ad73d16-6bbc-47dd-8e71-21a4950d210f", "indicator--5ad73d16-3c70-4009-8cfd-21a4950d210f", "indicator--5ad73d17-86a0-40c3-a66d-21a4950d210f", "indicator--5ad73d17-da38-40bf-9fb6-21a4950d210f", "indicator--5ad73d17-67b4-42a8-ba91-21a4950d210f", "observed-data--5ad73d18-fa24-4b78-94c1-21a4950d210f", "domain-name--5ad73d18-fa24-4b78-94c1-21a4950d210f", "indicator--5ad73d19-80bc-426e-add3-21a4950d210f", "indicator--5ad73d19-f07c-4db8-8e0b-21a4950d210f", "indicator--5ad73d19-0744-48a0-b32e-21a4950d210f", "indicator--5ad73d1a-7044-4255-9e6f-21a4950d210f", "indicator--5ad73d1a-1034-4e73-a261-21a4950d210f", "indicator--5ad73d1b-b110-4c26-a2b6-21a4950d210f", "indicator--5ad73d1b-75b0-491c-8bac-21a4950d210f", "indicator--5ad73d1b-de28-44b4-a3b5-21a4950d210f", "indicator--5ad73d1c-5f18-49a5-abd6-21a4950d210f", "indicator--5ad73d1c-6158-42bc-8cc9-21a4950d210f", "indicator--5ad73d1d-71e8-4b2f-a09c-21a4950d210f", "indicator--5ad73d1d-fbb4-4047-afb3-21a4950d210f", "indicator--5ad73d1d-3654-4e9d-8677-21a4950d210f", "indicator--5ad73d1e-2150-46e9-9409-21a4950d210f", "indicator--5ad73d1e-5ee4-43e8-b824-21a4950d210f", "indicator--5ad73d1f-014c-4906-8d8c-21a4950d210f", "indicator--5ad73d1f-5508-42c7-bac1-21a4950d210f", "indicator--5ad73d1f-7944-4903-b661-21a4950d210f", "indicator--5ad73d20-7894-432b-ae81-21a4950d210f", "indicator--5ad73d20-f584-458b-9057-21a4950d210f", "indicator--5ad73d21-0dc8-4cc0-902c-21a4950d210f", "indicator--5ad73d21-5ac0-4c8b-8c2f-21a4950d210f", "indicator--5ad73d21-230c-412b-9b25-21a4950d210f", "indicator--5ad73d22-75c0-410d-abaf-21a4950d210f", "indicator--5ad73d22-91cc-4678-99df-21a4950d210f", "indicator--5ad73d23-6508-4f7f-800c-21a4950d210f", "indicator--5ad73d23-3ff4-40f7-b773-21a4950d210f", "indicator--5ad73f73-19b8-4bfc-8b13-7ba5950d210f", "indicator--5ad73fa0-6ed0-456b-8abc-7b9e950d210f", "indicator--5ad73fa0-d070-4d34-866b-7b9e950d210f", "indicator--5ad73fa1-70a4-4800-81f9-7b9e950d210f", "indicator--5ad73fa1-fde8-43a9-b2f1-7b9e950d210f", "indicator--5ad73fa2-33ac-4795-9641-7b9e950d210f", "indicator--5ad73fa2-13e0-409e-a743-7b9e950d210f", "indicator--5ad73fa3-fb38-4d1d-8955-7b9e950d210f", "indicator--5ad73fa3-c334-4f35-97ee-7b9e950d210f", "indicator--5ad73fa3-a3b4-46e6-85e7-7b9e950d210f", "indicator--5ad73fa4-0dc8-4f29-94b6-7b9e950d210f", "indicator--5ad73fa4-3f20-40a2-ae9e-7b9e950d210f", "indicator--5ad73fa5-3d2c-40a2-9c8b-7b9e950d210f", "indicator--5ad73fa5-a420-4e9f-a25d-7b9e950d210f", "indicator--5ad73fa5-3bdc-4d75-a2d2-7b9e950d210f", "indicator--5ad73fa6-8fd4-47f8-83e6-7b9e950d210f", "indicator--5ad73fa6-765c-4471-a3b3-7b9e950d210f", "indicator--5ad73fa7-5400-4faf-bd8b-7b9e950d210f", "indicator--5ad73fa7-711c-4f2d-ae86-7b9e950d210f", "indicator--5ad73fa7-47dc-4f2e-8c5a-7b9e950d210f", "indicator--5ad73fa8-f2b4-4348-9cf4-7b9e950d210f", "indicator--5ad73fa8-8e1c-4c31-a3ba-7b9e950d210f", "indicator--5ad73fa9-d408-42db-a368-7b9e950d210f", "indicator--5ad73fa9-f584-442c-9f41-7b9e950d210f", "indicator--5ad73fa9-e6f4-4f0d-9fd4-7b9e950d210f", "indicator--5ad73faa-75ac-41d4-ad16-7b9e950d210f", "indicator--5ad73faa-cbb4-4d33-b945-7b9e950d210f", "indicator--5ad73fab-79a4-43fd-84c1-7b9e950d210f", "indicator--5ad73fab-d5f8-42d8-b922-7b9e950d210f", "indicator--d8250151-a555-4e5e-9239-e4d6a705c550", "x-misp-object--f18a6769-9119-4ce8-8261-38c8c36c6d48", "indicator--5667d69e-d4e0-49ff-b66d-ee9c0d1606a0", "x-misp-object--2777d3d2-815c-4e73-92b3-e7c5f6a6bb4f", "indicator--5a0f795c-3740-4127-ae11-5719c06e4613", "x-misp-object--ff6c2680-4cca-4e84-aeef-dbf889d731cb", "indicator--7f770580-9cd5-4055-8779-f7214ff95236", "x-misp-object--ee0ed29e-9ebc-4abb-b406-61d5e5e7d74f", "indicator--16dd834b-161d-4a5d-a463-e0fe0c82ddb8", "x-misp-object--c2c034d9-7fc9-4b07-b85e-b77886481632", "indicator--1c3353ab-72a9-4b8d-bf7b-26b82f95bcab", "x-misp-object--ca39f2b2-ab66-4b27-b7c6-c0e6031aa3c6", "indicator--4bbac67b-db88-4ff1-b57e-99611cfee662", "x-misp-object--7d0a5db8-4b69-4b06-b514-861ac2bcc9c8", "indicator--38195b20-39ab-4f46-a15f-4cac8fa71f0b", "x-misp-object--b9326c01-9fbc-4562-9806-9eb7f18f1658", "indicator--23168de0-12c0-4447-aecb-32d09f2215d6", "x-misp-object--6ffec30e-27e2-4994-b80e-41bbfc7b35ca", "indicator--3797aea4-eab0-4f22-9e6d-a1a543cb0009", "x-misp-object--bc2915ec-2b50-47b9-abaa-3481306c33d2", "indicator--d9bd8f68-4507-4e45-b3b2-51b238bf210c", "x-misp-object--e050e2a6-56c7-45ff-82a3-771b9fed5773", "indicator--bdfb2aaf-fbc1-4f37-a1c2-3d2e7ab849e4", "x-misp-object--0b1fa52a-e14a-41b1-870c-6f2f34beb767", "indicator--5bf3dff0-e75c-4c33-b4a1-eb598f12b360", "x-misp-object--52911c0c-a5de-4e05-b24b-f95bc38926b4", "indicator--614923b5-0de4-4fc9-a207-736b5e32740d", "x-misp-object--8ea75fc7-ff1e-45ce-806b-6542e4d5da9c", "indicator--995bfffe-f2bd-4180-9982-f4700327897d", "x-misp-object--bdda72e7-74f6-4a7e-9ce2-860f07a867cc", "indicator--3d6d671b-63e1-4e34-add1-f1ac1def5d61", "x-misp-object--73b55eba-1b5c-4404-a1fe-f8776317e5db", "indicator--4faa8c04-91b8-4cae-a6e4-b7e025fba6fb", "x-misp-object--2c7fb252-23a4-4d0f-a7d2-38ef26d62292", "indicator--973396c7-45b7-4106-addf-ac2d80c845bf", "x-misp-object--caf0696e-f479-451b-87c4-55c4e29e725c", "indicator--54f5c200-a42b-4430-bbf0-b9669a922753", "x-misp-object--3c6123b5-074a-48ac-8e18-eacd3427f3e0", "indicator--31544fd1-56dd-45f2-b82e-92735845680d", "x-misp-object--3c388591-92db-40b6-ae4b-b929b333b015", "indicator--112a8e0b-9c16-4653-b33c-dd0c9395e5f1", "x-misp-object--3c1121a3-79bf-4e3d-9f13-9a8b93a071cb", "indicator--94710067-d371-4822-8b18-19de4086162d", "x-misp-object--682b1d3f-030c-4473-ba89-9cd2fe00057c", "indicator--4801e439-9b95-4e31-b323-19141dc9f661", "x-misp-object--49706bc5-c3ca-4603-9c8c-27e7b7da5aea", "indicator--a323b8bb-713c-49d2-9182-c5c82a7ad35d", "x-misp-object--3b0a52e2-f7d8-4624-9306-b85a5d163797", "indicator--471e1471-53fb-4110-b102-8cce0d58cf5b", "x-misp-object--afea6952-1d7c-42e2-8600-2db8d77a821e", "indicator--7db6a294-00d5-4a9d-b4ff-29e484eb8d4a", "x-misp-object--4f42f6bc-bc09-4beb-b412-645e35f3d61c", "indicator--30ffb028-4ee1-479d-ad8e-b16c1c787b24", "x-misp-object--cdd6e30a-cb0d-4276-8b1c-208f8db7873c", "indicator--58e315b7-b23a-4232-a7df-24c01f2c6147", "x-misp-object--a8ef1585-9219-4fd3-82c4-fd44b510ec44", "indicator--eead743e-4f7b-417e-ab5b-754be3ab4639", "x-misp-object--44db359a-2322-4199-b7b2-ad7047055145", "indicator--c462c18c-5dd2-474d-9bdb-683249100648", "x-misp-object--51803a65-599e-4c65-a62e-47cedcfdf679", "indicator--24579f89-a5e2-40a1-b402-1a3f503a9fee", "x-misp-object--4df065d3-0e9e-474e-99f0-ddcfd2163f78", "indicator--8e397422-74ed-45d1-9b6a-68a3333869ce", "x-misp-object--3136bde9-7b09-4380-9688-b316ff8030a3", "indicator--a9fa6c94-efe8-4dbf-b103-c24ab19cbbf7", "x-misp-object--62a360ce-dbdb-4fbb-8e80-7ce96f87946c", "indicator--f165aa6e-5d89-4258-8673-39c9f6b9948c", "x-misp-object--85cfd077-9915-43ee-80d6-d145645df836", "indicator--475a6596-dcd2-4cd5-bde7-91710d2635ae", "x-misp-object--20aa948a-2c13-4806-97db-a0b7b736ef88", "indicator--f66345c9-da87-4634-807e-95b40b3f7829", "x-misp-object--4f729230-95ef-4dd1-8e92-e3ca84fde7b0", "indicator--3ec767cb-63b7-4634-936d-ec2c72b7f414", "x-misp-object--e68803ee-8f52-4a45-b1ad-fadc751112e0", "indicator--2f1a76d0-7049-4e63-b652-573bad749c33", "x-misp-object--66400a8a-058c-46d1-be9e-5e0a8e28a098", "indicator--e7bf71e1-5ed5-46ce-8ba8-a1f4f00e8d19", "x-misp-object--92a63283-9df8-4cf5-831d-a1d429ae0a04", "indicator--1c7451e3-1e01-469b-87a2-8fe5a7a8a1b3", "x-misp-object--4f0576c0-d450-4279-9daa-96479dfa26ee", "indicator--fe05184f-77b8-4157-80b7-07aa043c9936", "x-misp-object--2f79727e-28c0-423d-9ed6-8cbf85e2b518", "indicator--3732f786-fed1-4ec0-81a2-cf90bac3e268", "x-misp-object--dc2dd4e7-efc4-4d62-8c13-1af4257ee137", "indicator--3bf3ae13-b58d-4f5d-8469-5a34c8122639", "x-misp-object--409f2f05-3619-4f32-9c87-2ba0be7d1f14", "indicator--ca3966ec-726d-4dcb-81f4-39c21bce3b57", "x-misp-object--54df5a27-b7e9-4370-b86a-434bc5c4bfb0", "indicator--54175632-8cf7-4b49-934a-da9ed750f839", "x-misp-object--1602037e-3d0a-4d7c-aad4-690589211f3d", "indicator--22060082-286e-4e92-a9de-5932cc66684c", "x-misp-object--da7a7be3-a8bf-4a4b-942e-6366ca70d287", "indicator--bc3cbc70-c086-48a4-8c6e-faf4f66dc4fd", "x-misp-object--fe8692b8-47ed-49ae-ac84-c200cf0fb40b", "indicator--f971946a-c11f-4e87-958e-b1216469856d", "x-misp-object--7fc03e03-5dfe-4d7b-9ca9-d4f2c47233fb", "indicator--820f1598-4c73-4860-8239-acc32c501496", "x-misp-object--686748b5-288c-48a2-9596-1fc1e96df87b", "indicator--9b31f6f2-1afa-4cc1-b1c9-3939d61c351e", "x-misp-object--c3012495-b7ed-4916-9049-53b6c65ac11b", "indicator--4febf0f3-b71a-45e4-baed-ebd75779a918", "x-misp-object--872d5324-22bb-4366-a495-9cfe1ab1fcb8", "indicator--b366383d-8567-41d5-8bd2-098a72d6410b", "x-misp-object--c18455f9-0c99-40ad-9307-b6c207b78199", "indicator--338c09b1-8889-4266-bc9c-9b6198986d8e", "x-misp-object--ed59d7cd-6596-4802-b2c8-8bc71943c90f", "indicator--9b0cbf41-9f55-4c12-af30-95638bcb9724", "x-misp-object--ddd0eeec-07f6-4e82-aa68-2237276ef93e", "indicator--23d68864-87dc-40f6-8bdb-0382a2de717f", "x-misp-object--6a099e7c-a5dd-400b-8bca-df7575a5f1e0", "indicator--bf50fe3f-7ce4-4162-bee5-5b58898ff862", "x-misp-object--e031d087-ef4b-4824-9859-b46854c2939b", "indicator--a2d09237-7842-4a7c-9966-66901fed8c9d", "x-misp-object--f2130b6f-d3b1-4d06-9938-964ee58f732c", "indicator--93d0b571-4b57-409a-8616-fe681227c5b0", "x-misp-object--ef46be73-9a3e-44c3-83c2-4ede304d137b", "indicator--d3888401-a744-46ca-af6a-ebd96da536f0", "x-misp-object--d0fb5f61-30c3-4b2e-a514-31fc3fff048f", "indicator--48f7985a-f575-46f2-b2a6-d8f9f349e20d", "x-misp-object--1ef1d86b-f368-4bf7-899f-8e2141bf5ae7", "indicator--bbb9a50d-b258-4447-b8a5-c15bf7581ae8", "x-misp-object--0a443b7d-1866-4230-b65b-dedabfe03e83", "indicator--34f4e2b6-3c81-4759-984f-86d7b4918862", "x-misp-object--332bc7c4-5a4e-4d1f-ad95-ba547a1bd03d", "indicator--d1fc796f-8f35-4217-a3cc-d034728cab47", "x-misp-object--91de0b6e-f4f2-43e9-8ea7-3f3e5341eecb", "indicator--8d5831df-85b4-49dd-ac0e-a65280af1025", "x-misp-object--0475bcfd-dcdf-44d2-87b0-2083883a290c", "indicator--2bd61b04-6327-416d-b613-a56d7c4a6dfe", "x-misp-object--610984d9-b024-4156-9823-26b761e17e15", "indicator--7bebd57c-bb57-4da1-a8b1-97fb53694f80", "x-misp-object--4d3f77ed-8659-4a4c-8a0f-65c772c7a7fe", "indicator--b91d5808-92ad-4fa7-9b4d-7348cc563091", "x-misp-object--7994aa0e-7f14-4988-8820-5ffe04a261d1", "indicator--f46250f9-0e9b-4e25-9bee-b06e384c3a53", "x-misp-object--c4796178-b6f0-433b-96a2-9b72e558e59a", "indicator--911c04f4-f1f2-44c4-8242-c69e588493f0", "x-misp-object--d436e73b-9629-4c08-988b-73650cd12315", "indicator--c878521d-9b6b-4046-a3d2-fc9798c3c8df", "x-misp-object--03a28507-7341-429a-afef-14f0e4faeae6", "indicator--ac554dac-0487-4973-be4d-4d2efbcfc1b9", "x-misp-object--49e363d6-17fc-41dc-b434-a102e236ceba", "indicator--7606e8b5-261a-40ea-99e1-383c9a1c85f7", "x-misp-object--a0ebe82c-5513-4e78-9d9c-2b1ee9be03c0", "indicator--5ad5d64c-0d2c-486c-99c7-a0bb950d210f", "indicator--5ad5d680-5248-4175-bd12-d066950d210f", "indicator--5ad5d764-6f6c-4d61-aed1-48bc950d210f", "indicator--5ad5d7de-2ab4-472e-9bba-2440950d210f", "indicator--5ad5d82c-72a8-406a-a4cb-a0bd950d210f", "indicator--5ad5d855-b3e0-450a-bfbd-d095950d210f", "indicator--5ad5df94-d030-4f98-bae7-44c8950d210f", "indicator--5ad5fa35-f650-49aa-81ab-4655950d210f", "indicator--5ad5fa7f-2914-45a7-98fc-45bd950d210f", "indicator--5ad5faa2-477c-4823-9ba7-4e7c950d210f", "indicator--5ad5fad4-36a0-4a9d-b4ae-40b8950d210f", "indicator--5ad5fd0d-c14c-4e4f-8529-41a2950d210f", "indicator--5ad5fd2c-951c-499f-9a2d-4650950d210f", "indicator--5ad5fefa-8fac-478c-bef3-4f19950d210f", "indicator--5ad5ff8f-9db8-443b-9835-40b9950d210f", "indicator--5ad5ffb4-6e7c-4470-9b29-4c86950d210f", "indicator--5ad5fff2-a58c-40ca-9898-41a7950d210f", "indicator--5ad60018-0020-4e76-bbc1-4034950d210f", "indicator--5ad601c5-1420-47fd-918b-42c2950d210f", "indicator--5ad60217-e4bc-4470-b1e6-43fd950d210f", "indicator--5ad60231-3f60-4002-88a6-8ee9950d210f", "indicator--5ad602de-93f8-4977-bd92-4336950d210f", "indicator--5ad6030d-01fc-4395-b374-4e42950d210f", "indicator--5ad60339-e7a8-4868-affe-4f0a950d210f", "indicator--5ad60491-c5b0-4344-9c7b-4ebf950d210f", "indicator--5ad604cf-5324-47a7-b121-4717950d210f", "indicator--5ad604f8-dd50-4b52-9771-4024950d210f", "indicator--5ad6050d-ee58-4332-b5df-4b28950d210f", "indicator--5ad60529-26b8-4106-a709-41da950d210f", "indicator--5ad60569-4b3c-4e88-b761-42c4950d210f", "indicator--5ad6058c-5b7c-4b6e-9ba7-4cdb950d210f", "indicator--5ad605a9-8c94-486a-bf56-4b33950d210f", "indicator--5ad605c4-f4c4-4066-8c84-41a1950d210f", "indicator--5ad6f828-d124-4a8a-b98c-486c950d210f", "indicator--5ad6f8ba-c420-4555-b293-4d40950d210f", "indicator--5ad6f91a-2de4-4254-9d2c-4a3e950d210f", "indicator--5ad6f9bb-17b8-45f7-95c1-4b2d950d210f", "indicator--5ad6f9e4-6c78-41af-a9b3-4281950d210f", "indicator--5ad6f9fc-db4c-4b83-bf35-4316950d210f", "indicator--5ad6fa19-558c-4a98-acec-4b42950d210f", "indicator--5ad7118c-1138-4b45-8e7d-459f950d210f", "indicator--5ad711dd-2f60-48cb-8064-47a1950d210f", "indicator--5ad7141a-7b48-45e6-b995-4900950d210f", "indicator--5ad71704-9bf0-4378-bb92-4080950d210f", "indicator--5ad71723-79f0-4756-a2b4-476f950d210f", "indicator--5ad71760-a4ac-4bbf-be00-4450950d210f", "indicator--5ad7178f-2830-42b7-b039-4712950d210f", "indicator--5ad717a7-fb54-41c9-b567-47a0950d210f", "indicator--5ad736e3-c084-4e9a-b288-7b76950d210f", "indicator--5ad73722-7364-4e67-9abd-20c4950d210f", "indicator--5ad73ecf-f4a4-48dd-bc42-7ba2950d210f", "indicator--5ad73ef5-ea08-492d-9124-219b950d210f", "indicator--3e803fec-57d0-4a64-bffa-8c406bfa4df8", "x-misp-object--1d03fb64-13be-4f35-87e1-ad4700b35b8c", "indicator--1d4884a7-3654-4522-9024-5916811aa592", "x-misp-object--b4b37264-5f7b-43ed-9857-782b9d942a9d", "indicator--b5665818-45ad-4e55-872a-d64f9564f57c", "x-misp-object--e2c5a4be-2cfe-4eed-8a62-52f5a8918745", "indicator--ce15aa39-ec50-4981-8929-3019908b5ceb", "x-misp-object--00da20c8-dd00-4c56-bfb0-46add8af6839", "indicator--1c88e6ef-671c-48e1-a0d0-9932be1a8cc5", "x-misp-object--452c6b20-11a0-41ca-bc89-a8e7de5f2779", "indicator--f128ac41-042d-495c-939c-11d3d83d1b19", "x-misp-object--05cc5c9e-5cf4-406f-8a8e-c7653cb7dcb5", "indicator--e0f188cf-3ab6-4014-9327-4c09757acf99", "x-misp-object--08068585-edc1-40fa-a64d-5080ad1e0311", "indicator--efdd79ca-bfbd-425d-816a-1de5a615d4f8", "x-misp-object--ee5376c5-6962-420f-aec1-e6ac03cf5ab3", "indicator--513cd9b4-6715-4444-81de-c6d9f0a86318", "x-misp-object--f7d51df1-5efb-42cb-891d-24f914eb835f", "indicator--8009eae4-08fe-4674-8c61-3d790fdeb86a", "x-misp-object--13ef15ad-c73c-4ae3-b7bb-4827d33f81f3", "indicator--f1f3104e-c6b4-4111-a006-5c69509c7f75", "x-misp-object--b7e219d4-82e9-40f3-9812-d833f1c4bf60", "indicator--73ac235c-e3db-4617-a968-47e2ea6f6b8b", "x-misp-object--279cd6bd-aa55-47a5-af76-2826253108bc", "indicator--e2119423-0173-4009-b875-e913f911653d", "x-misp-object--47f144bd-561a-4e14-b508-d7313f28add9", "indicator--526cfc6f-1c12-422e-89ba-f6de05aab48f", "x-misp-object--42544fa3-e8aa-4f6b-8869-2b12571c968f", "indicator--68952c57-5f30-4f16-b04a-6cadc596e4c6", "x-misp-object--0745ebfe-aea5-421a-8e0f-0c298339d924", "indicator--7d22be2e-b385-4542-bafd-8cda3281f8af", "x-misp-object--6c18a448-9381-44bb-b7ba-97b81413fc84", "indicator--b0b5debd-236b-418d-8531-a3bca58059e6", "x-misp-object--4d5cd1b8-e117-411c-afae-a3d69e619e90", "indicator--aa497e72-a431-479b-8077-5ac653a7ef21", "x-misp-object--451113c2-f016-43ed-a80e-dd42f3b61bf3", "indicator--a1283755-9512-4fb4-952b-2f4d65e1281e", "x-misp-object--24d66f9a-7b0a-4668-8c5c-6ca6050b9148", "indicator--9942e1a6-6aff-4d41-9c65-ac96ad725488", "x-misp-object--ea2d92b0-2297-4284-9a47-20f003e7649f", "indicator--ef41bd1f-8663-4df6-a8f0-a32f05ee2929", "x-misp-object--c7efea86-38e8-48f9-bbf4-7ed8e0cccd7d", "indicator--40076ee5-8c95-4b32-830d-016ea2cebaf2", "x-misp-object--1b50d528-62f5-4f78-9df4-40a2e5a095bd", "indicator--c4ce6a07-a96e-491d-912d-93b9c2853c3b", "x-misp-object--35102d8f-3918-45f0-b06f-e56249794342", "indicator--f93d9038-ecd3-4445-86e9-3887a797a5b7", "x-misp-object--5c3c3c27-41c9-4498-be03-8b7e20ef7a01", "indicator--4a801296-d29c-4f5f-8b79-cb38789995ae", "x-misp-object--b23c1243-8546-43e6-b6ac-bdc9a52e5bd4", "indicator--c9b13b31-1a5d-4a7e-a46f-d8dea222c73f", "x-misp-object--edd1a003-7c62-43a9-a8a4-f00159990874", "indicator--9766aaf4-2b4d-42a8-b271-07a8430ff750", "x-misp-object--9f9e8c03-a143-42d7-b717-70ed7682d916", "indicator--de30466c-306a-4ff8-a134-3016bd00c2da", "x-misp-object--d77bdd19-aec1-4b36-b72e-1d67bb46e2ee", "indicator--be24abb2-78bb-4d0a-9dff-b8d9d47ac518", "x-misp-object--7988c9d7-a714-433c-a302-4a38a99896d7", "indicator--ff8766ca-b4b6-4c3d-a8db-7c64fa5d5166", "x-misp-object--82da5b6c-dc6e-4612-be44-ee4bbd7a65e8", "indicator--c33e937c-3313-4bd8-9d42-8a213ad27271", "x-misp-object--a9affe73-79d3-46e1-9175-550e62f9d545", "indicator--5e70ded6-3a06-4520-86d4-77316815da01", "x-misp-object--a6d5940d-d687-4031-89c7-d527a7cb1083", "indicator--31abe87c-b601-4581-ba6c-55e716214d8e", "x-misp-object--d6f9fda9-bb3e-4a6d-951a-ef2b7b91810b", "indicator--ea39a79f-3211-4917-8ba8-11798108d030", "x-misp-object--36ca324b-a75e-40dc-a318-a368d201799b", "indicator--ba5fa1e3-8824-42b7-8158-8885efa936dc", "x-misp-object--4b6521e7-b216-4bb7-8b2e-d03294f7a176", "indicator--049ddb48-7266-48ef-946e-c19acf93d44b", "x-misp-object--44a5a106-6496-434f-837c-f4b710cbcfac", "indicator--797ea4f5-30c7-40ac-baf6-28db7149f503", "x-misp-object--1086f8ba-2d76-4d9b-b26a-5e18c595f194", "indicator--0ed8ca28-2829-4ca6-ba71-03b2a41bf521", "x-misp-object--d249aa60-eb0b-4861-a6b4-87b813998e73", "indicator--a91eac4f-7259-4a12-8838-2b0f051d6696", "x-misp-object--6088b568-f7ad-4a41-a8d8-d4522a466ac9", "indicator--e6ea2fd2-8462-4e6f-9a19-cce766827d36", "x-misp-object--16acc5bd-90ec-431b-bbca-953b2b06ece8", "indicator--ecdf5094-5fc6-44c6-8c47-412f3bb5b255", "x-misp-object--98a86f21-1cc1-4708-9b3e-74e14dfe7f48", "indicator--77cfb676-5e8d-4566-84e1-4e6817db2990", "x-misp-object--f604786f-c9dd-4c19-ab31-aa89044f4a1b", "indicator--96745ec9-e044-4f68-a3cb-383e0fa9f872", "x-misp-object--b55b4b48-6ba3-44f3-b8da-903bfd98ea29", "indicator--3f85b4db-24d4-40a8-a7d8-71d30219b53e", "x-misp-object--c55b37c5-82e6-4fc8-a929-4118f95504af", "indicator--1852f268-9a82-42b0-8a9e-d7e52d16abbd", "x-misp-object--f6ec3f23-3273-49b5-8dea-910fbcf248b5", "indicator--37bf3b5d-cb41-409f-94e9-f50be725a4af", "x-misp-object--f354861e-6452-4a92-a456-69b235657f4d", "indicator--fd71e68d-d005-441d-8ee0-7b5c1812bf8b", "x-misp-object--4c74c847-cc7b-492c-87b0-f33694b4c6ec", "indicator--139196f6-be99-47ed-b809-73d2853fa944", "x-misp-object--0a753999-8af3-41ac-8ddd-dcc50453ed70", "indicator--cc2b374f-3d33-44e7-a28a-aa0e6581036e", "x-misp-object--78ef6597-c29d-407c-90da-5c9ac51c0d20", "indicator--2b1058c5-64f7-4e3b-a392-29bf82262d28", "x-misp-object--d46ebad3-0ea9-4fa6-9449-2ed4fd77bda5", "indicator--a2904375-8986-41ef-b6b7-4cafbad88a0e", "x-misp-object--dd8685d4-ae68-4e10-9a02-4ff2a38bd092", "indicator--61c11e5f-54fb-43cc-9485-ccf4f7f6c41a", "x-misp-object--23867c24-4af9-4a2f-bedc-dda5c1b39c75", "indicator--964d2d64-c17a-4c3e-91bd-80776bc6644f", "x-misp-object--6c20a0c5-39a6-49c9-aaf2-9fb0b1938633", "indicator--9393f4f9-b9fc-416b-92bd-4c090307ae39", "x-misp-object--f22c7776-6135-4800-9901-5a4de6adee83", "indicator--c97afdae-f971-4e34-8ce8-c3f0151f6e38", "x-misp-object--395fc03d-627f-47dd-a7db-71cf2e558e15", "indicator--e1867223-f5e0-4877-a819-9612307f3867", "x-misp-object--c3feebd9-263b-4900-a98c-8bec8b9440f8", "indicator--b805ea51-f04a-4f6a-8ecf-c9ec51fa83cb", "x-misp-object--15222292-8bfb-4e86-91fa-b0e4ec0adc58", "indicator--eb42f6f1-2c60-490e-8e04-79cdc4144a37", "x-misp-object--8c0ecebc-54db-4732-b8e6-8a3e388aadaf", "indicator--7967e5b8-00eb-4320-9412-e01a082c07ec", "x-misp-object--7300f602-1abc-44a4-9093-a7e2165d7a91", "indicator--6007d8cd-f034-477a-9e08-2fd715e5e884", "x-misp-object--27e7462f-edef-4bff-b8fc-d526b1399b40", "indicator--04a6579c-e5e5-4b9f-8941-c896ddbea402", "x-misp-object--3c579ecb-1bdd-491f-bcae-9aeb77253f1d", "indicator--95c00602-db58-40f5-91c5-3b5abeb62f34", "x-misp-object--5ef6db2d-f867-495b-9515-aee0b0c69572", "indicator--927a32d1-3581-4660-a7cb-b3b983b1d2b6", "x-misp-object--f5e79c89-6ae1-40b3-8d64-7ccc44962818", "indicator--33ada061-a11c-4b80-bfe1-2a219c8b4216", "x-misp-object--4d75191a-9322-46a4-8bb1-28edd400300e", "indicator--231da622-eca5-46f9-8b3d-7a60271bbf5a", "x-misp-object--d8b83106-c718-4884-bc69-e1ec3157b231", "indicator--900b2299-4d91-4311-8eb6-3d8dcde3c53e", "x-misp-object--ba9454c8-868b-4c61-99a5-7f1c6eaba02e", "indicator--123260f2-c093-487a-8da6-0a38a26956b0", "x-misp-object--52bb8f52-813c-42b9-b810-935626ee2a80", "indicator--b9967b9a-c9d0-48cf-8c84-d7527995794e", "x-misp-object--bf02e3cf-264a-406b-bafe-860ff8d96eae", "indicator--1aa193f1-c768-4a16-a2cb-0c0381dba191", "x-misp-object--6bd8fb6f-dd9f-4d3f-aa56-e4c18e904991", "indicator--67459c2e-6974-4168-a4bb-0c94041b7a1c", "x-misp-object--d2ae4a97-361c-42ac-90f2-42867b1bec12", "indicator--7ee2136a-174e-41ca-8e77-c55b330a2d7d", "x-misp-object--4dcb2323-6adc-4e6f-9a4c-4da633df6bfa", "indicator--a558cc1a-df6e-4ddd-bd8c-694a27a2e298", "x-misp-object--ff7f2a21-2be3-447a-9137-7fd1eb8a7100", "indicator--966e7ca9-3fb4-4d2a-8c16-b8911848b40b", "x-misp-object--6b683fae-c19a-4048-a4df-87877482042a", "indicator--871505a5-67b3-4e0e-a061-771e9e689bf3", "x-misp-object--da838904-52a0-4aba-a34c-444c519ca9e9", "indicator--b1c027bf-e678-4107-9332-782883a20df5", "x-misp-object--e18d455e-9797-4cfd-bc4e-7f58784671eb", "indicator--2eaac486-82b0-49c2-8dc7-c0e0d1334bc5", "x-misp-object--4880b0ee-33df-4e81-8a32-8f53fabe84e0", "indicator--f74b8766-0e2c-48dd-97fe-7a6bcbd3683f", "x-misp-object--d5e5151a-6fe7-4aea-8c1b-f384641f3de1", "indicator--5e508395-c56b-44f3-8d8f-c27378c24948", "x-misp-object--91d65c73-3c78-4c78-9b43-04795a21d2dc", "indicator--ce1148cb-ccbb-4534-a264-987b0a02387e", "x-misp-object--7b05f522-f1e9-4890-b0bc-3dcbcd58388e", "indicator--8ed19c62-1efa-47b5-bd86-5ce3ea96eea3", "x-misp-object--ba0df232-2b85-4c6e-ad5f-0bf6e12cc26a", "indicator--c750f8a8-1526-41bf-9e8c-3ac273664df7", "x-misp-object--1d1ce1a4-cf6c-4dee-83fd-c67c479b0e7b", "indicator--0b93c146-e37e-43df-8900-5c0faf08a5f5", "x-misp-object--066ffd6c-1f8a-4876-b8e7-4c6c950c58d8", "relationship--87308c90-9b77-485f-ab06-df1ce4a90aee", "relationship--13d85698-038f-4371-a30c-8d078265ceb1", "relationship--bbf71e0c-90ae-4427-b608-0afe2f06cbe7", "relationship--b6cedbc6-f6a9-4547-95dd-7f38682d1c94", "relationship--59fa9eec-4ec9-4929-a029-c110bdaf4b9c", "relationship--f5249487-5afe-4298-bc1b-4fa084055de4", "relationship--9aedfb5b-6167-44e3-a9b8-0c04f24e1843", "relationship--8784247c-c14f-44f6-beba-1cb7a78dddb1", "relationship--d446323e-40aa-4418-86be-358e6a8adb9c", "relationship--cd5524a0-23ed-495b-9877-700786d09607", "relationship--28e45edc-01ea-424e-9b12-f16d3c20d739", "relationship--a30abce8-d2b6-45c4-b8de-ba6a386e5b51", "relationship--08a4f335-c068-44b2-9478-cdbfce8880c1", "relationship--a47e21f7-f455-48c3-9546-029f0a39b6c0", "relationship--c385d166-c894-4671-a409-f570e80fceb7", "relationship--1ad099c5-a313-441e-808e-616c5d9c1266", "relationship--eb40c929-69e2-429d-9c11-dc6b82b5496d", "relationship--bc45c418-edc9-4c2b-8783-15b5ea59e50c", "relationship--98749d0b-9257-4dff-bef7-bf02c4830cec", "relationship--9804dfbc-a6fb-4833-bfdd-0435a6593240", "relationship--9e9cab4d-2d1e-48e1-a2e8-e75e8f4a0194", "relationship--8a589b76-efb7-40f2-98de-d39427ff5a69", "relationship--d543c7cd-04ed-43ee-aced-1a35d7b8f315", "relationship--c69cfa15-0f8d-47c6-8a46-649b92a7314b", "relationship--2c6ec0a3-7f4b-4df9-bc16-0a7aaf3c53bc", "relationship--d8889f6b-dd5a-476e-b83c-347e5646dfbe", "relationship--fa6e7ec9-46a0-4102-9f64-f33ad4e31910", "relationship--dc39d21e-4508-4211-a528-b02cd34de80c", "relationship--c21f5f7b-3911-4b6f-83b1-cb3b8059435e", "relationship--5c6f7df0-0447-4cb1-b494-7b34de17f64a", "relationship--e96b732d-4845-4445-b0cf-1b87a5ae1267", "relationship--c088aac3-32a1-4c85-bdc8-4dcc1db1bd69", "relationship--79b663ba-4c96-4bdc-bfb9-3f4e7b4301ad", "relationship--c7e987f0-2a38-45f1-b30a-32ef9f513d2a", "relationship--40552076-e662-4d58-a584-b111d6b29151", "relationship--e9d69380-127a-4369-9664-5e75e1c57bfc", "relationship--7a95e681-db14-4cba-b3f6-4529f815582c", "relationship--3e0fec1d-5ee6-4358-ab35-06e63934fd83", "relationship--c5622810-9ca3-42b6-9980-0ccdc58e578e", "relationship--32d1c533-aaa8-46d6-aa3c-32b5b16d8687", "relationship--ab2564f2-8ebd-4014-869a-9cdcf4c87210", "relationship--55b5a4ff-e048-42cd-a580-dcd934289292", "relationship--baf1833c-0ad7-4f58-8ab7-9bd1ffea253d", "relationship--bdf67d1f-3f1f-40fc-80d2-0ad7e89e68f3", "relationship--c8ad7091-e08c-4f12-b13f-db4dc81c7702", "relationship--37c50d90-db1d-4e3b-810d-8a5e19f5e4fa", "relationship--0460e90a-01a9-4338-b08b-b54de83a63ef", "relationship--7b756392-8163-49fa-9fee-309d0308263e", "relationship--7bc42fa1-e7e1-4466-bf4a-2da6be7b4a69", "relationship--0ec66bf6-0e38-43b8-be5c-aae93322f7d3", "relationship--039e7736-d8c6-4013-bf52-7c8fc225736d", "relationship--704e7518-b793-4506-8d61-2322290dab61", "relationship--08da14fc-ebc9-411a-9b48-63b71a5eeea9", "relationship--69d7dc32-6226-4c26-9a4e-d9a31428ce90", "relationship--c40567aa-7ad3-4782-bd1a-655367ef2d56", "relationship--24071bda-1f57-4a6c-9833-9cc6eda686bd", "relationship--872f5323-381d-4f08-8ce3-ab0c16100bec", "relationship--65e9a9fb-f749-4f0e-9e95-39a7858a7340", "relationship--3518dd94-7902-4a53-9e3c-e277c0ad9121", "relationship--bfb04b99-69eb-4dfb-8b92-4cc53b9610d3", "relationship--95f78ca8-6817-492e-95c5-d854bdbf34fc", "relationship--08dfd337-e863-4cfe-b2a2-5d2e871f15d6", "relationship--66fd6b46-7a42-43a3-9ee5-271d30e66e45", "relationship--1b96c356-824b-4288-bf3e-fc9e29f16dae", "relationship--dc8d491e-db81-4978-b7ec-f8a2e753a000", "relationship--07d525aa-eeb7-4704-b466-72b58fcac900", "relationship--fe96a059-208e-46d4-8daa-9617f5c4b209", "relationship--add13a8b-139a-4e1d-b9c8-1adf035d0423", "relationship--ef8938da-9aac-41a7-b1f0-ab247a884772", "relationship--9e574553-a812-4982-b999-b4ba14e6e882", "relationship--faca5f54-ad71-4778-b4e8-072a9e2c2d81", "relationship--42ddd102-4d32-441e-bce7-938668afd3bc", "relationship--caf6e812-4d5c-40dd-aa35-5c46d984b164", "relationship--7f56342a-d674-486d-8bcc-06dc7ba5a439", "relationship--9ab50b46-f2d0-41ae-9f61-68b3bddfd360", "relationship--209cf88c-b085-47e6-aff4-d27de4c98d21", "relationship--7c18ce0f-daa3-4140-a0c5-baa6fc5a000b", "relationship--4afe1863-d22f-45eb-8123-9fbb9ac9be20", "relationship--5e2a8059-f97a-41e4-bf41-5e2d6385c410", "relationship--038f31fb-d469-4091-b062-d5a72c5bdbce", "relationship--28ca564e-d12b-4904-b929-261f8c9c5c10", "relationship--135ccc68-5485-4e0c-8914-51146c90c553", "relationship--ada07c3b-a88a-4b14-b923-8cba90ae9330", "relationship--3a57bcd3-e5f8-43c3-9fb8-8616f1ceaac2", "relationship--cf994441-bebf-4601-a9f9-7c3b76d022cf", "relationship--bfd0ffb7-7131-41db-b3d2-9b31e5fee4d6", "relationship--cf5a292f-4bd2-4ede-976d-26913079537b", "relationship--d7a5a239-a0cd-4988-8544-9a34a537837a", "relationship--020ad898-b9ee-4383-abb6-9b3525946f5e", "relationship--69d0921d-a87b-45f7-80ef-408454f83ded", "relationship--b285eef2-3fb0-4349-8f9f-6f639e6e1708", "relationship--d236ce7d-71d2-4b5e-b21a-36f931b31932", "relationship--81579c54-bc54-4aaa-a67e-6d1369e5f0d7", "relationship--51230d4e-cea6-49ab-ae2f-e779cb11cddf", "relationship--3196631f-3022-4574-86f8-bc4e1c4d4ebb", "relationship--53e8f7fe-3648-4b3f-b3e4-a391d57f5c7b", "relationship--8d986c8d-2db3-4386-bcc2-dd51a33acc6f", "relationship--965d3af2-3368-4da5-844d-9eee5ecc55cc", "relationship--070410de-66a1-4633-99ef-b61df4940502", "relationship--4bafb045-f7ef-4538-90e1-4f24116de787", "relationship--81ce73bd-d3bd-41b9-8f07-a3641f881829", "relationship--ce8ce892-f29c-4595-8c72-0aecb696eb6d", "relationship--8808f900-2a29-48dc-9bc0-af5449359460", "relationship--748cd53e-1f6a-4849-9cb0-c7bc607c0d6d", "relationship--26258908-c658-4c4e-9893-aea1f115b707", "relationship--1bd70fd0-33ae-4fd0-aa1f-a42ca15ad001", "relationship--05862f52-70e4-4d45-9e46-0e63b2d29596", "relationship--378e42d6-c4bc-4042-8d93-1c9f226250c6", "relationship--f7a80a60-399f-4afb-94ef-5e6bc8fe9917", "relationship--4aaa0ce7-6ad0-4cc9-abaa-1c3570cc69fb", "relationship--52ef5097-3b58-4725-a960-446af5dbbabf", "relationship--d1a9ecc6-d719-4abd-a72a-88c2c00d02c1", "relationship--9907b336-191f-42d5-b6dd-361499352194", "relationship--a77c48cb-c716-42c0-8fe4-ddf6224e9f79", "relationship--d935b4cc-8519-48de-8382-f2d925e5230e", "relationship--4d617596-53b1-4e66-8793-a6f5f743abbb", "relationship--b2d39f84-1e7c-4057-b0b5-613cb8ed4e08", "relationship--4f82d3c1-c248-463c-9aa7-2809da1d12d7", "relationship--57694c3f-1744-4be3-b79a-35163541f52e", "relationship--625d9913-a809-4814-a083-03324a2e4895", "relationship--d2bdc5ee-f71a-4974-9ab5-a75b8b28de47", "relationship--a06749b2-1709-4f37-b7d4-7ba99e6753e4", "relationship--6d98e633-924c-43f1-b1e4-3e944149facc", "relationship--9f07dd15-ee89-49cb-a258-fab361cee96b", "relationship--c004e09f-b56b-4385-8250-4e2479a959f0", "relationship--f7462081-7acc-4d50-b4d3-1011bacc38bb", "relationship--fc9d5ecc-1f2b-4c98-8017-75c89cce4cd8", "relationship--12540011-b625-4a22-b5b1-9e35237ea9ca", "relationship--cde331f3-334a-400b-8ace-e0153a592f2f", "relationship--dffb6cee-b0dd-4df8-bb04-7c2d4a3c5813", "relationship--939e6a4b-f100-4e8f-a10d-997cf4a053f7", "relationship--3aedfded-61eb-473f-9a65-bb97547139da", "relationship--aa4aaa65-38d8-4acd-b5a5-056ede1eb3b3", "relationship--60b24de9-899f-4a40-8a57-5eaeb45702db", "relationship--94383110-b42e-4380-9a73-55027a006730", "relationship--b1efacc8-9258-410c-81a9-9032d5e87c06", "relationship--eb6950f5-76fb-4356-ad87-8feb0630b50d", "relationship--b1b57363-70cf-417e-a093-879f91a3739d", "relationship--6afe942f-362c-4089-909b-b9d4bdd54823", "relationship--daf04e6b-ea75-4c54-977c-5bf8c5db562e", "relationship--4434af00-fd20-4c0d-ab23-e74866bd576d", "relationship--b0c1ac63-454d-4ed9-92b7-518b577f7528", "relationship--ebf0a78a-2de3-43e9-ae93-511d5f0c54a0", "relationship--2c92b03c-c40c-4cf0-82e3-bbf5d6d31fe9", "relationship--62b3b9fd-4702-4916-96a6-6fe3d0c3a2f8", "relationship--9bd4745c-6bf1-4f7d-b795-d636f4963f08", "relationship--7c37368d-8c70-4452-8fe4-cb57da87dfee", "relationship--82430df2-aeb0-42b5-a2b7-5174d17a18db", "relationship--07881c0c-80b2-4b55-94fa-cb5d91e9e78e", "relationship--122de45c-9197-40ec-8588-7126d54c0516", "relationship--7aeba813-f3fb-43d8-943a-4244ca865e96", "relationship--a45bf289-8b62-4f86-b88e-e50e74649af6", "relationship--bc0eae47-e388-493d-8a74-a19c42f19111", "relationship--d1caade4-3d01-4c10-940c-578815f57742" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc17-d2b4-4902-8453-2133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:08.000Z", "modified": "2018-04-20T09:07:08.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.77.68.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc17-bb60-4d19-a86c-2133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:08.000Z", "modified": "2018-04-20T09:07:08.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.78.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc18-7ee8-4354-ba91-2133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:09.000Z", "modified": "2018-04-20T09:07:09.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.63.57.87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc18-1580-4efa-b81c-2133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:09.000Z", "modified": "2018-04-20T09:07:09.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.192.16.184']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc18-346c-4a97-a0f9-2133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:09.000Z", "modified": "2018-04-20T09:07:09.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.37.56.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc27-d3f0-4174-86a2-2105950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:10.000Z", "modified": "2018-04-20T09:07:10.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[domain-name:value = 'gpt9.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc28-8c90-49e9-8dd9-2105950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:10.000Z", "modified": "2018-04-20T09:07:10.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[domain-name:value = 'optcdn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc28-15b0-4355-836e-2105950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:11.000Z", "modified": "2018-04-20T09:07:11.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[domain-name:value = 'www.userbest.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc28-6cd4-4054-8e52-2105950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:11.000Z", "modified": "2018-04-20T09:07:11.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[domain-name:value = 'optitm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5bc34-d378-4050-9152-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:12.000Z", "modified": "2018-04-20T09:07:12.000Z", "first_observed": "2018-04-20T09:07:12Z", "last_observed": "2018-04-20T09:07:12Z", "number_observed": 1, "object_refs": [ "url--5ad5bc34-d378-4050-9152-2134950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5ad5bc34-d378-4050-9152-2134950d210f", "value": "https://blog.talosintelligence.com/2018/04/threat-round-up-0406-0413.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc56-ba44-4b4d-a342-4a3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '599d9e37c39ec47a50b512e01449a37ff3c3354ed0b9b4de2ca7e8f2d3a33bfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc56-ae30-40dd-b2ac-49b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '4d0f0b7c9a3b8694895275fcc45aa1df3e6f2ad0c58563a40ac80776c705f821']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc57-a220-41bf-94f1-457a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '0aeb76bb929ea68275b904412054c3b15a73fd6479ee3daecd5ffd4c407eb721']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc57-1784-41fc-b9b5-4dae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'c76394aaf293cbf4bf3b9d7a94c251feac11435204664d700bb4bd87da3c1898']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc57-c3f8-4904-8e25-4e98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '66c2586add3eac9184972cfc7a6172532c16dc0d1e1f874e4cd3fa2276657c2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc58-2758-4247-bcc6-4aac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '02cb3c5568577ed9658fcf68b9f776d720e2f7355090b10875f0f9bb2b8ed161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc58-adf0-4b60-806e-4abb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '5f7f8a6fd32cf4d91efe01c2f1b7c4fd5f509b504af134a08c6c688ba9597ea6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc59-4570-49e8-88fb-431d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '3c9c3423951655b97251bf5d3d12fe59fcf96d4274c4887b88744438371fe61b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc59-8f48-4308-8bfb-49d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '4e496591b9c2c9722c07746edfc7892b178b8965bb4c452322caab68b2d5f262']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc59-aa78-41b1-9d73-46bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '2eed2f22d055d605a8387d35610e4e82815eb29b7212de12088202efa54d3c31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5a-de94-4d91-901d-4658950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '0073f6d57c2e4ca1871dc1a5e270160e734b2d79bd9b7b55b82a8ddc53aaac0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5a-4b04-477d-890c-4d36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'c21fdd9a5d244aed75890c59094789c2f46815983084f4bc5966ae28630908a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5b-7e08-4f15-af49-478d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '98f7b5afa98edbfcb4a6f502d9d29e6bb0912a6bcb7a14abe3a9a60e0487b201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5b-f808-4a39-b552-4db5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'c7e92cc3f88c7180e2774f2641c593ebebedee3424314fdd8fa8365f6cd0000a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5c-da98-4b7a-b9f6-4201950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '1937b1e07be1737d79a3a4b1ea9c5ab0a56f1c3ce44d2e34d705a7b69b9346cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5c-c52c-4d38-8067-450f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '310848da5dd6e75c8df5bc00223582a7b7e6fbef90ca45222948eaba546be3bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5c-5da8-42af-951d-4d53950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '40a0f808c1fd873c364850d95e2f0adb0ca24740945702de5c0552a5afc60612']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5d-e9b0-40b1-acc7-44b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'b609c46124d069b2299de3896a5cc2f7540e4effcba462e7f5300573666efd4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5d-fd5c-4e4e-980c-49e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'd7e95936470c9747f9c803d3839159e86112afbe49d68b578775f1c29141d502']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5e-ec34-4911-b09f-4b75950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '036d8c2a089ea0870fa37060c96928789a8b373ca0795d1c06db443b53dc5882']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5e-d19c-4bc2-bcd7-4bef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '2b7662b93abcd312eb2c4d66c246af9dc7c43a511fae5dddd11617bf2ced16c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5f-fe68-49c6-a3c9-4a6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '5795c26debe0c06d1f1968730a84efeed69f0493b23f8411b3ea60781e7a24a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc5f-1d74-4651-a100-450a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '6856286bb8ac5961f58831e7e4fa6debe7a4a399e5ffa56d37e7ca78f1588871']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc60-df30-4572-bdf6-47f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '6db67b808d476e3412034571798447aafbbe320a0884a417a7d7fae604440c6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bc60-0670-4423-ad02-4b87950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:20:43.000Z", "modified": "2018-04-17T09:20:43.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'acaa87b92f1e2ee316033624e4760ca4f9c781e82b72949c46861c7652cf74c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bca9-d554-437a-bcaa-46f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:12.000Z", "modified": "2018-04-20T09:07:12.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.171.248.178']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bcbe-06c4-474e-ab97-4145950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:13.000Z", "modified": "2018-04-20T09:07:13.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[domain-name:value = 'dns1.soprodns.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:14.000Z", "modified": "2018-04-20T09:07:14.000Z", "first_observed": "2018-04-20T09:07:14Z", "last_observed": "2018-04-20T09:07:14Z", "number_observed": 1, "object_refs": [ "domain-name--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f", "value": "ipv4bot.whatismyipaddress.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd2a-1fdc-4e2b-bf6d-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:14.000Z", "modified": "2018-04-20T09:07:14.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.54.117.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd2b-4298-4151-a76a-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:15.000Z", "modified": "2018-04-20T09:07:15.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.65.121.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd2b-dac8-4912-aec3-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:15.000Z", "modified": "2018-04-20T09:07:15.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.200.23.95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd2b-7418-468b-ae9d-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:15.000Z", "modified": "2018-04-20T09:07:15.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.250.149.195']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4d-1490-4fae-95c6-4454950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:16.000Z", "modified": "2018-04-20T09:07:16.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.atopgixn.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4d-4a24-4c7e-b423-4ea0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:16.000Z", "modified": "2018-04-20T09:07:16.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.gstringguitarco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4e-5980-4712-9599-4250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:17.000Z", "modified": "2018-04-20T09:07:17.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.mymugcity.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4e-af4c-41b7-a076-4962950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:17.000Z", "modified": "2018-04-20T09:07:17.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.snhvwa.men']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4f-2c18-405a-adab-43d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:18.000Z", "modified": "2018-04-20T09:07:18.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.mankafei.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4f-71ac-439d-a73d-45fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:18.000Z", "modified": "2018-04-20T09:07:18.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.9999zh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd4f-52ec-437a-997b-414b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:18.000Z", "modified": "2018-04-20T09:07:18.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.dltecgeradores.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd50-e740-490f-86fa-4ee2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:19.000Z", "modified": "2018-04-20T09:07:19.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.zswlu.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd50-f0d0-47a7-a915-4991950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:19.000Z", "modified": "2018-04-20T09:07:19.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.bitstubs.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd50-a1cc-4857-aa5d-44f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:20.000Z", "modified": "2018-04-20T09:07:20.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[domain-name:value = 'www.allsystemstoupgrades.win']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd6d-0178-4d74-8d40-4ba1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:20.000Z", "modified": "2018-04-20T09:07:20.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrv.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5bd6e-7378-4136-8027-41a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:20.000Z", "modified": "2018-04-20T09:07:20.000Z", "first_observed": "2018-04-20T09:07:20Z", "last_observed": "2018-04-20T09:07:20Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5bd6e-7378-4136-8027-41a4950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5bd6e-7378-4136-8027-41a4950d210f", "key": "%TEMP%\\Gsdf0d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd6e-c170-4c8b-856b-4635950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:21.000Z", "modified": "2018-04-20T09:07:21.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsnD1EF.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5bd6e-86dc-418e-9aa9-4362950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:21.000Z", "modified": "2018-04-20T09:07:21.000Z", "first_observed": "2018-04-20T09:07:21Z", "last_observed": "2018-04-20T09:07:21Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5bd6e-86dc-418e-9aa9-4362950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5bd6e-86dc-418e-9aa9-4362950d210f", "key": "%TEMP%\\zvu" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd6f-2d30-421e-9ba1-430d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:22.000Z", "modified": "2018-04-20T09:07:22.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logim.jpeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd6f-e854-47a9-9995-4661950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:22.000Z", "modified": "2018-04-20T09:07:22.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Microsoft\\\\Windows\\\\WebCache\\\\WebCacheV01.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd70-aa20-4e06-9194-4635950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:22.000Z", "modified": "2018-04-20T09:07:22.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp\\\\System.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd70-1c58-4be6-aef8-4f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:23.000Z", "modified": "2018-04-20T09:07:23.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logri.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd70-c500-4493-9481-4d18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:23.000Z", "modified": "2018-04-20T09:07:23.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5bd71-4894-4eb5-a879-493a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:24.000Z", "modified": "2018-04-20T09:07:24.000Z", "first_observed": "2018-04-20T09:07:24Z", "last_observed": "2018-04-20T09:07:24Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5bd71-4894-4eb5-a879-493a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5bd71-4894-4eb5-a879-493a950d210f", "key": "%ProgramFiles(x86)%\\Gsdf0d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd71-a870-415f-8710-4ae5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:24.000Z", "modified": "2018-04-20T09:07:24.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsc8B5E.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd72-a33c-4f97-8452-4c2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:24.000Z", "modified": "2018-04-20T09:07:24.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27log.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd72-8f20-4bf5-9743-43ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:25.000Z", "modified": "2018-04-20T09:07:25.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp\\\\System.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd72-706c-4609-92d7-4930950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:25.000Z", "modified": "2018-04-20T09:07:25.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd73-a3b0-4af3-ba12-47f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:26.000Z", "modified": "2018-04-20T09:07:26.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrc.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd73-6a70-4b8b-af9b-4afc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:26.000Z", "modified": "2018-04-20T09:07:26.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5bd74-37f4-46c9-a6bc-459a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:26.000Z", "modified": "2018-04-20T09:07:26.000Z", "first_observed": "2018-04-20T09:07:26Z", "last_observed": "2018-04-20T09:07:26Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5bd74-37f4-46c9-a6bc-459a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5bd74-37f4-46c9-a6bc-459a950d210f", "key": "%AppData%\\K27P0CT0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd74-85b4-4cf0-919e-4868950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:27.000Z", "modified": "2018-04-20T09:07:27.000Z", "description": "Files and or directories created", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd95-354c-49a7-95bf-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:41.000Z", "modified": "2018-04-17T09:25:41.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '44f6b3cea3a371a7cd6161739dcc6f9f96a40c8c732b1acd8042a2991a9bbf73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd96-3784-4d69-a211-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:42.000Z", "modified": "2018-04-17T09:25:42.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'd62ee1186d8a8c7d84b2a03e0bee1c13c47d133a55238ba7c367f9539e6c9b17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd96-1d30-4389-9fb6-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:42.000Z", "modified": "2018-04-17T09:25:42.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'df9f1a4e2cb4247132c7442aedfe873c5e801ab048e0236407066c3acd5ec79b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd97-e4b4-4de5-95ab-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:43.000Z", "modified": "2018-04-17T09:25:43.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'd8f1f59b81a985f538fc0a51c85c688794f94b28a06883ba9dadfb4b0c8bccd6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd97-6bbc-4b0b-9aa6-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:43.000Z", "modified": "2018-04-17T09:25:43.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '2ca04f3c65e3fd16b9c879c7db4cc8025279463dbb965e3954e35106fe952e86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd98-ed34-4052-ae05-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:44.000Z", "modified": "2018-04-17T09:25:44.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '3538c0a7785ab6d418112d10cd6844ded5745064840d18d74d9b978dea1fe1a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd98-cf6c-4d74-a084-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:44.000Z", "modified": "2018-04-17T09:25:44.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '09cc6c9e39425a71ccdc26ffd8a67179043b20f646286685eea24e6bb00b12d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd98-e250-4bd5-a891-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:44.000Z", "modified": "2018-04-17T09:25:44.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '725752c4bda82acf554aad37fe97d08f4367c9a1e5d40b6fe17cdc94adf040fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd99-d9a0-47ea-a8be-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:45.000Z", "modified": "2018-04-17T09:25:45.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '3d756dcf4397cb6b0d406b9f70eb18029965fce0110c0290af6ad73468aa2c1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd99-4084-48e3-b142-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:45.000Z", "modified": "2018-04-17T09:25:45.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'ef4d20220eaecedc0b3069192843bd5eddc196b25a9e083fd16d19ae100374df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9a-a804-41f0-a284-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:46.000Z", "modified": "2018-04-17T09:25:46.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '70d50a77db7cb028163638a7e58c354e1fbab4757323ad9eccfb51e9b257f83c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9a-95c0-4312-a2af-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:46.000Z", "modified": "2018-04-17T09:25:46.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '35c996576eba666a33e26bc25122196de365465da8ebee70930b9c4ec6be7313']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9a-6830-4f10-9018-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:46.000Z", "modified": "2018-04-17T09:25:46.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '330a8b46f74f5d4af759b18db64dfd9af2ef3e429d597cd4522148fb78633000']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9b-2c78-44ff-85f3-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:47.000Z", "modified": "2018-04-17T09:25:47.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'ac6fbd8f18bb93cfac31af73eb9cf6a1aa925b95d44b42b3659ecfd49209ec76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9b-8d54-4ba2-b249-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:47.000Z", "modified": "2018-04-17T09:25:47.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '711155de0073adc2f68fc4088253f92f43a696bbf5d8f892f902724be37668f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9c-cad0-43fd-892d-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:48.000Z", "modified": "2018-04-17T09:25:48.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'c1e6324086192a47c60daee91f9f906c2ceb03cac0c67a8ed3f0a31c37e3a991']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9c-f994-4ea5-8975-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:48.000Z", "modified": "2018-04-17T09:25:48.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '5301f9401c7d7ac485d0169085222c64ec2de6f14783cad6150b7c6f0f368c7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9c-031c-40d6-98bf-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:48.000Z", "modified": "2018-04-17T09:25:48.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '96847279dd3564a5d689bf310483fe351fac55e54a440d15e55f0bb7d35baab6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9d-e554-4fc7-ba1d-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:49.000Z", "modified": "2018-04-17T09:25:49.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'aebb84da20c2c92da398b1e5fcc8adc6bfe893d5a8b56c5cd1beb42b3fa5f069']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9d-1e1c-434f-bbb3-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:49.000Z", "modified": "2018-04-17T09:25:49.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '2a0904b6301b42ed0838633b161c947a781600fc884b0fc499f906a49ea38292']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9e-5030-431e-8562-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:50.000Z", "modified": "2018-04-17T09:25:50.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '0e1c8a62bd632cd364d16dcf0839531c8dcb443269f4478f301e4adf758977a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9e-30e8-4ffa-968b-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:50.000Z", "modified": "2018-04-17T09:25:50.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'f34354749657c44beee0b1d7f5cdc4a31c858eab565fc2592f96c69eb9d501e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9f-7848-4529-bb8e-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:51.000Z", "modified": "2018-04-17T09:25:51.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '8ecfcfc939e40cc943df83f548286c2f7f519a53e195b3ae595e0bef39baee29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9f-a110-4657-ae42-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:51.000Z", "modified": "2018-04-17T09:25:51.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = '21178d6e06ded3b1a43e98eb781220c37e729ef081bd160f168fc465313ea4ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bd9f-daa4-41b1-8eaa-2135950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:25:51.000Z", "modified": "2018-04-17T09:25:51.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[file:hashes.SHA256 = 'ef4b97346e1ee359feff43d136f3dd6031993fb47bdfd25520b4fc3279d3649b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:25:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-9404-45af-be5e-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:27.000Z", "modified": "2018-04-20T09:07:27.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrv.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-be08-40da-84a4-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:28.000Z", "modified": "2018-04-20T09:07:28.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Gsdf0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-9c44-4bf6-afee-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:28.000Z", "modified": "2018-04-20T09:07:28.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsnD1EF.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-76fc-4b80-bced-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:29.000Z", "modified": "2018-04-20T09:07:29.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\zvu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-eb9c-472a-8557-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:29.000Z", "modified": "2018-04-20T09:07:29.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logim.jpeg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-ac8c-40ef-b307-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:30.000Z", "modified": "2018-04-20T09:07:30.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Microsoft\\\\Windows\\\\WebCache\\\\WebCacheV01.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-6ea8-407f-95c6-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:30.000Z", "modified": "2018-04-20T09:07:30.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp\\\\System.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-1f94-4184-b3e3-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:30.000Z", "modified": "2018-04-20T09:07:30.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logri.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-e660-4caf-90e5-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:31.000Z", "modified": "2018-04-20T09:07:31.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-ad90-4ea3-9e89-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:31.000Z", "modified": "2018-04-20T09:07:31.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Gsdf0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-56ac-4c9f-9041-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:32.000Z", "modified": "2018-04-20T09:07:32.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsc8B5E.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-ed08-4849-bd91-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:32.000Z", "modified": "2018-04-20T09:07:32.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27log.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-8940-486f-9da7-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:32.000Z", "modified": "2018-04-20T09:07:32.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp\\\\System.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-0ffc-473b-8bec-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:33.000Z", "modified": "2018-04-20T09:07:33.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-9528-41d6-aac3-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:33.000Z", "modified": "2018-04-20T09:07:33.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrc.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-26d4-4a61-a6f6-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:34.000Z", "modified": "2018-04-20T09:07:34.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-2bfc-420c-833f-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:34.000Z", "modified": "2018-04-20T09:07:34.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bea5-4c18-42bd-9eec-2443950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:35.000Z", "modified": "2018-04-20T09:07:35.000Z", "description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee6-e57c-4fb9-ba55-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:18.000Z", "modified": "2018-04-17T09:31:18.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '082f1ce18a378ec6eb67565fb7bd89cd29db886b44fe4312a863382af9e13df7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee7-50fc-4a49-b96d-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:19.000Z", "modified": "2018-04-17T09:31:19.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '0e1d3984bd6c33ba0fc108329e3906bd074d70ed44a4c7fa6d8f857531bbc437']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee7-50d8-4a9d-abb0-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:19.000Z", "modified": "2018-04-17T09:31:19.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '380545cfde4acaf2c29969d175db1cecd28c5691693e097e52da5c0e886a8301']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee7-bff0-428b-9e2c-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:19.000Z", "modified": "2018-04-17T09:31:19.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '13da7abee3f2ea4275c1434900db5ba9f620fde8743eb0ff2388b32897685e0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee8-3f50-41ef-9cf6-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:20.000Z", "modified": "2018-04-17T09:31:20.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '9dc0c514ea1aaa91c1255857cb261bd6c94f8565ffef4420b75c5d5320717b09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee8-bf58-4dd4-875a-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:20.000Z", "modified": "2018-04-17T09:31:20.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '30103085dd67ac6e9bdf14255fc5c8b697d68b810e732b4ae29798b62e5ad677']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee9-bec0-44e4-a6d2-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:21.000Z", "modified": "2018-04-17T09:31:21.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '663ecdfa115605418b2826e4de7e289b0cd12849b719c7a171ee7524bf22fe99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee9-016c-4288-a267-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:21.000Z", "modified": "2018-04-17T09:31:21.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = 'cc203d955e3e33479423f7b2aea1f13c2ba5895da16159a779407e03e747d116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bee9-610c-41ee-9b39-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:21.000Z", "modified": "2018-04-17T09:31:21.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '3784e5b40ff8687265efe5dacfd5b6c9d744fe294f425703ddafbf687192eb8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beea-4204-4cc4-9acf-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:22.000Z", "modified": "2018-04-17T09:31:22.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '0a52739b2a45b1002b78230df60dd42d2ffa0897197953639dd627bcc0454134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beea-41f8-4227-ad39-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:22.000Z", "modified": "2018-04-17T09:31:22.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '1824bb4ea96c6107c6660b104d60073be3a9f5c3bdbbc2c801771fc34a03e01c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beeb-8114-421c-81fc-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:23.000Z", "modified": "2018-04-17T09:31:23.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = 'a1175ff8f5544f4ec078e4d55db4b6aff7a7844e9df2057d3fe906cfa77d25f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beeb-4c24-49b5-8ea1-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:23.000Z", "modified": "2018-04-17T09:31:23.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '61dede4113d1eda504f7360ae535cd88ede9425722db4a43577185d0312acd5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beec-7568-4a94-85b2-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:24.000Z", "modified": "2018-04-17T09:31:24.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = 'ac755dfabf99ea6fc8c334dcef526d1dce3680200deeaac5e80077a27042af9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beec-a088-46a9-93ae-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:24.000Z", "modified": "2018-04-17T09:31:24.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '786c1b55e5e73fd3c2231d7e6fa0565aacb4fb239807f42c2f0cb83f57186271']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beec-e600-4b55-9e92-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:24.000Z", "modified": "2018-04-17T09:31:24.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '4e27ccfd0c90aab501d16d45b1e9d13bde3e2d6c2ba6d230b7973dcc8567e556']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beed-0220-4adf-9ea2-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:25.000Z", "modified": "2018-04-17T09:31:25.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = 'c7dcf76652af54cf4cbbfdfc4fa5cc8d4a8e1807d478eceee32270260dbfecf7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beed-73f0-40ba-a922-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:25.000Z", "modified": "2018-04-17T09:31:25.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '228ffe97f34e097a0cb3b3288ee56a063da65d890b1f888d59d59f0ad2b3bb71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beee-b710-4fe7-8159-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:26.000Z", "modified": "2018-04-17T09:31:26.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '39c05a8b0d635eb221023154423dd3e26c93d16bb5a16a2512c68bde62996023']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beee-39c8-495b-a7b5-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:26.000Z", "modified": "2018-04-17T09:31:26.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '6bd38baca4b923c26628e9dcf9ee64d8bcc5c4ba9cb9f2298e32f8db7816de08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beee-1e90-4d38-a935-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:26.000Z", "modified": "2018-04-17T09:31:26.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = 'cb2155b65879f66eb449b60a90c632c701fbea7ac8d4011e3b24b238c3302de0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beef-b80c-4f61-bfb4-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:27.000Z", "modified": "2018-04-17T09:31:27.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '8fdabcedb02b4ae9364e53f38738710a1f6e9851077c29dbda34cf934229b47d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5beef-7498-49aa-abd0-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:27.000Z", "modified": "2018-04-17T09:31:27.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = 'fdb559a29e0374fa7ce71d8661400fcc2d2db7d3486822a5cf1e0eba5c5634c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bef0-b040-4436-b953-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:28.000Z", "modified": "2018-04-17T09:31:28.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '4a6043017f598162263d52315c79bfcb5fbef86f19d51beb718fe8093dc1af16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5bef0-511c-42ee-8fe7-2134950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:31:28.000Z", "modified": "2018-04-17T09:31:28.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:hashes.SHA256 = '2f9ca1b196aa915e3c87dabe20f353a4a69ee5998f8559ef8073194918dc7ea9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:31:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5c543-92b8-4648-af41-45a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:35.000Z", "modified": "2018-04-20T09:07:35.000Z", "first_observed": "2018-04-20T09:07:35Z", "last_observed": "2018-04-20T09:07:35Z", "number_observed": 1, "object_refs": [ "mutex--5ad5c543-92b8-4648-af41-45a0950d210f" ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--5ad5c543-92b8-4648-af41-45a0950d210f", "name": "\\BaseNamedObjects\\00291FDE1ED259137753E922" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d370-bae8-429c-862d-4a8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:35.000Z", "modified": "2018-04-20T09:07:35.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.99.75.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d371-c774-497c-8e27-4706950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:36.000Z", "modified": "2018-04-20T09:07:36.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[domain-name:value = 'makewebomb.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a3-e298-4956-989d-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:47.000Z", "modified": "2018-04-17T10:59:47.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'b4abd9556f093b7d80bdc755d502917310a807d5ee9d9f9bac19bb0c8d596dbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a4-07a4-49e5-9c58-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:48.000Z", "modified": "2018-04-17T10:59:48.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '1ca88b2c00b625bf596b93abafae873a6aec5bf1afeee1e116dc402cae69f83a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a4-3bc0-42e1-b7cc-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:48.000Z", "modified": "2018-04-17T10:59:48.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '3f2925b26b0f0b0f141346d8a654a74704d9326492537de17518bd6fb11671e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a5-f828-4ef1-b2ea-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:49.000Z", "modified": "2018-04-17T10:59:49.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'ba0a2f6e001bc9c02ee8c5fbcd6cceaa74ced5ec058dfda71623146f06ff2490']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a5-f920-4475-afea-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:49.000Z", "modified": "2018-04-17T10:59:49.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'f68b0c32da95c0fb06c4cefb992e1a0039afed32f6cfcef083db39a0702a06c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a5-dc18-4c46-be57-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:49.000Z", "modified": "2018-04-17T10:59:49.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '61ff6f5d48f02c0a5b7a28936f8aa9ebad2344f3552608fae2ce3f14a9bf14d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a6-de3c-4eb1-ac25-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:50.000Z", "modified": "2018-04-17T10:59:50.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'a7d667e9d67d4b7db00c52572ca1e945b1aba8139dce9c647b8b9bce89ba45e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a6-1fb8-4ff9-b1c9-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:50.000Z", "modified": "2018-04-17T10:59:50.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '6a1a4a21545538c2dd34ba9beec07cbfe17c8ff65a10f1bcdf8598a8f1b58e42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a7-cbd0-42f5-aa2e-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:51.000Z", "modified": "2018-04-17T10:59:51.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '85d0021f75a2d312a27bc1c17702d09520006aff590d439a90d8045d2325a04e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a7-c294-49cf-ac38-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:51.000Z", "modified": "2018-04-17T10:59:51.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '09574981553c2729c9779beee8e6007734f932a155de278eb46d9fc557c39400']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a7-dba4-4f49-a12c-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:51.000Z", "modified": "2018-04-17T10:59:51.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'e981fd64b4c1f1d50cdf3f21d3cd07dfb04dec58c518bee8697a187069997498']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a8-4e2c-4dbe-9db6-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:52.000Z", "modified": "2018-04-17T10:59:52.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '7c83266775aceac7e54b9d7db2620245520a52e854a5e61f5c5f2452a60432de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a8-c514-46bc-a3e1-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:52.000Z", "modified": "2018-04-17T10:59:52.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '3ed671f4ea7e92ef0e0bf61e7bacc0b7a2a82ccea73a53e7cde66e3497a86520']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a9-e248-4f8c-b955-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:53.000Z", "modified": "2018-04-17T10:59:53.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '97702356739358d428d1e7c7ddcc8aa08379562b290edb12348cae2bc0ddbb32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a9-7924-4802-ba83-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:53.000Z", "modified": "2018-04-17T10:59:53.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '9c6def0cb6963372a10888e6f702d80381559a29db1da32ab149273b3d10ca34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3a9-c654-4aa7-9bd9-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:53.000Z", "modified": "2018-04-17T10:59:53.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'df58773cc519e82a8beebeca8035018168cb3cb26aa491aae89c8d68cec835a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3aa-fbc8-422b-93f5-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:54.000Z", "modified": "2018-04-17T10:59:54.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '5eb40ac46872c6d26cd7ebdb0938a9375d7cdf28017a5c625d890a7d2ba7852d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3aa-0b2c-491a-9b07-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:54.000Z", "modified": "2018-04-17T10:59:54.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'afcdd2fda5b3c9e78a977df31be307ea7323b746e07e35e4d3c39a3a3f4b4b79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ab-9598-4729-821c-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:55.000Z", "modified": "2018-04-17T10:59:55.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'a854a9702c14be3508d35873e80577ee9b1296c993ee2a4269c283884775564e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ab-1980-401f-af4c-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:55.000Z", "modified": "2018-04-17T10:59:55.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '431e6a8252837a5e1c7c98aa9b72c1df4b21e34ae8c7e73882294097f140466e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ab-ceb4-4edf-b75e-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:55.000Z", "modified": "2018-04-17T10:59:55.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '1d7a1a4181706379a7f80ed926c47cb0ebc7beb953739c9b41cec20093c63914']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ac-f5a0-48d0-948a-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:56.000Z", "modified": "2018-04-17T10:59:56.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '7b24f0523af239668ee8946c433c53d0c233b0290bbaca405885d39dff86fa1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ac-1ac4-4e14-af1f-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:56.000Z", "modified": "2018-04-17T10:59:56.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = '444147472ba54f1f58776a84e98152ae28dfbca23602cb440a830fddd4a283cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ad-b024-4bd7-9640-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:57.000Z", "modified": "2018-04-17T10:59:57.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'b33436701b6a54b78141a2812264f4b3ee93ac0a5ae0149e636e7db8c4f38a28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d3ad-599c-4727-8962-243b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T10:59:57.000Z", "modified": "2018-04-17T10:59:57.000Z", "description": "Win.Dropper.Fareit-6500687-1", "pattern": "[file:hashes.SHA256 = 'e5d34b53cb6e4e111e167cf13b608b87f7ab7d43d7f08f995ae9f2c1139e8f51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T10:59:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d964-4598-41ca-9c0f-a0a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:36.000Z", "modified": "2018-04-20T09:07:36.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[domain-name:value = 'gandcrab.bit']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d964-11b8-4b37-a4f1-a0a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:37.000Z", "modified": "2018-04-20T09:07:37.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[domain-name:value = 'nomoreransom.bit']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d964-d98c-404f-8a50-a0a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:37.000Z", "modified": "2018-04-20T09:07:37.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[domain-name:value = 'nomoreransom.coin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d9ac-c5ac-4c4e-8211-a1d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:37.000Z", "modified": "2018-04-20T09:07:37.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\Microsoft\\\\Windows\\\\WebCache\\\\WebCacheV01.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d9ad-7214-4623-bdc6-a1d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:38.000Z", "modified": "2018-04-20T09:07:38.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\Microsoft\\\\Windows\\\\Temporary Files\\\\Content.IE5\\\\SSZWDDXW\\\\W7RSB4SE.htm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d9ad-0f34-4b2d-9f8e-a1d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:38.000Z", "modified": "2018-04-20T09:07:38.000Z", "description": "Win.Dropper.Generickdz-6500702-1", "pattern": "[file:name = '\\\\%AppData\\\\%\\\\Microsoft\\\\zkwnlf.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f5-1140-4653-a5ee-4b3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:53.000Z", "modified": "2018-04-17T13:04:53.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '4605f6041d93c6390c1ed856336c01a6cf3982bea1987c6de846752ca7006882']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f6-4e00-4a26-a357-4ffb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:54.000Z", "modified": "2018-04-17T13:04:54.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'a10aefc70a3d3512cf54f74e39b3ee5cc5403c003179c57aeea7fb3895ed8ace']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f6-8b6c-4695-bd9d-4c5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:54.000Z", "modified": "2018-04-17T13:04:54.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'a0365a881396fa66719255cd617e5ef7e175343f28b7ee7ec347bf87811274c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f7-88ec-437c-984f-4014950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:55.000Z", "modified": "2018-04-17T13:04:55.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '05be7b2de818dcb358a4f24d6050ae2b91d728c80a8af279894b5e701b060926']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f8-c34c-457c-aeb3-4438950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:56.000Z", "modified": "2018-04-17T13:04:56.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'a32a315ae45f62d26cdd22281a69932c83f147fc4e820a9cc7bf05bcc4680777']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f8-5860-4a44-93bd-4ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:56.000Z", "modified": "2018-04-17T13:04:56.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '6bd49db136718b3cef01348bc839e206d566a1e1c32e0537be61dfa2ee87de6b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f8-1bb8-4caf-b2e7-431d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:56.000Z", "modified": "2018-04-17T13:04:56.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'a677a593cebda3734ab26828b65fd93b54bbc02199a080a26da61afcff29ae48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f9-6a40-46c1-bd92-45c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:57.000Z", "modified": "2018-04-17T13:04:57.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '84c269a1661a987058f51dea4644ec2703b28170324fbeab6920e40ad1a05a54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0f9-63f8-4f8c-97a5-4e18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:57.000Z", "modified": "2018-04-17T13:04:57.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'ad7c7472d980025e3edbab89988fec2d5776b4f72b0757c2b1dac54d1c991c37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0fa-6de8-4b15-8027-4191950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:58.000Z", "modified": "2018-04-17T13:04:58.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '877d9c4195c38a9dc55c472f7c72ec3d6ad0d95a544458a2050edf22df3aac5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0fa-1df8-4e66-90d0-4557950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:58.000Z", "modified": "2018-04-17T13:04:58.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '0a6cabedfabfbab3fba2057d30b1faab2f1b2d2d47a6227aa3b677af45f92da2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0fb-7134-4d0e-b0f5-4eb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:59.000Z", "modified": "2018-04-17T13:04:59.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '683339b58c7cbc066f84c625efa0248eb89bfcd24de916f5fe600c33867084e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0fb-74dc-43d0-8b39-43ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:04:59.000Z", "modified": "2018-04-17T13:04:59.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '7bc897c2c55ff708cbccff1461d2406aaef7953686817bd2d6a39ad58af393f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:04:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0fc-f2e4-4b91-8b27-4d61950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:00.000Z", "modified": "2018-04-17T13:05:00.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'e1e31a797b01f5f4ec694fb03d894e5ab331f41f3bc8c34bb407d390554bfe3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0fe-67fc-464c-b0d2-4bb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:02.000Z", "modified": "2018-04-17T13:05:02.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'fa8c301685d5ceb6a97b75f3bb665871e3ddf5b47410179dd7a55f4f3cebf4ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0ff-657c-457e-a74e-4b17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:03.000Z", "modified": "2018-04-17T13:05:03.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '9b4536855237fe80447950bf86d1177489dbc1b231122e4a5d2157ba93c1b504']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f0ff-e98c-4f46-a8fd-4980950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:03.000Z", "modified": "2018-04-17T13:05:03.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '19a5f6fc34e531409c787b00444671b44a5c11dec0dafab0e0ef699de29eea6d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f100-1c08-4320-b4d4-428b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:04.000Z", "modified": "2018-04-17T13:05:04.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'b4e2b99c18bf61acedaff5b1908a212470eb902ddfe8e164e01ffcfbab19834b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f100-2800-496f-993a-4b96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:04.000Z", "modified": "2018-04-17T13:05:04.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = 'db5b0bb4d05292e6649fa84f076195d7a0cfb15516ce386f214dc2dd96a5e467']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f101-9ff0-4170-a6a9-4b43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:05.000Z", "modified": "2018-04-17T13:05:05.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '11117fe96292e5d5702f2c82e4b21c3cbc4234f13417b22ad963a9f746978482']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f101-3e6c-4095-9810-4b7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:05:05.000Z", "modified": "2018-04-17T13:05:05.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:hashes.SHA256 = '33ab8e652c16836caf3b22518485757f417fab73a92e916f0c6aaf27b57f3be4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:05:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f210-eda0-4291-ac47-4b67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:39.000Z", "modified": "2018-04-20T09:07:39.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\GetVersion.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f211-bf5c-4b0b-97b3-4038950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:39.000Z", "modified": "2018-04-20T09:07:39.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%System32\\\\%\\\\pwkmbru\\\\dsieovx.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f211-bd54-47d6-bb3a-4a99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:40.000Z", "modified": "2018-04-20T09:07:40.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%System32\\\\%\\\\pwkmbru\\\\dsieovxdrv.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f212-36ac-45c0-bd4a-4769950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:40.000Z", "modified": "2018-04-20T09:07:40.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3E3A.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f212-a40c-4b2a-8361-4d16950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:41.000Z", "modified": "2018-04-20T09:07:41.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD4441.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f213-2dc8-410e-a58d-4eb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:41.000Z", "modified": "2018-04-20T09:07:41.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\igfxmtc\\\\dowmload.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f213-a4e4-44fe-96af-401f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:41.000Z", "modified": "2018-04-20T09:07:41.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f213-cf88-43e9-bfb1-4702950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:42.000Z", "modified": "2018-04-20T09:07:42.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3DCC.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f214-52e8-4a64-847b-4df9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:42.000Z", "modified": "2018-04-20T09:07:42.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\InstallOptions.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3cb-f368-4ad1-bc5f-4cf2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:43.000Z", "modified": "2018-04-20T09:07:43.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%System32\\\\%\\\\drivers\\\\spbiovxl.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3cc-dd28-4c1d-9af4-4cdc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:43.000Z", "modified": "2018-04-20T09:07:43.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\exhpugb\\\\dowmload.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3cd-a07c-455b-8173-4e32950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:43.000Z", "modified": "2018-04-20T09:07:43.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD7B8B.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3cd-6278-4b4f-8810-442a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:44.000Z", "modified": "2018-04-20T09:07:44.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3ED5.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3ce-6690-4d18-a2c1-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:44.000Z", "modified": "2018-04-20T09:07:44.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\400F.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3ce-1a1c-4d2a-b2b9-4327950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:45.000Z", "modified": "2018-04-20T09:07:45.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\msidntfs\\\\SSL\\\\cert.db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3ce-2198-4ffc-bffa-411f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:45.000Z", "modified": "2018-04-20T09:07:45.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\ioSpecial.ini']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3cf-7c58-4a5b-9781-4a06950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:46.000Z", "modified": "2018-04-20T09:07:46.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%System32\\\\%\\\\pwkmbru\\\\dsieovx.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3cf-eed4-48e1-bde5-4068950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:46.000Z", "modified": "2018-04-20T09:07:46.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD73AE.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d0-d0c8-42e6-b303-4076950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:46.000Z", "modified": "2018-04-20T09:07:46.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\igfxmtc\\\\igfxmtc.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d0-aff8-4da4-8fa1-4153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:47.000Z", "modified": "2018-04-20T09:07:47.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\msidntfs\\\\SSL\\\\SecureTrust Network Root CA 2.cer']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d1-9bf0-40a6-9a60-41a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:47.000Z", "modified": "2018-04-20T09:07:47.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\4119.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d1-bb88-46bb-83eb-42b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:48.000Z", "modified": "2018-04-20T09:07:48.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\modern-wizard.bmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d1-c0f0-4fe5-9d6e-4de7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:48.000Z", "modified": "2018-04-20T09:07:48.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD6BD1.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d2-0064-413f-b95f-4074950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:48.000Z", "modified": "2018-04-20T09:07:48.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3DCC.tmp.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d2-362c-4c19-81a0-4b69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:49.000Z", "modified": "2018-04-20T09:07:49.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD63F3.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d3-6f60-4351-8b4f-4d33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:49.000Z", "modified": "2018-04-20T09:07:49.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD8369.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d3-6620-41d9-86f7-41fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:50.000Z", "modified": "2018-04-20T09:07:50.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3FFE.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5f3d4-e690-42cd-a28e-4e80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:50.000Z", "modified": "2018-04-20T09:07:50.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nss41A2.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5f851-4c38-4407-a13b-436d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:36:17.000Z", "modified": "2018-04-17T13:36:17.000Z", "first_observed": "2018-04-17T13:36:17Z", "last_observed": "2018-04-17T13:36:17Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5f851-4c38-4407-a13b-436d950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5f851-4c38-4407-a13b-436d950d210f", "key": "\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CERTIFICATES\\9B4DFF593EC4945503B76D97E83BADF6893F2597" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5f852-fca4-4c49-862f-4202950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:51.000Z", "modified": "2018-04-20T09:07:51.000Z", "first_observed": "2018-04-20T09:07:51Z", "last_observed": "2018-04-20T09:07:51Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5f852-fca4-4c49-862f-4202950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5f852-fca4-4c49-862f-4202950d210f", "key": "\\Software\\Microsoft\\WBEM\\CIMOM" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5f852-c810-4df5-a5f8-45a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:36:18.000Z", "modified": "2018-04-17T13:36:18.000Z", "first_observed": "2018-04-17T13:36:18Z", "last_observed": "2018-04-17T13:36:18Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5f852-c810-4df5-a5f8-45a8950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5f852-c810-4df5-a5f8-45a8950d210f", "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MAGSV\\Instances" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5f853-8f58-492a-8488-4ad7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:51.000Z", "modified": "2018-04-20T09:07:51.000Z", "first_observed": "2018-04-20T09:07:51Z", "last_observed": "2018-04-20T09:07:51Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5f853-8f58-492a-8488-4ad7950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5f853-8f58-492a-8488-4ad7950d210f", "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MAGSV\\INSTANCES\\magsv" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad5f853-6b7c-45d1-bc66-49eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:36:19.000Z", "modified": "2018-04-17T13:36:19.000Z", "first_observed": "2018-04-17T13:36:19Z", "last_observed": "2018-04-17T13:36:19Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad5f853-6b7c-45d1-bc66-49eb950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad5f853-6b7c-45d1-bc66-49eb950d210f", "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\magsv" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f368-0d14-45d4-914d-4411950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:51.000Z", "modified": "2018-04-20T09:07:51.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.58.217.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f368-9a7c-4654-a670-47ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:52.000Z", "modified": "2018-04-20T09:07:52.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.222.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f369-00c4-46b6-8aea-4a91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:52.000Z", "modified": "2018-04-20T09:07:52.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.58.206.78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f369-bd00-4721-a3f3-4d28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:53.000Z", "modified": "2018-04-20T09:07:53.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.16.241.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f369-2740-4db8-98d0-4b31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:53.000Z", "modified": "2018-04-20T09:07:53.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.199.229.251']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad6f36a-5780-4671-b8a3-42c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:53.000Z", "modified": "2018-04-20T09:07:53.000Z", "first_observed": "2018-04-20T09:07:53Z", "last_observed": "2018-04-20T09:07:53Z", "number_observed": 1, "object_refs": [ "domain-name--5ad6f36a-5780-4671-b8a3-42c4950d210f" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5ad6f36a-5780-4671-b8a3-42c4950d210f", "value": "google.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f36a-a7b4-4397-9ce8-45e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:54.000Z", "modified": "2018-04-20T09:07:54.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[domain-name:value = 'u.drawfixmydesign.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f36b-6cd4-4054-a272-4445950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:54.000Z", "modified": "2018-04-20T09:07:54.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[domain-name:value = 'r.drawfixmydesign.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad6f49a-fb1c-48bc-94f9-4419950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:55.000Z", "modified": "2018-04-20T09:07:55.000Z", "first_observed": "2018-04-20T09:07:55Z", "last_observed": "2018-04-20T09:07:55Z", "number_observed": 1, "object_refs": [ "mutex--5ad6f49a-fb1c-48bc-94f9-4419950d210f" ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--5ad6f49a-fb1c-48bc-94f9-4419950d210f", "name": "\\BaseNamedObjects\\DRBCXMtx" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f509-2e3c-4b5e-a4b4-48a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:33.000Z", "modified": "2018-04-18T07:34:33.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '2593e0c6d66d36c7d8b3061f3c242875113310a2939f89aea73eda1397e44e31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50a-1a78-49de-8491-4aa3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:34.000Z", "modified": "2018-04-18T07:34:34.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = 'e9a7b16189e27dff9ff67e31d09fa05e7f32658dfa56bb51feff8ca0cfb4eb85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50a-42c8-48b9-bf8a-46c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:34.000Z", "modified": "2018-04-18T07:34:34.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '1a1144444adb05aee9ef8adfb3c892a97d32b870d1ee300975a5f3597f2ed638']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50a-b92c-4855-88ac-492e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:34.000Z", "modified": "2018-04-18T07:34:34.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = 'ff5d541f260063a88b04a892cacfb3bcb13b8dd83c5f29ed5000737dbd6662c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50b-d154-4795-b7f3-47e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:35.000Z", "modified": "2018-04-18T07:34:35.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = 'b1d0bfdd95f168cea0df0e138ee627cb7feb0a26ac7a736baa031547bb6fb08d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50b-d714-4dce-9ed7-4f30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:35.000Z", "modified": "2018-04-18T07:34:35.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '9af34cdb7f0b01c044fdeb64f0b733d78e8b9be854c4beeee679f8ee083530b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50b-b668-4b71-bfcb-4a28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:35.000Z", "modified": "2018-04-18T07:34:35.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '24281907f8904bf6b9af4116f52ae2ba8b4b97ce586cd3b2b2777a8f3c76c8cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50c-07dc-4e7e-844e-49dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:36.000Z", "modified": "2018-04-18T07:34:36.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '61cb5cbccb6d1c329cb1a641c3a74fd4a4521dee0d2d03e810f3f12303e0f1f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50c-31ec-4ca7-9ecc-4e7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:36.000Z", "modified": "2018-04-18T07:34:36.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '3431065d2208123137714d2d432427d33cff576d202e1fc7ea2990b21847cce1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50d-e290-458b-befc-4bbe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:37.000Z", "modified": "2018-04-18T07:34:37.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = 'ba975d346f8f543f348e1e42f03bf50167045740b321ae6dc8a8497e608e8766']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50d-1a8c-4844-ad53-40f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:37.000Z", "modified": "2018-04-18T07:34:37.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '2df889657dd28f91ea10c08d5a72cf890bf142a6fb4928520ecdefcf708cc2b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50e-2550-41da-a161-445b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:38.000Z", "modified": "2018-04-18T07:34:38.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '174286f1a0bd66552237da989be39ef821b11fc6acccef5eabc00448991d1876']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50e-f01c-4cec-88c9-4232950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:38.000Z", "modified": "2018-04-18T07:34:38.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '4632c1023c0baaa1e227defd4923098c4f3c49317964ff1cb088b40b9df7a605']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50e-efa0-4487-9291-4e90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:38.000Z", "modified": "2018-04-18T07:34:38.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '530607f9b54be981e420a7bca1d33d0fa180e6c42877beddeb23836cc440f062']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50f-c064-4e25-a17f-4fcb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:39.000Z", "modified": "2018-04-18T07:34:39.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = 'e9bcf85599744033e320f5031ecc8157e0498a42d699cb175d7242c95b9f4358']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f50f-3194-4722-9575-48af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:39.000Z", "modified": "2018-04-18T07:34:39.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '86746d7dfa923b5b1e0e5a0d27f19eb40979dcf342f2fba01ccbb09175b9363c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f510-5a7c-4901-930f-4c91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:34:40.000Z", "modified": "2018-04-18T07:34:40.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[file:hashes.SHA256 = '973c024f2af38334bfe80a5c1fc2f96b2215397124ff08110e3c96aa986e7440']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:34:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad71113-447c-41a1-9bd4-4e24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:55.000Z", "modified": "2018-04-20T09:07:55.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[file:name = '\\\\%ProgramFiles\\\\%\\\\Mozilla\\\\thfirxd.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad71113-7aa4-4bfd-b9ac-49c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:55.000Z", "modified": "2018-04-20T09:07:55.000Z", "first_observed": "2018-04-20T09:07:55Z", "last_observed": "2018-04-20T09:07:55Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5ad71113-7aa4-4bfd-b9ac-49c5950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5ad71113-7aa4-4bfd-b9ac-49c5950d210f", "key": "%System32%\\Tasks\\aybbmte" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c88-56bc-4414-803a-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:56.000Z", "modified": "2018-04-20T09:07:56.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.85.88.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c88-9f88-4029-b6c6-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:56.000Z", "modified": "2018-04-20T09:07:56.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[domain-name:value = 'bush.basinafterthought.bid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c89-3e98-4607-87f0-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:37.000Z", "modified": "2018-04-18T12:39:37.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '9ad10ae09760aa994fdf2d6132a60276badb77b0ab773ee5d07d5b5e7a259207']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c89-055c-4812-80a0-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:37.000Z", "modified": "2018-04-18T12:39:37.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '2c31ec1ded95ec22f07a3bc29c03badd9158d8ddc19e1cdb98ccdab3482f2421']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8a-57d8-4f69-a836-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:38.000Z", "modified": "2018-04-18T12:39:38.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '433403d0f920938654f1592148f99110a5dd35fed88260c44a022983e12bdaa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8a-27ec-4308-81b8-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:38.000Z", "modified": "2018-04-18T12:39:38.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'a02c5f7013b02bbc66380276f4250ea42173971c60e8836bb676243b648dd3a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8b-584c-4667-a86f-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:39.000Z", "modified": "2018-04-18T12:39:39.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'f0bfcb581935377def575a18a89290427d335c95da6781b11d1ad91711cb4a81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8b-42c8-4947-a2c8-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:39.000Z", "modified": "2018-04-18T12:39:39.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '41bf7b4e4d7a87395cc8867e026ed9d586830420a70325a672d07ea9c1a351e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8c-d530-4489-820d-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:40.000Z", "modified": "2018-04-18T12:39:40.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'e616d1e7e2b6e1d4f1ac2fea3e2041b842d27f5de05ff941b5661997cfe8a856']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8c-99d0-48b7-be88-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:40.000Z", "modified": "2018-04-18T12:39:40.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '4300dc69146725fe7476b6ee4a81ecbed78604e4575e299f52f6b6f3c65eaaa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8c-20f8-44cc-8a1b-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:40.000Z", "modified": "2018-04-18T12:39:40.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'bc782f40d16fd6574c1e84edd0728470f426a31d2ff94e4bbb87a19cf3992048']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8d-1654-4e71-a6d4-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:41.000Z", "modified": "2018-04-18T12:39:41.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '04ead5ee82c762a26e1dc0e6a8b21c54669c771cca0291b5d41282d2e73a7fc0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8d-2888-4ed3-a247-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:41.000Z", "modified": "2018-04-18T12:39:41.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '739f27ac00dc449895f589ff28e86d78ea17ca298ffc0b40021136d7c77ed679']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8e-57e0-4131-aa43-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:42.000Z", "modified": "2018-04-18T12:39:42.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'cc4c722e0d6e2bbff6119e1895f6dfbbb2ed75b3d786e4de507b48792a2660a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8e-83b4-4b62-9db9-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:42.000Z", "modified": "2018-04-18T12:39:42.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '28589697e00deb562a29f3cb335167b2880f3ef3065e418f57f1b626d9ea8c94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8f-df38-4dfa-a837-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:43.000Z", "modified": "2018-04-18T12:39:43.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'b622971e681f9e2fa5f84bfcb9e7144b6198d3fb554de8d4488117ca1e3f51c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c8f-ae2c-445e-8e26-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:43.000Z", "modified": "2018-04-18T12:39:43.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '0fee9d67ef1967d2bee1f67b1dc5ae24dff5d6dba17b9247e33b87f5bf6e6856']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c90-5394-4e42-87b1-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:44.000Z", "modified": "2018-04-18T12:39:44.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '6c8ca3ba14ee685739ea32a3ddc613d4544c69194a97c55365c570c053609938']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c90-3768-45e1-b5e5-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:44.000Z", "modified": "2018-04-18T12:39:44.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'f1dbfaf0378434cd1758feaabe050171df1c234ddc6215df494c6592a9e92547']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c91-f2bc-45d2-8433-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:45.000Z", "modified": "2018-04-18T12:39:45.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = 'e586da2bd9fd73223281176033b97e6e4e137249f9aff8430004099b31508e12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c91-d9f0-4c95-aff6-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:45.000Z", "modified": "2018-04-18T12:39:45.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '1d70d1eb3210984b8d2c3c62ca6ade7b018f44688d009cbde3c2c214224a3ffb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c92-da9c-43f3-95ae-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:46.000Z", "modified": "2018-04-18T12:39:46.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '404746279f7d963489d1d7d2d9be4bd1b1dd82e81e21f6ebf09091ee7b059988']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c92-e460-4485-bc27-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:46.000Z", "modified": "2018-04-18T12:39:46.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '4696ddd4a7ed96a86a09413f14657c7e01053213f6f1f6008a3a3bbe4fe45229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c93-67c8-4844-b5eb-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:47.000Z", "modified": "2018-04-18T12:39:47.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '66af9dc27feb2b69729b82e4076dd699cc504c3c8dce943d2023c7bdeca00f2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c93-7f38-4ee0-8843-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:47.000Z", "modified": "2018-04-18T12:39:47.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '4694e19504a1bbc0335c213bad487727ab75faab3bf29d92cb7e3d14a2d3a8d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c93-efb8-439d-b748-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:47.000Z", "modified": "2018-04-18T12:39:47.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '0863bf4a5476b5de02a15c3bdec1604c7d8ab7c8ca1c0546edf2f16a756e0d8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73c94-2d30-45ff-9fff-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:39:48.000Z", "modified": "2018-04-18T12:39:48.000Z", "description": "Win.Dropper.Startsurf-6502245-0", "pattern": "[file:hashes.SHA256 = '39974f2161bc0151692ae2f380d38b626f2b47904f92ce5706e29b2fe05122d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:39:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d16-6bbc-47dd-8e71-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:57.000Z", "modified": "2018-04-20T09:07:57.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.230.82.80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d16-3c70-4009-8cfd-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:57.000Z", "modified": "2018-04-20T09:07:57.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.146.43.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d17-86a0-40c3-a66d-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:57.000Z", "modified": "2018-04-20T09:07:57.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.248.31.6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d17-da38-40bf-9fb6-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:58.000Z", "modified": "2018-04-20T09:07:58.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.185.4.90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d17-67b4-42a8-ba91-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:58.000Z", "modified": "2018-04-20T09:07:58.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.243.255.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ad73d18-fa24-4b78-94c1-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:59.000Z", "modified": "2018-04-20T09:07:59.000Z", "first_observed": "2018-04-20T09:07:59Z", "last_observed": "2018-04-20T09:07:59Z", "number_observed": 1, "object_refs": [ "domain-name--5ad73d18-fa24-4b78-94c1-21a4950d210f" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5ad73d18-fa24-4b78-94c1-21a4950d210f", "value": "checkip.dyndns.org" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d19-80bc-426e-add3-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:07:59.000Z", "modified": "2018-04-20T09:07:59.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:name = 'Files\\\\Content.IE5\\\\SSZWDDXW\\\\W7RSB4SE.htm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:07:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d19-f07c-4db8-8e0b-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:00.000Z", "modified": "2018-04-20T09:08:00.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:name = '\\\\%TEMP\\\\%\\\\serizay.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d19-0744-48a0-b32e-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:01.000Z", "modified": "2018-04-18T12:42:01.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '91122476660eff79e0de0f30752e1cf9b37985013cb2fd6ad51c6ea6f20dbdf5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1a-7044-4255-9e6f-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:02.000Z", "modified": "2018-04-18T12:42:02.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'fccaca287d58a30c33cc6a52e49fc16c9c5f08143624b82c8ea1df216ec42db0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1a-1034-4e73-a261-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:02.000Z", "modified": "2018-04-18T12:42:02.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '6b93b7b97c1d5f3ad00378c8ff279c2f2ef8ba4ca16fdde45fe0557c37e8630a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1b-b110-4c26-a2b6-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:03.000Z", "modified": "2018-04-18T12:42:03.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'e9574e34b580958e83aa060868edf408751f89f2844da98f2a8c4df24a175efd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1b-75b0-491c-8bac-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:03.000Z", "modified": "2018-04-18T12:42:03.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '2b0dbfbc6f7018646a9ec428424986969a8bcf3ca1c4e1b23d7aab3e7e7dda5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1b-de28-44b4-a3b5-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:03.000Z", "modified": "2018-04-18T12:42:03.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'd4be54137269f8b720abd45b5f900e513c8e9c6144169900c673a07b3181006a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1c-5f18-49a5-abd6-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:04.000Z", "modified": "2018-04-18T12:42:04.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '45919cf6c7ca6e97bcbf5f3bcf670db27c29d81aaa50b3563c50ec4e80ec6f4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1c-6158-42bc-8cc9-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:04.000Z", "modified": "2018-04-18T12:42:04.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '388a22678ed13c5fc9a26d8d89a37805143b38d782677b49d9abbfa1dcd47105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1d-71e8-4b2f-a09c-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:05.000Z", "modified": "2018-04-18T12:42:05.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'd9b137bba139689b08b01f59dfc61b161f522c8618cd74321a7ae4531e093ebb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1d-fbb4-4047-afb3-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:05.000Z", "modified": "2018-04-18T12:42:05.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '702c79933e6afba258861251597fc1eb6fada3273a1a3038f4332f09eac44237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1d-3654-4e9d-8677-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:05.000Z", "modified": "2018-04-18T12:42:05.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'ccbf0df625484ab8244a47737514ff698fa00fe2ed8da99e779134c4f96c2a3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1e-2150-46e9-9409-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:06.000Z", "modified": "2018-04-18T12:42:06.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '5c80cd096858030abfb8ec87a0aceb8b9d791dfdc67259e668ec2cabab3abef4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1e-5ee4-43e8-b824-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:06.000Z", "modified": "2018-04-18T12:42:06.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '6b6eb4cc4aa8e3d71a97a8657ffcd27d2bd12466faf3b1f7fcbcd274a4b9561c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1f-014c-4906-8d8c-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:07.000Z", "modified": "2018-04-18T12:42:07.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '06c65a259d7c96000fcec97a7d8c5b6c4d0c8b8e52ed1d45c934a50d0369b3eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1f-5508-42c7-bac1-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:07.000Z", "modified": "2018-04-18T12:42:07.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'f43312efa07fe063b6fd50de8f1bc3e7ccfe27b4d80d9082e8faaced210f6be0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d1f-7944-4903-b661-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:07.000Z", "modified": "2018-04-18T12:42:07.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '84f1fd4c31d0c21517ffe56eea666d6c7954aec47e958c33238b91f6bc9ef0e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d20-7894-432b-ae81-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:08.000Z", "modified": "2018-04-18T12:42:08.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '07cb19e9013ac45d8e99618944ebd9d1a81499239d20800f8aaf5789b6fbb47e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d20-f584-458b-9057-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:08.000Z", "modified": "2018-04-18T12:42:08.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'e122d91eb62a33c8b4ef56b2299caf2f58fd4e48694c97e06c92f858497cf860']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d21-0dc8-4cc0-902c-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:09.000Z", "modified": "2018-04-18T12:42:09.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'ea284de1551e367f736ce661b7342fc3a98297cfa8358972120375702dd14ccf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d21-5ac0-4c8b-8c2f-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:09.000Z", "modified": "2018-04-18T12:42:09.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'e4b38a225a2703c06bcf4d26acc22753a86b74fa461720bda700c1fa2c1b3db6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d21-230c-412b-9b25-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:09.000Z", "modified": "2018-04-18T12:42:09.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'daeded4fb715741d4045fa7ff6e7d81920c3e7ce892c1c29676a51ee70d63712']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d22-75c0-410d-abaf-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:10.000Z", "modified": "2018-04-18T12:42:10.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = 'bc417721acee0afa960d71a7c59acfb6d233384625620bd0856734521b028005']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d22-91cc-4678-99df-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:10.000Z", "modified": "2018-04-18T12:42:10.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '79a50327843a8ccf58147971d1c86945f9a40cd0d4ee35084b8af26c9f5ab210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d23-6508-4f7f-800c-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:11.000Z", "modified": "2018-04-18T12:42:11.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '53e260744b0f3d02c6d629cd466483b79c147d882e6749639631c4c7eeb46808']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73d23-3ff4-40f7-b773-21a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:42:11.000Z", "modified": "2018-04-18T12:42:11.000Z", "description": "Win.Dropper.Upatre-6498441-1", "pattern": "[file:hashes.SHA256 = '2e5bff8f11e5ed171ac94f1a5656014fbffd46b66493c90aaf47b640568faa1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73f73-19b8-4bfc-8b13-7ba5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:00.000Z", "modified": "2018-04-20T09:08:00.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[domain-name:value = '116.151.167.12.in-addr.arpa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa0-6ed0-456b-8abc-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:00.000Z", "modified": "2018-04-20T09:08:00.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.25.185.229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa0-d070-4d34-866b-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:01.000Z", "modified": "2018-04-20T09:08:01.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.231.4.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa1-70a4-4800-81f9-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:01.000Z", "modified": "2018-04-20T09:08:01.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.167.151.116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa1-fde8-43a9-b2f1-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:49.000Z", "modified": "2018-04-18T12:52:49.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'c6eeffc5eb2ee7203e7abef9e60c5edffd5471aa02760e1b2ef0cce5c5a73aa3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa2-33ac-4795-9641-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:50.000Z", "modified": "2018-04-18T12:52:50.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'cd159019d822551dd72c81fc954042275f65deaee88469c05682e7575a27e8e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa2-13e0-409e-a743-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:50.000Z", "modified": "2018-04-18T12:52:50.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'f0bd29ac4f11195c79f8b1812cbf93fcb2b8e67bd219c287e9e93c8136c44a32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa3-fb38-4d1d-8955-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:51.000Z", "modified": "2018-04-18T12:52:51.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '40b0cde3e58f802d799ce9b3baa86d3b03582b8d52af828fcf33a7b71fa704de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa3-c334-4f35-97ee-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:51.000Z", "modified": "2018-04-18T12:52:51.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '842fd3e6342f2eab3bb49c69a6d963e3c7022221bdb074b4437310f8170b2c6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa3-a3b4-46e6-85e7-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:51.000Z", "modified": "2018-04-18T12:52:51.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'e5633dfe5df0eadc14ee162af1c1f47c6350f514f6867cdeea8efeaf2cdd4f90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa4-0dc8-4f29-94b6-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:52.000Z", "modified": "2018-04-18T12:52:52.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'ea088b52681001876b19f1b4c22823d347b734e167cb634208a204d95f6c01f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa4-3f20-40a2-ae9e-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:52.000Z", "modified": "2018-04-18T12:52:52.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '268b1d9cc88537d6ba2301845262a82bc6df00b07a74fa7ead0242e5cf0dc9ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa5-3d2c-40a2-9c8b-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:53.000Z", "modified": "2018-04-18T12:52:53.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '9b389a4e17438eeba6cba94c6359317175b36e38329ae8ccfef2e7bc5d3b5a61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa5-a420-4e9f-a25d-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:53.000Z", "modified": "2018-04-18T12:52:53.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'e411592afee8c0a1d6baab011017672dea44c307ed4ea223999eb0152cd95db6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa5-3bdc-4d75-a2d2-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:53.000Z", "modified": "2018-04-18T12:52:53.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '8ab34d8df0858423dd1f4f70f407ca929cf9300839c783ef40f64024e477b4f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa6-8fd4-47f8-83e6-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:54.000Z", "modified": "2018-04-18T12:52:54.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'c8aeb4cf24afcabea69ac048a658fe031b033534a9cc77e249c03b1d0464a75c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa6-765c-4471-a3b3-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:54.000Z", "modified": "2018-04-18T12:52:54.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '10de8c9c16f71496e3c55f0d50640741449ea8f0e7b84dfabc80e13232dcee74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa7-5400-4faf-bd8b-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:55.000Z", "modified": "2018-04-18T12:52:55.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'd2f102299b545cf1efc42b2e7d2de46dc6edf49b4da4ec4ee475539b21c7bad7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa7-711c-4f2d-ae86-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:55.000Z", "modified": "2018-04-18T12:52:55.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '5a9b3c474315a6cc941b44e2e1563266497d7c3a8fc88653b12d3b6fa9283439']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa7-47dc-4f2e-8c5a-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:55.000Z", "modified": "2018-04-18T12:52:55.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = 'f5c742ff51664195be30bba05c56c909b07cf7a475c570a704435e99ec925c92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa8-f2b4-4348-9cf4-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:56.000Z", "modified": "2018-04-18T12:52:56.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '8d6c39242bb75f30437e3a3712cd54e5f4a1ccba7deef3ced7607c3894391297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa8-8e1c-4c31-a3ba-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:56.000Z", "modified": "2018-04-18T12:52:56.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '5e7847c2c9edb9a8cd764e28cdb8f575fa157846ed1b0e4ccf0612f915a794a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa9-d408-42db-a368-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:57.000Z", "modified": "2018-04-18T12:52:57.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '17595c6caf5362a043f81d32dc30dae30f27354fa9783de374301cbf42be2ff3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa9-f584-442c-9f41-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:57.000Z", "modified": "2018-04-18T12:52:57.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '35dcd9cd70c1047b835736be487536a3f3d6f2c2d40752f40ab278149972c481']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fa9-e6f4-4f0d-9fd4-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:57.000Z", "modified": "2018-04-18T12:52:57.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '6812a316ac2f2fa0affd0977f61a97f7463f3dd77e18b217e8b97e2414d4ea18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73faa-75ac-41d4-ad16-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:58.000Z", "modified": "2018-04-18T12:52:58.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '81233480a520d005f90f203e99bc325fca56eff338e6761a11295315ac9010d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73faa-cbb4-4d33-b945-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:58.000Z", "modified": "2018-04-18T12:52:58.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '8014614d9085f4ada71d6c403e8042ffdd715974ad826a19ec2fb8a4f713ca9f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fab-79a4-43fd-84c1-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:59.000Z", "modified": "2018-04-18T12:52:59.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '1f26c8b1dada5dc707651958630211824886556eb23f77f04d7a4818f8c8e756']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73fab-d5f8-42d8-b922-7b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:52:59.000Z", "modified": "2018-04-18T12:52:59.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[file:hashes.SHA256 = '018ba4d9446e31d228b829f0f90f2f4519b87359d5d5750177152e0b986d8aad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:52:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8250151-a555-4e5e-9239-e4d6a705c550", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:50.000Z", "modified": "2018-04-17T09:35:50.000Z", "pattern": "[file:hashes.MD5 = 'afc9302ffde49d146ad7f58a95040ec5' AND file:hashes.SHA1 = '4d3b0b76b83413777d10b922138c00bb297a249f' AND file:hashes.SHA256 = '1824bb4ea96c6107c6660b104d60073be3a9f5c3bdbbc2c801771fc34a03e01c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:35:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f18a6769-9119-4ce8-8261-38c8c36c6d48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:48.000Z", "modified": "2018-04-17T09:35:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-04T18:18:54", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5bff5-881c-4c74-9573-45d302de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1824bb4ea96c6107c6660b104d60073be3a9f5c3bdbbc2c801771fc34a03e01c/analysis/1383589134/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5bff5-aac0-4292-87a8-43e502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5bff5-8fb4-4324-8915-462602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667d69e-d4e0-49ff-b66d-ee9c0d1606a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:52.000Z", "modified": "2018-04-17T09:35:52.000Z", "pattern": "[file:hashes.MD5 = 'e5c8c53b9d383fcbb0b5659da87dc3b7' AND file:hashes.SHA1 = '560ca9b75304d19ea94d9265617f787ec6b82a72' AND file:hashes.SHA256 = 'ac755dfabf99ea6fc8c334dcef526d1dce3680200deeaac5e80077a27042af9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:35:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2777d3d2-815c-4e73-92b3-e7c5f6a6bb4f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:51.000Z", "modified": "2018-04-17T09:35:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-20T22:53:04", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5bff7-98e0-4c38-b697-4d4c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ac755dfabf99ea6fc8c334dcef526d1dce3680200deeaac5e80077a27042af9c/analysis/1382309584/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5bff7-9530-4b74-b13b-452a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/48", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5bff8-6e88-4e73-bc8b-4ed202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a0f795c-3740-4127-ae11-5719c06e4613", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:55.000Z", "modified": "2018-04-17T09:35:55.000Z", "pattern": "[file:hashes.MD5 = 'a346d50295afa82919cf03e817910796' AND file:hashes.SHA1 = '6e830e1dcb0556efa884b311e595019dac96dd58' AND file:hashes.SHA256 = '6db67b808d476e3412034571798447aafbbe320a0884a417a7d7fae604440c6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:35:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ff6c2680-4cca-4e84-aeef-dbf889d731cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:53.000Z", "modified": "2018-04-17T09:35:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T19:00:25", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5bff9-397c-4aae-a7d2-4dda02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6db67b808d476e3412034571798447aafbbe320a0884a417a7d7fae604440c6e/analysis/1518548425/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5bff9-0498-4b64-a270-4f2002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5bffa-ffc4-4351-8469-4d2a02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f770580-9cd5-4055-8779-f7214ff95236", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:57.000Z", "modified": "2018-04-17T09:35:57.000Z", "pattern": "[file:hashes.MD5 = '2485c3718c9bd94718729a6cc7ac9fbb' AND file:hashes.SHA1 = '407610f3f91a43640c9b5eaa00a84cad5bb647ed' AND file:hashes.SHA256 = '725752c4bda82acf554aad37fe97d08f4367c9a1e5d40b6fe17cdc94adf040fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:35:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ee0ed29e-9ebc-4abb-b406-61d5e5e7d74f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:55.000Z", "modified": "2018-04-17T09:35:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-07T08:19:50", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5bffb-c704-4832-9a55-46aa02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/725752c4bda82acf554aad37fe97d08f4367c9a1e5d40b6fe17cdc94adf040fc/analysis/1523089190/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5bffc-353c-4ea9-a736-4cb802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/66", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5bffc-40a8-4937-a0a4-427402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16dd834b-161d-4a5d-a463-e0fe0c82ddb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:59.000Z", "modified": "2018-04-17T09:35:59.000Z", "pattern": "[file:hashes.MD5 = '09fd1e70c66b1a7a2f47c871052672cf' AND file:hashes.SHA1 = '4f9eb8c56b8cc753806967772b92b357ce0b2327' AND file:hashes.SHA256 = '09cc6c9e39425a71ccdc26ffd8a67179043b20f646286685eea24e6bb00b12d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:35:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c2c034d9-7fc9-4b07-b85e-b77886481632", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:35:58.000Z", "modified": "2018-04-17T09:35:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:22:04", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5bffe-a06c-4b1a-88d8-42a602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09cc6c9e39425a71ccdc26ffd8a67179043b20f646286685eea24e6bb00b12d9/analysis/1523776924/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5bffe-1ebc-46db-b6cc-416802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5bffe-80b0-4f48-a145-4e4e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c3353ab-72a9-4b8d-bf7b-26b82f95bcab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:01.000Z", "modified": "2018-04-17T09:36:01.000Z", "pattern": "[file:hashes.MD5 = '93cfb3115f1c3ee27b8e40be8936ff0c' AND file:hashes.SHA1 = '2579550687a537a79baa0004d051fbeb2dc31d6a' AND file:hashes.SHA256 = '0e1d3984bd6c33ba0fc108329e3906bd074d70ed44a4c7fa6d8f857531bbc437']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ca39f2b2-ab66-4b27-b7c6-c0e6031aa3c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:00.000Z", "modified": "2018-04-17T09:36:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2015-03-30T19:55:02", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c000-0ea8-402a-b3cc-47fa02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0e1d3984bd6c33ba0fc108329e3906bd074d70ed44a4c7fa6d8f857531bbc437/analysis/1427745302/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c000-4e3c-4806-87f8-4a3902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/57", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c001-722c-41ff-b0ed-4db102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4bbac67b-db88-4ff1-b57e-99611cfee662", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:04.000Z", "modified": "2018-04-17T09:36:04.000Z", "pattern": "[file:hashes.MD5 = 'd598b662efc21cb52c8ccc1ab4fa3aee' AND file:hashes.SHA1 = 'fc36673a5adf95ccbc5e4fe8cba82929ac904f79' AND file:hashes.SHA256 = '330a8b46f74f5d4af759b18db64dfd9af2ef3e429d597cd4522148fb78633000']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7d0a5db8-4b69-4b06-b514-861ac2bcc9c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:02.000Z", "modified": "2018-04-17T09:36:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-11T17:37:46", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c002-170c-43f8-9cc3-46a002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/330a8b46f74f5d4af759b18db64dfd9af2ef3e429d597cd4522148fb78633000/analysis/1523468266/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c002-0cb0-4c6e-be1e-48b102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c003-bd48-4b8d-aeac-491e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38195b20-39ab-4f46-a15f-4cac8fa71f0b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:06.000Z", "modified": "2018-04-17T09:36:06.000Z", "pattern": "[file:hashes.MD5 = 'c54f8d34f2640cd64dd4b6f8d852d676' AND file:hashes.SHA1 = 'f562f593819976e50aa911b5fae590e583a2ae33' AND file:hashes.SHA256 = 'd8f1f59b81a985f538fc0a51c85c688794f94b28a06883ba9dadfb4b0c8bccd6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b9326c01-9fbc-4562-9806-9eb7f18f1658", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:04.000Z", "modified": "2018-04-17T09:36:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-17T01:03:38", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c004-c4d8-456b-8fa8-447a02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d8f1f59b81a985f538fc0a51c85c688794f94b28a06883ba9dadfb4b0c8bccd6/analysis/1523927018/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c005-2c28-4a60-b90a-4e1102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/68", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c005-0044-498c-b7c6-464c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23168de0-12c0-4447-aecb-32d09f2215d6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:08.000Z", "modified": "2018-04-17T09:36:08.000Z", "pattern": "[file:hashes.MD5 = 'f26a613b679c97f5355a1c4a4c71948a' AND file:hashes.SHA1 = 'd7403d4e903fdf67db31b5a11267e665e2c03339' AND file:hashes.SHA256 = '13da7abee3f2ea4275c1434900db5ba9f620fde8743eb0ff2388b32897685e0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6ffec30e-27e2-4994-b80e-41bbfc7b35ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:06.000Z", "modified": "2018-04-17T09:36:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2014-01-17T18:07:27", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c006-315c-4d76-9343-42a502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/13da7abee3f2ea4275c1434900db5ba9f620fde8743eb0ff2388b32897685e0b/analysis/1389982047/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c007-d844-412f-9f0f-452202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c007-7ef4-461b-92ca-490d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3797aea4-eab0-4f22-9e6d-a1a543cb0009", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:10.000Z", "modified": "2018-04-17T09:36:10.000Z", "pattern": "[file:hashes.MD5 = 'c642c2a00199c1dfd86bd00a48429afb' AND file:hashes.SHA1 = 'dc7211fb70415814b9af44aaa153c2cc06e0f7df' AND file:hashes.SHA256 = '2b7662b93abcd312eb2c4d66c246af9dc7c43a511fae5dddd11617bf2ced16c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bc2915ec-2b50-47b9-abaa-3481306c33d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:08.000Z", "modified": "2018-04-17T09:36:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T18:09:20", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c009-a5fc-4866-b94a-4e5602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2b7662b93abcd312eb2c4d66c246af9dc7c43a511fae5dddd11617bf2ced16c3/analysis/1518545360/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c009-ce30-4eb8-8647-477e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c009-a58c-4d1b-86f3-408002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9bd8f68-4507-4e45-b3b2-51b238bf210c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:12.000Z", "modified": "2018-04-17T09:36:12.000Z", "pattern": "[file:hashes.MD5 = 'a16b48a1b06af3203312b46fb3012bf0' AND file:hashes.SHA1 = 'f71b209616bfb7e8c6ff07a85076b0537766c8a6' AND file:hashes.SHA256 = '21178d6e06ded3b1a43e98eb781220c37e729ef081bd160f168fc465313ea4ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e050e2a6-56c7-45ff-82a3-771b9fed5773", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:11.000Z", "modified": "2018-04-17T09:36:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:22:15", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c00b-741c-452b-89dd-4d7402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/21178d6e06ded3b1a43e98eb781220c37e729ef081bd160f168fc465313ea4ff/analysis/1523776935/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c00b-157c-48d0-97dd-452602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c00b-3124-453b-a3cc-4c5402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bdfb2aaf-fbc1-4f37-a1c2-3d2e7ab849e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:14.000Z", "modified": "2018-04-17T09:36:14.000Z", "pattern": "[file:hashes.MD5 = 'dfcf5ba6e5fe982c1bcbeecbe8661abb' AND file:hashes.SHA1 = '097e6324f7c65236b791312503b75a736d8b5879' AND file:hashes.SHA256 = '711155de0073adc2f68fc4088253f92f43a696bbf5d8f892f902724be37668f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0b1fa52a-e14a-41b1-870c-6f2f34beb767", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:13.000Z", "modified": "2018-04-17T09:36:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-04T09:38:45", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c00d-12bc-4b1b-8e67-49bf02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/711155de0073adc2f68fc4088253f92f43a696bbf5d8f892f902724be37668f3/analysis/1522834725/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c00d-36e8-4138-aaaa-48ed02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c00e-45a8-4dbc-aca0-46ac02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bf3dff0-e75c-4c33-b4a1-eb598f12b360", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:17.000Z", "modified": "2018-04-17T09:36:17.000Z", "pattern": "[file:hashes.MD5 = '02fe66090aa1e35ab228488e8c1715b0' AND file:hashes.SHA1 = 'a328f25c415918b7717f4ae43f8b177f20db5f48' AND file:hashes.SHA256 = '02cb3c5568577ed9658fcf68b9f776d720e2f7355090b10875f0f9bb2b8ed161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--52911c0c-a5de-4e05-b24b-f95bc38926b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:15.000Z", "modified": "2018-04-17T09:36:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-14T02:11:17", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c00f-fa74-41e5-b5e1-459e02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/02cb3c5568577ed9658fcf68b9f776d720e2f7355090b10875f0f9bb2b8ed161/analysis/1518574277/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c00f-ce08-4ee3-a2ee-4e9502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c010-b3c4-4ffd-bd8b-404502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--614923b5-0de4-4fc9-a207-736b5e32740d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:19.000Z", "modified": "2018-04-17T09:36:19.000Z", "pattern": "[file:hashes.MD5 = 'b3df868e667345393f53f96485413afc' AND file:hashes.SHA1 = '83b45579bc95e9b298bdd78103c92d518226084b' AND file:hashes.SHA256 = 'cc203d955e3e33479423f7b2aea1f13c2ba5895da16159a779407e03e747d116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8ea75fc7-ff1e-45ce-806b-6542e4d5da9c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:17.000Z", "modified": "2018-04-17T09:36:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-09T09:52:55", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c011-2c60-481e-a648-416402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cc203d955e3e33479423f7b2aea1f13c2ba5895da16159a779407e03e747d116/analysis/1383990775/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c012-0eb4-4ac4-b541-4af002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/46", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c012-c674-48f3-bd95-436902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--995bfffe-f2bd-4180-9982-f4700327897d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:21.000Z", "modified": "2018-04-17T09:36:21.000Z", "pattern": "[file:hashes.MD5 = '7d8e7947905be31b08f6b122bdc0e807' AND file:hashes.SHA1 = '382798e0b1a9e3598ba729816f4bdf78af59507c' AND file:hashes.SHA256 = 'df9f1a4e2cb4247132c7442aedfe873c5e801ab048e0236407066c3acd5ec79b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bdda72e7-74f6-4a7e-9ce2-860f07a867cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:19.000Z", "modified": "2018-04-17T09:36:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:23:42", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c013-e2ac-4e4e-8613-473f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/df9f1a4e2cb4247132c7442aedfe873c5e801ab048e0236407066c3acd5ec79b/analysis/1523777022/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c014-a148-4349-a7d3-4b3902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c014-71ec-4406-859c-42cf02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d6d671b-63e1-4e34-add1-f1ac1def5d61", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:23.000Z", "modified": "2018-04-17T09:36:23.000Z", "pattern": "[file:hashes.MD5 = 'd42bbd4720a5505c3beb32bfb6cda8cb' AND file:hashes.SHA1 = '53107a52af70868fabe1372c6a6bcd249acee4d7' AND file:hashes.SHA256 = '786c1b55e5e73fd3c2231d7e6fa0565aacb4fb239807f42c2f0cb83f57186271']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--73b55eba-1b5c-4404-a1fe-f8776317e5db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:21.000Z", "modified": "2018-04-17T09:36:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-18T19:13:24", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c016-f190-42e2-81a0-454202de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/786c1b55e5e73fd3c2231d7e6fa0565aacb4fb239807f42c2f0cb83f57186271/analysis/1382123604/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c016-4f98-4dd9-95bc-42c902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/48", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c016-c640-4cdb-bb28-42de02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4faa8c04-91b8-4cae-a6e4-b7e025fba6fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:25.000Z", "modified": "2018-04-17T09:36:25.000Z", "pattern": "[file:hashes.MD5 = '474037c0cc41ea9a2de42d6b94c759c5' AND file:hashes.SHA1 = '61bd61916fac9af19f735f59c8f20ba9b5b145f8' AND file:hashes.SHA256 = '2a0904b6301b42ed0838633b161c947a781600fc884b0fc499f906a49ea38292']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2c7fb252-23a4-4d0f-a7d2-38ef26d62292", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:24.000Z", "modified": "2018-04-17T09:36:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-11T00:34:44", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c018-f634-48a1-8a91-4ca002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2a0904b6301b42ed0838633b161c947a781600fc884b0fc499f906a49ea38292/analysis/1523406884/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c018-de88-4827-9b63-4f3602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c019-4ee8-4cb9-8d1f-42b102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--973396c7-45b7-4106-addf-ac2d80c845bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:28.000Z", "modified": "2018-04-17T09:36:28.000Z", "pattern": "[file:hashes.MD5 = '9044a2e1ea1eb511db8ab5e918c5fc8e' AND file:hashes.SHA1 = '4e7a00b64fd7861378edd9e29a66401d44fa5c8e' AND file:hashes.SHA256 = 'ef4d20220eaecedc0b3069192843bd5eddc196b25a9e083fd16d19ae100374df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--caf0696e-f479-451b-87c4-55c4e29e725c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:26.000Z", "modified": "2018-04-17T09:36:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-13T06:32:29", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c01a-ae9c-454b-b507-428c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ef4d20220eaecedc0b3069192843bd5eddc196b25a9e083fd16d19ae100374df/analysis/1523601149/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c01a-c70c-4dab-bda5-445e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c01b-6100-4f8b-9d5c-43a202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54f5c200-a42b-4430-bbf0-b9669a922753", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:30.000Z", "modified": "2018-04-17T09:36:30.000Z", "pattern": "[file:hashes.MD5 = '31968f20d5803d91aa2caf76a912634b' AND file:hashes.SHA1 = 'adc3eea50a98ad71035f3f6f7068093b05db0f3c' AND file:hashes.SHA256 = '4a6043017f598162263d52315c79bfcb5fbef86f19d51beb718fe8093dc1af16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c6123b5-074a-48ac-8e18-eacd3427f3e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:28.000Z", "modified": "2018-04-17T09:36:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2014-11-05T19:15:43", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c01c-d378-4efb-9433-4f0b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4a6043017f598162263d52315c79bfcb5fbef86f19d51beb718fe8093dc1af16/analysis/1415214943/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c01d-dd04-4f86-869b-41f502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/53", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c01d-ba24-4191-a04c-480802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31544fd1-56dd-45f2-b82e-92735845680d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:32.000Z", "modified": "2018-04-17T09:36:32.000Z", "pattern": "[file:hashes.MD5 = 'b406938547c8d101f789712862bf292a' AND file:hashes.SHA1 = '1883c127413ef4405118dd1ced7623188994aa2c' AND file:hashes.SHA256 = '5301f9401c7d7ac485d0169085222c64ec2de6f14783cad6150b7c6f0f368c7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c388591-92db-40b6-ae4b-b929b333b015", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:30.000Z", "modified": "2018-04-17T09:36:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:22:37", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c01e-2a58-400a-8eee-407802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5301f9401c7d7ac485d0169085222c64ec2de6f14783cad6150b7c6f0f368c7c/analysis/1523776957/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c01f-ce8c-4917-a7e9-414f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c01f-c22c-4cd7-94f9-42b002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--112a8e0b-9c16-4653-b33c-dd0c9395e5f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:34.000Z", "modified": "2018-04-17T09:36:34.000Z", "pattern": "[file:hashes.MD5 = '07a34546e519b95d3c4c8cf996ed03f9' AND file:hashes.SHA1 = '1848d35c3ba39444aed847cd67f3bac673f43c53' AND file:hashes.SHA256 = '0e1c8a62bd632cd364d16dcf0839531c8dcb443269f4478f301e4adf758977a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c1121a3-79bf-4e3d-9f13-9a8b93a071cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:32.000Z", "modified": "2018-04-17T09:36:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-11T00:24:20", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c021-9578-4271-8266-485d02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0e1c8a62bd632cd364d16dcf0839531c8dcb443269f4478f301e4adf758977a6/analysis/1523406260/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c021-b8a0-4407-bf12-4a8902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/65", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c021-8168-488b-8340-4b3c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94710067-d371-4822-8b18-19de4086162d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:36.000Z", "modified": "2018-04-17T09:36:36.000Z", "pattern": "[file:hashes.MD5 = '05473bd36fd70cc0f24cc88fe36751d4' AND file:hashes.SHA1 = '86a84feeb9bd371d558d1b445592458432912128' AND file:hashes.SHA256 = '4e496591b9c2c9722c07746edfc7892b178b8965bb4c452322caab68b2d5f262']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--682b1d3f-030c-4473-ba89-9cd2fe00057c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:35.000Z", "modified": "2018-04-17T09:36:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-15T23:36:02", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c023-f5dc-416f-b990-477c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4e496591b9c2c9722c07746edfc7892b178b8965bb4c452322caab68b2d5f262/analysis/1518737762/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c023-b014-4478-975d-408d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c023-b9e0-4c8f-a43b-49d102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4801e439-9b95-4e31-b323-19141dc9f661", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:38.000Z", "modified": "2018-04-17T09:36:38.000Z", "pattern": "[file:hashes.MD5 = '674e2b0107ca6fb28cd708baae42c93b' AND file:hashes.SHA1 = '15952246291b8b94607f122ea32997c8fb08f9fd' AND file:hashes.SHA256 = '40a0f808c1fd873c364850d95e2f0adb0ca24740945702de5c0552a5afc60612']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--49706bc5-c3ca-4603-9c8c-27e7b7da5aea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:37.000Z", "modified": "2018-04-17T09:36:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T13:12:24", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c025-f2fc-42c9-a7c1-48cc02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/40a0f808c1fd873c364850d95e2f0adb0ca24740945702de5c0552a5afc60612/analysis/1518959544/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c025-7b28-42f1-bacc-419e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c026-88e0-4a1c-ac0c-432202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a323b8bb-713c-49d2-9182-c5c82a7ad35d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:41.000Z", "modified": "2018-04-17T09:36:41.000Z", "pattern": "[file:hashes.MD5 = '7f77120177fb33bf160aa78901971bde' AND file:hashes.SHA1 = '5a11223ac68b9f231a18ecf8183cd81d67dd74aa' AND file:hashes.SHA256 = 'f34354749657c44beee0b1d7f5cdc4a31c858eab565fc2592f96c69eb9d501e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3b0a52e2-f7d8-4624-9306-b85a5d163797", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:39.000Z", "modified": "2018-04-17T09:36:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-09T05:25:49", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c027-186c-4187-9067-421502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f34354749657c44beee0b1d7f5cdc4a31c858eab565fc2592f96c69eb9d501e1/analysis/1523251549/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c027-3874-4acb-862d-4ce502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c028-71fc-4cb6-94ac-438202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--471e1471-53fb-4110-b102-8cce0d58cf5b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:43.000Z", "modified": "2018-04-17T09:36:43.000Z", "pattern": "[file:hashes.MD5 = '411a12a8f765a78ce4763354c416707d' AND file:hashes.SHA1 = '73e0fcf79d3c5b3499e897b69b0cdfa4d8433b1c' AND file:hashes.SHA256 = '663ecdfa115605418b2826e4de7e289b0cd12849b719c7a171ee7524bf22fe99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--afea6952-1d7c-42e2-8600-2db8d77a821e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:41.000Z", "modified": "2018-04-17T09:36:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-09T23:34:55", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c029-e514-4447-ba2d-408402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/663ecdfa115605418b2826e4de7e289b0cd12849b719c7a171ee7524bf22fe99/analysis/1384040095/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c02a-1ee8-430c-9b60-416e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/46", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c02a-335c-4f39-9973-41ef02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7db6a294-00d5-4a9d-b4ff-29e484eb8d4a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:45.000Z", "modified": "2018-04-17T09:36:45.000Z", "pattern": "[file:hashes.MD5 = '0dd66e761ae86fcea07c2db6b2c1a1d0' AND file:hashes.SHA1 = '4f09185af27ad7ad6c96d5db6c5bb2b38f2ad118' AND file:hashes.SHA256 = 'c7e92cc3f88c7180e2774f2641c593ebebedee3424314fdd8fa8365f6cd0000a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4f42f6bc-bc09-4beb-b412-645e35f3d61c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:43.000Z", "modified": "2018-04-17T09:36:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T22:42:54", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c02b-77a4-4353-b748-469902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7e92cc3f88c7180e2774f2641c593ebebedee3424314fdd8fa8365f6cd0000a/analysis/1518993774/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c02c-4ea0-4c17-9652-44bb02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/58", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c02c-6d8c-4750-b7e0-4a2e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30ffb028-4ee1-479d-ad8e-b16c1c787b24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:47.000Z", "modified": "2018-04-17T09:36:47.000Z", "pattern": "[file:hashes.MD5 = 'fbecbd26e13fae93d2b2a36c5a6a645c' AND file:hashes.SHA1 = 'a5781cb00f1c3b05bb61156b45b2175578c9b973' AND file:hashes.SHA256 = '0a52739b2a45b1002b78230df60dd42d2ffa0897197953639dd627bcc0454134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cdd6e30a-cb0d-4276-8b1c-208f8db7873c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:45.000Z", "modified": "2018-04-17T09:36:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2016-06-08T11:33:10", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c02e-d548-4c2a-b0a9-479e02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0a52739b2a45b1002b78230df60dd42d2ffa0897197953639dd627bcc0454134/analysis/1465385590/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c02e-2570-418f-94ee-467902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/57", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c02e-74a8-44dd-834a-453102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58e315b7-b23a-4232-a7df-24c01f2c6147", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:49.000Z", "modified": "2018-04-17T09:36:49.000Z", "pattern": "[file:hashes.MD5 = '9d34c94b7684098684acb3a5624eed77' AND file:hashes.SHA1 = '6fad9f2313aa377dcfbf24f8f72148f8cbe04220' AND file:hashes.SHA256 = 'c1e6324086192a47c60daee91f9f906c2ceb03cac0c67a8ed3f0a31c37e3a991']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a8ef1585-9219-4fd3-82c4-fd44b510ec44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:48.000Z", "modified": "2018-04-17T09:36:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:23:28", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c030-8f80-475f-9258-446402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c1e6324086192a47c60daee91f9f906c2ceb03cac0c67a8ed3f0a31c37e3a991/analysis/1523777008/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c030-b858-432c-89fc-4aae02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c031-d0cc-4630-abc2-404902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eead743e-4f7b-417e-ab5b-754be3ab4639", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:52.000Z", "modified": "2018-04-17T09:36:52.000Z", "pattern": "[file:hashes.MD5 = 'f04a33fba9e02ac620dae57d3fbef98d' AND file:hashes.SHA1 = '88c485a72af65f3e77cc060677c30e37874d1084' AND file:hashes.SHA256 = 'aebb84da20c2c92da398b1e5fcc8adc6bfe893d5a8b56c5cd1beb42b3fa5f069']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--44db359a-2322-4199-b7b2-ad7047055145", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:50.000Z", "modified": "2018-04-17T09:36:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-10T19:18:03", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c032-f778-46ca-a3f3-427e02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aebb84da20c2c92da398b1e5fcc8adc6bfe893d5a8b56c5cd1beb42b3fa5f069/analysis/1523387883/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c032-bf40-4afa-b471-4f9702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c033-5c78-4ab4-883b-401f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c462c18c-5dd2-474d-9bdb-683249100648", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:54.000Z", "modified": "2018-04-17T09:36:54.000Z", "pattern": "[file:hashes.MD5 = '6edaf925da32588b1a7ff520bf83110f' AND file:hashes.SHA1 = '2392005587724e422ed77412a56c946b220ad5b5' AND file:hashes.SHA256 = '30103085dd67ac6e9bdf14255fc5c8b697d68b810e732b4ae29798b62e5ad677']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--51803a65-599e-4c65-a62e-47cedcfdf679", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:52.000Z", "modified": "2018-04-17T09:36:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-10T00:44:33", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c034-10ac-4225-82af-4e9a02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/30103085dd67ac6e9bdf14255fc5c8b697d68b810e732b4ae29798b62e5ad677/analysis/1384044273/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c034-7bfc-4fdd-a823-4b8902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/45", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c035-7f54-4a87-990c-41cc02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24579f89-a5e2-40a1-b402-1a3f503a9fee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:56.000Z", "modified": "2018-04-17T09:36:56.000Z", "pattern": "[file:hashes.MD5 = '27d69990681a0c6219c580cffaaac5a7' AND file:hashes.SHA1 = '0e9b41fa1a5b36788c1705ccff0cc9e6c702b053' AND file:hashes.SHA256 = '310848da5dd6e75c8df5bc00223582a7b7e6fbef90ca45222948eaba546be3bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4df065d3-0e9e-474e-99f0-ddcfd2163f78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:54.000Z", "modified": "2018-04-17T09:36:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T15:20:06", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c036-33b0-46d0-8894-484c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/310848da5dd6e75c8df5bc00223582a7b7e6fbef90ca45222948eaba546be3bd/analysis/1518535206/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c037-b0dc-43e6-9d77-46cd02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c037-33e0-4c2c-a853-40d202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e397422-74ed-45d1-9b6a-68a3333869ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:58.000Z", "modified": "2018-04-17T09:36:58.000Z", "pattern": "[file:hashes.MD5 = '923d42d648ba3f65d30e82d8a8405f74' AND file:hashes.SHA1 = '955254b67dfcb399cbc2d9124b4a0d15bea94f74' AND file:hashes.SHA256 = '228ffe97f34e097a0cb3b3288ee56a063da65d890b1f888d59d59f0ad2b3bb71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:36:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3136bde9-7b09-4380-9688-b316ff8030a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:57.000Z", "modified": "2018-04-17T09:36:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-12T08:23:46", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c039-9f24-4691-b76c-477c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/228ffe97f34e097a0cb3b3288ee56a063da65d890b1f888d59d59f0ad2b3bb71/analysis/1381566226/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c03a-a9d4-4ff2-8955-4ab002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/45", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c03a-f83c-408b-9649-4cd402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9fa6c94-efe8-4dbf-b103-c24ab19cbbf7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:01.000Z", "modified": "2018-04-17T09:37:01.000Z", "pattern": "[file:hashes.MD5 = '06e083d515104be00cd6558791c44b52' AND file:hashes.SHA1 = 'a7ab277b95e0058962ca6c95e80b7d8585f6b62c' AND file:hashes.SHA256 = 'c21fdd9a5d244aed75890c59094789c2f46815983084f4bc5966ae28630908a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--62a360ce-dbdb-4fbb-8e80-7ce96f87946c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:36:59.000Z", "modified": "2018-04-17T09:36:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T18:46:36", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c03b-efec-49e2-9658-49f102de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c21fdd9a5d244aed75890c59094789c2f46815983084f4bc5966ae28630908a8/analysis/1518547596/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c03c-1684-44bd-bbb9-4d7402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c03c-f0a4-4ab3-b414-440402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f165aa6e-5d89-4258-8673-39c9f6b9948c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:03.000Z", "modified": "2018-04-17T09:37:03.000Z", "pattern": "[file:hashes.MD5 = 'cc09780b9efd18bf7191089cc72c0785' AND file:hashes.SHA1 = 'fcf3b257c6eed1ec42892a8ca951eb3dfde681ce' AND file:hashes.SHA256 = 'ef4b97346e1ee359feff43d136f3dd6031993fb47bdfd25520b4fc3279d3649b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--85cfd077-9915-43ee-80d6-d145645df836", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:02.000Z", "modified": "2018-04-17T09:37:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-28T23:28:36", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c03e-bb64-4c95-9a6c-4f4f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ef4b97346e1ee359feff43d136f3dd6031993fb47bdfd25520b4fc3279d3649b/analysis/1522279716/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c03e-0a1c-4baa-ae31-4cba02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c03e-9894-4877-924f-4ca002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--475a6596-dcd2-4cd5-bde7-91710d2635ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:05.000Z", "modified": "2018-04-17T09:37:05.000Z", "pattern": "[file:hashes.MD5 = 'da4e7c3359edf27e38fbcd1ecfc901c8' AND file:hashes.SHA1 = '67549dcd823b0592a958aa8443ce1c219103ed42' AND file:hashes.SHA256 = 'a1175ff8f5544f4ec078e4d55db4b6aff7a7844e9df2057d3fe906cfa77d25f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--20aa948a-2c13-4806-97db-a0b7b736ef88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:04.000Z", "modified": "2018-04-17T09:37:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-02T14:10:58", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c040-5de4-4352-9aab-42d102de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a1175ff8f5544f4ec078e4d55db4b6aff7a7844e9df2057d3fe906cfa77d25f0/analysis/1383401458/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c040-10d4-4800-ae14-416202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c041-09f4-45ab-8721-433f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f66345c9-da87-4634-807e-95b40b3f7829", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:08.000Z", "modified": "2018-04-17T09:37:08.000Z", "pattern": "[file:hashes.MD5 = '7ab76d9f40f3d9c0e004a81734b2aeb8' AND file:hashes.SHA1 = '9f5ce8fb8f070b03cc4d42a849e2e6563954f553' AND file:hashes.SHA256 = '2f9ca1b196aa915e3c87dabe20f353a4a69ee5998f8559ef8073194918dc7ea9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4f729230-95ef-4dd1-8e92-e3ca84fde7b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:06.000Z", "modified": "2018-04-17T09:37:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-07T09:01:54", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c042-d7b8-4166-920a-4f7902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2f9ca1b196aa915e3c87dabe20f353a4a69ee5998f8559ef8073194918dc7ea9/analysis/1381136514/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c042-e454-4172-a077-4af702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/48", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c043-6468-426b-93d3-4afc02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ec767cb-63b7-4634-936d-ec2c72b7f414", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:10.000Z", "modified": "2018-04-17T09:37:10.000Z", "pattern": "[file:hashes.MD5 = 'c35973540aaffc8843e2b492433b4b78' AND file:hashes.SHA1 = '1dac4d6b1e9e7f8b304d434917c88f6557274c09' AND file:hashes.SHA256 = '082f1ce18a378ec6eb67565fb7bd89cd29db886b44fe4312a863382af9e13df7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e68803ee-8f52-4a45-b1ad-fadc751112e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:08.000Z", "modified": "2018-04-17T09:37:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2016-01-15T09:59:07", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c044-fd14-4282-bdbf-400002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/082f1ce18a378ec6eb67565fb7bd89cd29db886b44fe4312a863382af9e13df7/analysis/1452851947/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c044-8848-471b-8854-43ce02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/56", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c045-d4c0-413f-ae38-47cd02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f1a76d0-7049-4e63-b652-573bad749c33", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:12.000Z", "modified": "2018-04-17T09:37:12.000Z", "pattern": "[file:hashes.MD5 = '083f4b601f084f80b3e10bf3478b68bf' AND file:hashes.SHA1 = 'd21edb550df8eea061eccb60b29bd219c8de3e0c' AND file:hashes.SHA256 = '98f7b5afa98edbfcb4a6f502d9d29e6bb0912a6bcb7a14abe3a9a60e0487b201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--66400a8a-058c-46d1-be9e-5e0a8e28a098", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:10.000Z", "modified": "2018-04-17T09:37:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T18:17:32", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c046-12a4-4e5d-806d-4d2302de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98f7b5afa98edbfcb4a6f502d9d29e6bb0912a6bcb7a14abe3a9a60e0487b201/analysis/1518545852/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c047-94a4-428c-8e26-4ba302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/60", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c047-3624-4dbe-864a-4dd502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7bf71e1-5ed5-46ce-8ba8-a1f4f00e8d19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:14.000Z", "modified": "2018-04-17T09:37:14.000Z", "pattern": "[file:hashes.MD5 = '764f7d194a9fd699715da038b45d0d35' AND file:hashes.SHA1 = '79d20d3242c6a039359161313162c1bb05797d15' AND file:hashes.SHA256 = '2ca04f3c65e3fd16b9c879c7db4cc8025279463dbb965e3954e35106fe952e86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--92a63283-9df8-4cf5-831d-a1d429ae0a04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:12.000Z", "modified": "2018-04-17T09:37:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-16T06:08:59", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c048-1020-475d-ade3-496802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2ca04f3c65e3fd16b9c879c7db4cc8025279463dbb965e3954e35106fe952e86/analysis/1523858939/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c049-d830-4572-9c71-41ca02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/68", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c049-8704-4627-a507-431502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c7451e3-1e01-469b-87a2-8fe5a7a8a1b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:16.000Z", "modified": "2018-04-17T09:37:16.000Z", "pattern": "[file:hashes.MD5 = 'bf6cd7918821245d8cf822167ef41ba7' AND file:hashes.SHA1 = '305047c262f70690e61b90cdf4278b683da83a31' AND file:hashes.SHA256 = '4e27ccfd0c90aab501d16d45b1e9d13bde3e2d6c2ba6d230b7973dcc8567e556']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4f0576c0-d450-4279-9daa-96479dfa26ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:14.000Z", "modified": "2018-04-17T09:37:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-15T08:19:13", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c04a-b8b4-4ec6-b6b5-4bd402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4e27ccfd0c90aab501d16d45b1e9d13bde3e2d6c2ba6d230b7973dcc8567e556/analysis/1381825153/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c04b-9f00-412b-99e8-4cfb02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c04b-b56c-40f0-9fdd-46fe02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe05184f-77b8-4157-80b7-07aa043c9936", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:18.000Z", "modified": "2018-04-17T09:37:18.000Z", "pattern": "[file:hashes.MD5 = '3328804e560b53c97cfe787824bec452' AND file:hashes.SHA1 = 'de50f8d6f17a207ab88dd50127ca8da89f9ff738' AND file:hashes.SHA256 = '599d9e37c39ec47a50b512e01449a37ff3c3354ed0b9b4de2ca7e8f2d3a33bfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2f79727e-28c0-423d-9ed6-8cbf85e2b518", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:16.000Z", "modified": "2018-04-17T09:37:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-14T02:28:48", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c04d-aba0-4ce3-a459-456602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/599d9e37c39ec47a50b512e01449a37ff3c3354ed0b9b4de2ca7e8f2d3a33bfa/analysis/1518575328/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c04d-8e6c-4958-a908-4eab02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c04d-8060-48ba-884f-4f5102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3732f786-fed1-4ec0-81a2-cf90bac3e268", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:20.000Z", "modified": "2018-04-17T09:37:20.000Z", "pattern": "[file:hashes.MD5 = 'ae1d5a422ee778c4ba40e5b224333a9d' AND file:hashes.SHA1 = '7abb25bf3182c58fc2a99b8727a28078eb143058' AND file:hashes.SHA256 = '39c05a8b0d635eb221023154423dd3e26c93d16bb5a16a2512c68bde62996023']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dc2dd4e7-efc4-4d62-8c13-1af4257ee137", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:19.000Z", "modified": "2018-04-17T09:37:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-12T08:22:34", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c04f-bd60-4c59-99f8-452702de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/39c05a8b0d635eb221023154423dd3e26c93d16bb5a16a2512c68bde62996023/analysis/1381566154/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c04f-b45c-46f0-a9e8-494f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c050-1a78-4846-86df-46c202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3bf3ae13-b58d-4f5d-8469-5a34c8122639", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:23.000Z", "modified": "2018-04-17T09:37:23.000Z", "pattern": "[file:hashes.MD5 = 'bcf18963a5f87002ebaa44255af5179d' AND file:hashes.SHA1 = 'cdae45301536fdab9c3cf15dd6b0ccd1d1b579be' AND file:hashes.SHA256 = 'd7e95936470c9747f9c803d3839159e86112afbe49d68b578775f1c29141d502']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--409f2f05-3619-4f32-9c87-2ba0be7d1f14", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:21.000Z", "modified": "2018-04-17T09:37:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-16T07:47:11", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c051-fb3c-4c91-a16e-410e02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d7e95936470c9747f9c803d3839159e86112afbe49d68b578775f1c29141d502/analysis/1518767231/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c051-0784-4c8e-8142-423502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c052-8560-4bfd-8e25-4bbd02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca3966ec-726d-4dcb-81f4-39c21bce3b57", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:25.000Z", "modified": "2018-04-17T09:37:25.000Z", "pattern": "[file:hashes.MD5 = '02324f64dfa4be5bb0f4abafa5a27c51' AND file:hashes.SHA1 = '349c4a436f1544aa76096d9f4100765d133ab49b' AND file:hashes.SHA256 = '3c9c3423951655b97251bf5d3d12fe59fcf96d4274c4887b88744438371fe61b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--54df5a27-b7e9-4370-b86a-434bc5c4bfb0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:23.000Z", "modified": "2018-04-17T09:37:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-15T21:33:00", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c053-32a0-46af-bcae-499c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3c9c3423951655b97251bf5d3d12fe59fcf96d4274c4887b88744438371fe61b/analysis/1518730380/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c054-4f98-4e45-8060-452502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c054-b870-4ed1-8121-461e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54175632-8cf7-4b49-934a-da9ed750f839", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:27.000Z", "modified": "2018-04-17T09:37:27.000Z", "pattern": "[file:hashes.MD5 = 'c080899fd8c4c1a77df313c70d1ce2ff' AND file:hashes.SHA1 = 'f38e818652e93bea7cea5bde4da7b511fa221fa4' AND file:hashes.SHA256 = '44f6b3cea3a371a7cd6161739dcc6f9f96a40c8c732b1acd8042a2991a9bbf73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1602037e-3d0a-4d7c-aad4-690589211f3d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:25.000Z", "modified": "2018-04-17T09:37:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T10:33:07", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c055-08a4-4c7c-897e-467402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/44f6b3cea3a371a7cd6161739dcc6f9f96a40c8c732b1acd8042a2991a9bbf73/analysis/1523788387/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c056-3c48-4e4f-9f54-46d902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c056-83ac-431f-80f8-494c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22060082-286e-4e92-a9de-5932cc66684c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:29.000Z", "modified": "2018-04-17T09:37:29.000Z", "pattern": "[file:hashes.MD5 = '1772c2d5cbb68dbb3d6436f0e03587d2' AND file:hashes.SHA1 = 'd5ffc39edb0660e6e4c678d6bc8453172ed8e96f' AND file:hashes.SHA256 = '380545cfde4acaf2c29969d175db1cecd28c5691693e097e52da5c0e886a8301']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--da7a7be3-a8bf-4a4b-942e-6366ca70d287", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:27.000Z", "modified": "2018-04-17T09:37:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2014-11-06T23:59:48", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c058-fc54-4bee-bfaf-41f502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/380545cfde4acaf2c29969d175db1cecd28c5691693e097e52da5c0e886a8301/analysis/1415318388/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c058-4f48-47ed-898c-435b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/54", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c058-9ab0-43c1-8ec2-4e5a02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc3cbc70-c086-48a4-8c6e-faf4f66dc4fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:31.000Z", "modified": "2018-04-17T09:37:31.000Z", "pattern": "[file:hashes.MD5 = 'c3cac81d6f2b9eef489e93ab8f3f73db' AND file:hashes.SHA1 = 'f8394dd33bd8adf68c9741f16c49cac87452518f' AND file:hashes.SHA256 = '036d8c2a089ea0870fa37060c96928789a8b373ca0795d1c06db443b53dc5882']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fe8692b8-47ed-49ae-ac84-c200cf0fb40b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:30.000Z", "modified": "2018-04-17T09:37:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-16T00:01:10", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c05a-d550-4d9d-a9b0-44f602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/036d8c2a089ea0870fa37060c96928789a8b373ca0795d1c06db443b53dc5882/analysis/1518739270/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c05a-96d8-4354-93e7-4f8402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c05b-1c4c-4560-9695-45d602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f971946a-c11f-4e87-958e-b1216469856d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:34.000Z", "modified": "2018-04-17T09:37:34.000Z", "pattern": "[file:hashes.MD5 = 'b1941d4166446c06d6d632e970d92636' AND file:hashes.SHA1 = 'b9dc3b298aad57e771b67bc5f1e233ffb8ffd5c6' AND file:hashes.SHA256 = 'acaa87b92f1e2ee316033624e4760ca4f9c781e82b72949c46861c7652cf74c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7fc03e03-5dfe-4d7b-9ca9-d4f2c47233fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:32.000Z", "modified": "2018-04-17T09:37:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T18:43:15", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c05c-c4b4-4a8b-8d70-449402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/acaa87b92f1e2ee316033624e4760ca4f9c781e82b72949c46861c7652cf74c2/analysis/1518547395/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c05c-9500-4c70-b41d-4fca02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c05d-4c84-4704-8334-403402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--820f1598-4c73-4860-8239-acc32c501496", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:36.000Z", "modified": "2018-04-17T09:37:36.000Z", "pattern": "[file:hashes.MD5 = '1d1f1a00e81ea25b47ce8ab5f985e613' AND file:hashes.SHA1 = 'dbb963bbafa980549c37f910f88e74384116dc5a' AND file:hashes.SHA256 = 'fdb559a29e0374fa7ce71d8661400fcc2d2db7d3486822a5cf1e0eba5c5634c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--686748b5-288c-48a2-9596-1fc1e96df87b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:34.000Z", "modified": "2018-04-17T09:37:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-10T04:18:12", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c05e-b79c-4038-8b10-456902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fdb559a29e0374fa7ce71d8661400fcc2d2db7d3486822a5cf1e0eba5c5634c8/analysis/1381378692/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c05e-e100-4ffd-8a55-442202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/48", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c05f-2354-4d54-8aad-492802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b31f6f2-1afa-4cc1-b1c9-3939d61c351e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:38.000Z", "modified": "2018-04-17T09:37:38.000Z", "pattern": "[file:hashes.MD5 = 'abdf720306ad14a86c6398e54f0be09d' AND file:hashes.SHA1 = '0cb24debe4cbc25c4f0c52911fdb98078e275511' AND file:hashes.SHA256 = '9dc0c514ea1aaa91c1255857cb261bd6c94f8565ffef4420b75c5d5320717b09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c3012495-b7ed-4916-9049-53b6c65ac11b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:36.000Z", "modified": "2018-04-17T09:37:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-22T08:18:41", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c060-6404-401e-af9d-459902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9dc0c514ea1aaa91c1255857cb261bd6c94f8565ffef4420b75c5d5320717b09/analysis/1385108321/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c061-ba4c-4bc3-867f-4bee02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/40", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c061-2068-4c26-b711-491402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4febf0f3-b71a-45e4-baed-ebd75779a918", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:40.000Z", "modified": "2018-04-17T09:37:40.000Z", "pattern": "[file:hashes.MD5 = '8efc70786479935b96f803fe10cb6044' AND file:hashes.SHA1 = 'b6ff511bf3089529d49b66ed3cbb6253b6d94193' AND file:hashes.SHA256 = '8fdabcedb02b4ae9364e53f38738710a1f6e9851077c29dbda34cf934229b47d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--872d5324-22bb-4366-a495-9cfe1ab1fcb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:38.000Z", "modified": "2018-04-17T09:37:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-10T07:16:17", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c062-6b68-4143-8d55-49dd02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8fdabcedb02b4ae9364e53f38738710a1f6e9851077c29dbda34cf934229b47d/analysis/1381389377/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c063-6d60-4e3b-a972-490a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "17/43", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c063-d884-4fe3-87c7-4a1b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b366383d-8567-41d5-8bd2-098a72d6410b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:42.000Z", "modified": "2018-04-17T09:37:42.000Z", "pattern": "[file:hashes.MD5 = 'fa3cc35f616ee7a76d412fd7b1844d13' AND file:hashes.SHA1 = 'e436d27ebd89381f69a5b2f877d7a9b9e96aa330' AND file:hashes.SHA256 = '4d0f0b7c9a3b8694895275fcc45aa1df3e6f2ad0c58563a40ac80776c705f821']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c18455f9-0c99-40ad-9307-b6c207b78199", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:40.000Z", "modified": "2018-04-17T09:37:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-14T02:26:09", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c064-2b64-42fc-a8be-407102de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d0f0b7c9a3b8694895275fcc45aa1df3e6f2ad0c58563a40ac80776c705f821/analysis/1518575169/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c065-f684-449c-a824-41d202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c065-b56c-4c67-81dc-493002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--338c09b1-8889-4266-bc9c-9b6198986d8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:44.000Z", "modified": "2018-04-17T09:37:44.000Z", "pattern": "[file:hashes.MD5 = '3bc9ae5f2b9e828fa6da848e1bd80ae4' AND file:hashes.SHA1 = 'cbde1c5e0a62d24f295debb65e6a4e9a677a7e0f' AND file:hashes.SHA256 = '6bd38baca4b923c26628e9dcf9ee64d8bcc5c4ba9cb9f2298e32f8db7816de08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed59d7cd-6596-4802-b2c8-8bc71943c90f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:43.000Z", "modified": "2018-04-17T09:37:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-10T07:18:37", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c067-9f84-4c25-87c3-440b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6bd38baca4b923c26628e9dcf9ee64d8bcc5c4ba9cb9f2298e32f8db7816de08/analysis/1381389517/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c067-a25c-424e-ba70-423c02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c067-d180-4bc8-9d4b-44aa02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b0cbf41-9f55-4c12-af30-95638bcb9724", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:46.000Z", "modified": "2018-04-17T09:37:46.000Z", "pattern": "[file:hashes.MD5 = '7fb513b75ccf200bf82351a9e41a0973' AND file:hashes.SHA1 = '0f77fb6b52f2b76a3675d5a7cf872966710f812c' AND file:hashes.SHA256 = 'c7dcf76652af54cf4cbbfdfc4fa5cc8d4a8e1807d478eceee32270260dbfecf7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ddd0eeec-07f6-4e82-aa68-2237276ef93e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:45.000Z", "modified": "2018-04-17T09:37:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-13T11:14:58", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c069-447c-468d-887d-4df002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7dcf76652af54cf4cbbfdfc4fa5cc8d4a8e1807d478eceee32270260dbfecf7/analysis/1381662898/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c069-2d8c-4cd0-a08c-465102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c06a-89a0-4cff-8102-440b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23d68864-87dc-40f6-8bdb-0382a2de717f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:49.000Z", "modified": "2018-04-17T09:37:49.000Z", "pattern": "[file:hashes.MD5 = '0b552b46d59aaade686dbb4cac9bc71f' AND file:hashes.SHA1 = '45dabdbc4b4608f9341d29fdf403026b9ab72ea7' AND file:hashes.SHA256 = '8ecfcfc939e40cc943df83f548286c2f7f519a53e195b3ae595e0bef39baee29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6a099e7c-a5dd-400b-8bca-df7575a5f1e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:47.000Z", "modified": "2018-04-17T09:37:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-30T01:34:25", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c06b-39f4-4699-a5b4-417602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8ecfcfc939e40cc943df83f548286c2f7f519a53e195b3ae595e0bef39baee29/analysis/1522373665/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c06b-d7d0-4c66-b15e-4d0202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/66", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c06c-f244-4d49-9511-486002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf50fe3f-7ce4-4162-bee5-5b58898ff862", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:51.000Z", "modified": "2018-04-17T09:37:51.000Z", "pattern": "[file:hashes.MD5 = 'a24a18a8496520e1c5683334e0180d13' AND file:hashes.SHA1 = '0d5a0bbf4f2181ec29dcc403b5b5911aec64a617' AND file:hashes.SHA256 = '6856286bb8ac5961f58831e7e4fa6debe7a4a399e5ffa56d37e7ca78f1588871']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e031d087-ef4b-4824-9859-b46854c2939b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:49.000Z", "modified": "2018-04-17T09:37:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T19:38:44", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c06d-f844-4fc9-a9e8-4ebb02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6856286bb8ac5961f58831e7e4fa6debe7a4a399e5ffa56d37e7ca78f1588871/analysis/1518550724/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c06e-c090-4419-af65-4ea302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c06e-3220-4587-a392-47a202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2d09237-7842-4a7c-9966-66901fed8c9d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:53.000Z", "modified": "2018-04-17T09:37:53.000Z", "pattern": "[file:hashes.MD5 = '022fc987b7cd2f7530b694f1ca3fd867' AND file:hashes.SHA1 = 'ab0e9d0b4f009d91f218dd57aece93f29ffc1526' AND file:hashes.SHA256 = '66c2586add3eac9184972cfc7a6172532c16dc0d1e1f874e4cd3fa2276657c2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f2130b6f-d3b1-4d06-9938-964ee58f732c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:51.000Z", "modified": "2018-04-17T09:37:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-14T02:31:17", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c06f-923c-4d45-b22a-471a02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/66c2586add3eac9184972cfc7a6172532c16dc0d1e1f874e4cd3fa2276657c2a/analysis/1518575477/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c070-93bc-4aee-99d9-4d3402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c070-a65c-43e0-be04-424f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93d0b571-4b57-409a-8616-fe681227c5b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:55.000Z", "modified": "2018-04-17T09:37:55.000Z", "pattern": "[file:hashes.MD5 = 'a6480a1ca24847268d44b032a86e8e5f' AND file:hashes.SHA1 = '21cbdf4557ba7480d1206bcd6cd6765f25381218' AND file:hashes.SHA256 = 'ac6fbd8f18bb93cfac31af73eb9cf6a1aa925b95d44b42b3659ecfd49209ec76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef46be73-9a3e-44c3-83c2-4ede304d137b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:53.000Z", "modified": "2018-04-17T09:37:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:23:18", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c071-afa8-4c27-8542-468802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ac6fbd8f18bb93cfac31af73eb9cf6a1aa925b95d44b42b3659ecfd49209ec76/analysis/1523776998/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c072-8e14-4de4-b957-408302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/68", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c072-3314-4e01-aa37-430202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3888401-a744-46ca-af6a-ebd96da536f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:57.000Z", "modified": "2018-04-17T09:37:57.000Z", "pattern": "[file:hashes.MD5 = '62f93f7c41eb93f73152d7318075938c' AND file:hashes.SHA1 = '9257e517c6fcff239b29856bf912c80d6015ba6c' AND file:hashes.SHA256 = 'cb2155b65879f66eb449b60a90c632c701fbea7ac8d4011e3b24b238c3302de0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d0fb5f61-30c3-4b2e-a514-31fc3fff048f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:56.000Z", "modified": "2018-04-17T09:37:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-10-10T07:16:18", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c074-e918-4986-8a4b-44d102de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cb2155b65879f66eb449b60a90c632c701fbea7ac8d4011e3b24b238c3302de0/analysis/1381389378/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c074-e6bc-4229-bdaa-488602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c074-8df4-4246-8a6a-419d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48f7985a-f575-46f2-b2a6-d8f9f349e20d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:59.000Z", "modified": "2018-04-17T09:37:59.000Z", "pattern": "[file:hashes.MD5 = '2d0398564ff410100e31e772d75b109e' AND file:hashes.SHA1 = 'c4b66d9732769033ae7450faf18a6e88653ebc64' AND file:hashes.SHA256 = '70d50a77db7cb028163638a7e58c354e1fbab4757323ad9eccfb51e9b257f83c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:37:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1ef1d86b-f368-4bf7-899f-8e2141bf5ae7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:37:58.000Z", "modified": "2018-04-17T09:37:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-11T11:15:54", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c076-6f40-41ea-8620-4abc02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/70d50a77db7cb028163638a7e58c354e1fbab4757323ad9eccfb51e9b257f83c/analysis/1523445354/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c076-ace4-445e-88c7-4ec702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c077-11fc-46a9-9802-4f7302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bbb9a50d-b258-4447-b8a5-c15bf7581ae8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:02.000Z", "modified": "2018-04-17T09:38:02.000Z", "pattern": "[file:hashes.MD5 = '4dc1b426f104f24bc26ccb2370cb3dc6' AND file:hashes.SHA1 = 'b5bbcd25a910d03fa056ccbd5d038e026070a0a1' AND file:hashes.SHA256 = '35c996576eba666a33e26bc25122196de365465da8ebee70930b9c4ec6be7313']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0a443b7d-1866-4230-b65b-dedabfe03e83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:00.000Z", "modified": "2018-04-17T09:38:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:22:25", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c078-0b0c-47f2-b71b-4cc602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/35c996576eba666a33e26bc25122196de365465da8ebee70930b9c4ec6be7313/analysis/1523776945/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c078-0fd0-4129-86c7-428102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/68", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c079-a16c-4ab0-9747-4b2302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34f4e2b6-3c81-4759-984f-86d7b4918862", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:04.000Z", "modified": "2018-04-17T09:38:04.000Z", "pattern": "[file:hashes.MD5 = '00145e4e28e265313235ac7f6dbbd780' AND file:hashes.SHA1 = 'c0de7c159022c157bfca575defd1aa954889e477' AND file:hashes.SHA256 = 'c76394aaf293cbf4bf3b9d7a94c251feac11435204664d700bb4bd87da3c1898']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--332bc7c4-5a4e-4d1f-ad95-ba547a1bd03d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:02.000Z", "modified": "2018-04-17T09:38:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T19:26:44", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c07a-3250-4563-8e46-4bc902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c76394aaf293cbf4bf3b9d7a94c251feac11435204664d700bb4bd87da3c1898/analysis/1518550004/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c07a-1ef4-4e49-8026-44e002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c07b-1578-4e88-8b74-44f402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1fc796f-8f35-4217-a3cc-d034728cab47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:06.000Z", "modified": "2018-04-17T09:38:06.000Z", "pattern": "[file:hashes.MD5 = 'c0f96b7e834dbe37e433b6303922ca42' AND file:hashes.SHA1 = '400b9782c5d1c95a6d3f1824e767abb45f07d26c' AND file:hashes.SHA256 = 'b609c46124d069b2299de3896a5cc2f7540e4effcba462e7f5300573666efd4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--91de0b6e-f4f2-43e9-8ea7-3f3e5341eecb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:04.000Z", "modified": "2018-04-17T09:38:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-16T05:49:02", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c07c-90e8-4e3d-ac7d-45b202de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b609c46124d069b2299de3896a5cc2f7540e4effcba462e7f5300573666efd4a/analysis/1518760142/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c07d-7038-431d-bbd2-4f1b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c07d-8048-4f17-8d40-477b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d5831df-85b4-49dd-ac0e-a65280af1025", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:08.000Z", "modified": "2018-04-17T09:38:08.000Z", "pattern": "[file:hashes.MD5 = 'a0f504db6b930307d2ed8d4237288627' AND file:hashes.SHA1 = 'b69e6e1c4412b1c7242bd68f4ad69f4441b7bbef' AND file:hashes.SHA256 = '61dede4113d1eda504f7360ae535cd88ede9425722db4a43577185d0312acd5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0475bcfd-dcdf-44d2-87b0-2083883a290c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:06.000Z", "modified": "2018-04-17T09:38:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-11T14:55:26", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c07e-26a4-4da5-b319-4fa002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/61dede4113d1eda504f7360ae535cd88ede9425722db4a43577185d0312acd5a/analysis/1384181726/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c07f-20a0-4939-817f-40e002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c07f-1060-46e6-8da7-40de02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2bd61b04-6327-416d-b613-a56d7c4a6dfe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:10.000Z", "modified": "2018-04-17T09:38:10.000Z", "pattern": "[file:hashes.MD5 = '06961bc6bdd66e7dbf9411f48a97ac54' AND file:hashes.SHA1 = 'd41d6b1778be5558caac06c5793ae26d764316a5' AND file:hashes.SHA256 = '2eed2f22d055d605a8387d35610e4e82815eb29b7212de12088202efa54d3c31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--610984d9-b024-4156-9823-26b761e17e15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:08.000Z", "modified": "2018-04-17T09:38:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T21:48:04", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c080-a43c-4826-a378-492602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2eed2f22d055d605a8387d35610e4e82815eb29b7212de12088202efa54d3c31/analysis/1518558484/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c081-ca64-4898-94a0-476002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c081-e8fc-4cc3-95df-423702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bebd57c-bb57-4da1-a8b1-97fb53694f80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:12.000Z", "modified": "2018-04-17T09:38:12.000Z", "pattern": "[file:hashes.MD5 = '3c439eb4f27e7b5a12a2eb2d45f5ddae' AND file:hashes.SHA1 = '18d057a246f5fdaebf913567c6da86c18f257a1a' AND file:hashes.SHA256 = 'd62ee1186d8a8c7d84b2a03e0bee1c13c47d133a55238ba7c367f9539e6c9b17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4d3f77ed-8659-4a4c-8a0f-65c772c7a7fe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:10.000Z", "modified": "2018-04-17T09:38:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:23:38", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c083-90a4-479b-a98e-491b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d62ee1186d8a8c7d84b2a03e0bee1c13c47d133a55238ba7c367f9539e6c9b17/analysis/1523777018/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c083-15e0-4fce-b961-456f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c083-c6e0-4ffb-80e2-4ca202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b91d5808-92ad-4fa7-9b4d-7348cc563091", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:14.000Z", "modified": "2018-04-17T09:38:14.000Z", "pattern": "[file:hashes.MD5 = 'da6963cf4251a26a96783e36d7f79f6a' AND file:hashes.SHA1 = '8b626ec47c9839a787205ee0fa0f4a96cb500f5f' AND file:hashes.SHA256 = '3538c0a7785ab6d418112d10cd6844ded5745064840d18d74d9b978dea1fe1a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7994aa0e-7f14-4988-8820-5ffe04a261d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:13.000Z", "modified": "2018-04-17T09:38:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-08T21:26:04", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c085-63c4-49a7-b955-49a502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3538c0a7785ab6d418112d10cd6844ded5745064840d18d74d9b978dea1fe1a9/analysis/1523222764/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c085-23cc-4f44-b955-4acd02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/66", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c085-26d0-4136-b322-4c6a02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f46250f9-0e9b-4e25-9bee-b06e384c3a53", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:16.000Z", "modified": "2018-04-17T09:38:16.000Z", "pattern": "[file:hashes.MD5 = 'a0e97a3709647edd15c5343a3e881200' AND file:hashes.SHA1 = '8f66efb93622c8352e15fae4292527984599c55e' AND file:hashes.SHA256 = '5795c26debe0c06d1f1968730a84efeed69f0493b23f8411b3ea60781e7a24a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c4796178-b6f0-433b-96a2-9b72e558e59a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:15.000Z", "modified": "2018-04-17T09:38:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T19:19:28", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c087-9274-4fb1-b3d0-49eb02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5795c26debe0c06d1f1968730a84efeed69f0493b23f8411b3ea60781e7a24a7/analysis/1518549568/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c087-3814-490e-8392-457702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c088-3c04-4ee2-9708-495802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--911c04f4-f1f2-44c4-8242-c69e588493f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:19.000Z", "modified": "2018-04-17T09:38:19.000Z", "pattern": "[file:hashes.MD5 = '06d1487a0d9a2f8ca4120aeff4ef93fa' AND file:hashes.SHA1 = '2fb0fe6a72310fcd505ade5ee3a3c362f0c758b0' AND file:hashes.SHA256 = '0073f6d57c2e4ca1871dc1a5e270160e734b2d79bd9b7b55b82a8ddc53aaac0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d436e73b-9629-4c08-988b-73650cd12315", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:17.000Z", "modified": "2018-04-17T09:38:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-13T21:17:14", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c089-24a8-42f6-94d0-492002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0073f6d57c2e4ca1871dc1a5e270160e734b2d79bd9b7b55b82a8ddc53aaac0f/analysis/1518556634/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c089-4654-407b-babc-43c202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad5c08a-d820-499b-a0da-488e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c878521d-9b6b-4046-a3d2-fc9798c3c8df", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:21.000Z", "modified": "2018-04-17T09:38:21.000Z", "pattern": "[file:hashes.MD5 = '88c5c5d977ed5d0f5007d66c9fb4bc80' AND file:hashes.SHA1 = 'a79c5a2ebde210b39968f035e90aca3ceff5e728' AND file:hashes.SHA256 = '3784e5b40ff8687265efe5dacfd5b6c9d744fe294f425703ddafbf687192eb8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--03a28507-7341-429a-afef-14f0e4faeae6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:19.000Z", "modified": "2018-04-17T09:38:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2013-11-08T21:56:31", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c08b-afa0-412d-be09-49eb02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3784e5b40ff8687265efe5dacfd5b6c9d744fe294f425703ddafbf687192eb8e/analysis/1383947791/", "category": "External analysis", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c08b-5980-44bf-bd61-47ab02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/47", "category": "Other", "comment": "Win.Dropper.Shipup-6503419-0", "uuid": "5ad5c08c-62c4-4015-a50d-434502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac554dac-0487-4973-be4d-4d2efbcfc1b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:23.000Z", "modified": "2018-04-17T09:38:23.000Z", "pattern": "[file:hashes.MD5 = '781ae76246f0877046045aca91083de1' AND file:hashes.SHA1 = '69349f7d58ef25c33857a7a27162774b93d14aaa' AND file:hashes.SHA256 = '96847279dd3564a5d689bf310483fe351fac55e54a440d15e55f0bb7d35baab6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--49e363d6-17fc-41dc-b434-a102e236ceba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:21.000Z", "modified": "2018-04-17T09:38:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-10T06:49:31", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c08d-af7c-4867-80d7-489902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/96847279dd3564a5d689bf310483fe351fac55e54a440d15e55f0bb7d35baab6/analysis/1523342971/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c08d-a090-4986-b12c-4e7502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/67", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c08e-6c1c-40fa-9bad-464002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7606e8b5-261a-40ea-99e1-383c9a1c85f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "pattern": "[file:hashes.MD5 = '644cc5ba8fd3ed19e266a7542d7ff99e' AND file:hashes.SHA1 = 'f9c780e91fccb4b657eab0240f18e09b94b460e0' AND file:hashes.SHA256 = '3d756dcf4397cb6b0d406b9f70eb18029965fce0110c0290af6ad73468aa2c1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T09:38:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a0ebe82c-5513-4e78-9d9c-2b1ee9be03c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T09:38:23.000Z", "modified": "2018-04-17T09:38:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-15T07:22:28", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c08f-66fc-4b5f-ad6f-43d202de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3d756dcf4397cb6b0d406b9f70eb18029965fce0110c0290af6ad73468aa2c1f/analysis/1523776948/", "category": "External analysis", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c090-5be8-49d0-bcff-4d0202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/68", "category": "Other", "comment": "Win.Dropper.Generic-6502500-0", "uuid": "5ad5c090-d8ac-4d3d-b12f-45ac02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d64c-0d2c-486c-99c7-a0bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:14:22.000Z", "modified": "2018-04-17T11:14:22.000Z", "description": " Win.Dropper.Generickdz-6500702-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\RUNONCE' AND windows-registry-key:values[0].data = 'kdivknmyqwz' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:14:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d680-5248-4175-bd12-d066950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:12:00.000Z", "modified": "2018-04-17T11:12:00.000Z", "description": " Win.Dropper.Generickdz-6500702-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'ProxyServer' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d764-6f6c-4d61-aed1-48bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:16:14.000Z", "modified": "2018-04-17T11:16:14.000Z", "description": " Win.Dropper.Generickdz-6500702-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'AutoDetect' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:16:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d7de-2ab4-472e-9bba-2440950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:17:50.000Z", "modified": "2018-04-17T11:17:50.000Z", "description": " Win.Dropper.Generickdz-6500702-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'ProxyOverride' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:17:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d82c-72a8-406a-a4cb-a0bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:19:08.000Z", "modified": "2018-04-17T11:19:08.000Z", "description": " Win.Dropper.Generickdz-6500702-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'ProxyEnable' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:19:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5d855-b3e0-450a-bfbd-d095950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:19:49.000Z", "modified": "2018-04-17T11:19:49.000Z", "description": " Win.Dropper.Generickdz-6500702-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'AutoConfigURL' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:19:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5df94-d030-4f98-bae7-44c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T11:50:44.000Z", "modified": "2018-04-17T11:50:44.000Z", "description": "Win.Dropper.Generic-6502500-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\POLICIES\\\\EXPLORER\\\\RUN' AND windows-registry-key:values[0].data = 'NZVHFTBPMBN' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T11:50:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fa35-f650-49aa-81ab-4655950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:44:21.000Z", "modified": "2018-04-17T13:44:21.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\SYSTEMCERTIFICATES\\\\ROOT\\\\CERTIFICATES\\\\9B4DFF593EC4945503B76D97E83BADF6893F2597' AND windows-registry-key:values[0].data = 'Blob' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:44:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fa7f-2914-45a7-98fc-45bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:45:35.000Z", "modified": "2018-04-17T13:45:35.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES' AND windows-registry-key:values[0].data = 'DefaultInstance' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:45:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5faa2-477c-4823-9ba7-4e7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:46:10.000Z", "modified": "2018-04-17T13:46:10.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES\\\\MAGSV INSTANCE' AND windows-registry-key:values[0].data = 'Altitude' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:46:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fad4-36a0-4a9d-b4ae-40b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:47:00.000Z", "modified": "2018-04-17T13:47:00.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES\\\\MAGSV INSTANCE' AND windows-registry-key:values[0].data = 'Flags' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:47:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fd0d-c14c-4e4f-8529-41a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:56:29.000Z", "modified": "2018-04-17T13:56:29.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES\\\\MAGSV INSTANCE' AND windows-registry-key:values[0].data = 'Flags' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fd2c-951c-499f-9a2d-4650950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T13:57:00.000Z", "modified": "2018-04-17T13:57:00.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'atimode' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T13:57:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fefa-8fac-478c-bef3-4f19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:04:42.000Z", "modified": "2018-04-17T14:04:42.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'shield_count' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:04:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5ff8f-9db8-443b-9835-40b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:07:11.000Z", "modified": "2018-04-17T14:07:11.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'set_pt' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:07:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5ffb4-6e7c-4470-9b29-4c86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:07:48.000Z", "modified": "2018-04-17T14:07:48.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'set_pt' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:07:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad5fff2-a58c-40ca-9898-41a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:08:50.000Z", "modified": "2018-04-17T14:08:50.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'set_bl' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:08:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60018-0020-4e76-bbc1-4034950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:09:28.000Z", "modified": "2018-04-17T14:09:28.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\SYSTEMCERTIFICATES\\\\ROOT\\\\CERTIFICATES' AND windows-registry-key:values[0].data = '9B4DFF593EC4945503B76D97E83BADF6893F2597' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad601c5-1420-47fd-918b-42c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:16:37.000Z", "modified": "2018-04-17T14:16:37.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\SYSTEMCERTIFICATES\\\\ROOT\\\\CERTIFICATES' AND windows-registry-key:values[0].data = '9B4DFF593EC4945503B76D97E83BADF6893F2597' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:16:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60217-e4bc-4470-b1e6-43fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:17:59.000Z", "modified": "2018-04-17T14:17:59.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\TCPIP6\\\\PARAMETERS' AND windows-registry-key:values[0].data = 'DisabledComponents' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:17:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60231-3f60-4002-88a6-8ee9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:18:25.000Z", "modified": "2018-04-17T14:18:25.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'ImagePath' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad602de-93f8-4977-bd92-4336950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:21:18.000Z", "modified": "2018-04-17T14:21:18.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'DisplayName' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:21:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6030d-01fc-4395-b374-4e42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:22:05.000Z", "modified": "2018-04-17T14:22:05.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\WOW6432NODE\\\\MICROSOFT\\\\NETWORK\\\\FILESERVICE' AND windows-registry-key:values[0].data = 'Liveup' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60339-e7a8-4868-affe-4f0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:22:49.000Z", "modified": "2018-04-17T14:22:49.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\WOW6432NODE\\\\MICROSOFT\\\\NETWORK\\\\FILESERVICE' AND windows-registry-key:values[0].data = 'igfxmtc_time' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:22:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60491-c5b0-4344-9c7b-4ebf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:28:33.000Z", "modified": "2018-04-17T14:28:33.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\TCPIP\\\\PARAMETERS' AND windows-registry-key:values[0].data = 'DisableTaskOffload' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:28:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad604cf-5324-47a7-b121-4717950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:29:35.000Z", "modified": "2018-04-17T14:29:35.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'DisplayName' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:29:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad604f8-dd50-4b52-9771-4024950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:30:16.000Z", "modified": "2018-04-17T14:30:16.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'St' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:30:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6050d-ee58-4332-b5df-4b28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:30:37.000Z", "modified": "2018-04-17T14:30:37.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'St' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:30:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60529-26b8-4106-a709-41da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:31:05.000Z", "modified": "2018-04-17T14:31:05.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'Start' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:31:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad60569-4b3c-4e88-b761-42c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:32:09.000Z", "modified": "2018-04-17T14:32:09.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'ErrorControl' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:32:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6058c-5b7c-4b6e-9ba7-4cdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:32:44.000Z", "modified": "2018-04-17T14:32:44.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'WOW64' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad605a9-8c94-486a-bf56-4b33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:33:13.000Z", "modified": "2018-04-17T14:33:13.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'Group' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:33:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad605c4-f4c4-4066-8c84-41a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-17T14:33:40.000Z", "modified": "2018-04-17T14:33:40.000Z", "description": "Win.Dropper.Mikey-6502276-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'Type' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-17T14:33:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f828-d124-4a8a-b98c-486c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:48:20.000Z", "modified": "2018-04-18T07:48:20.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:48:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f8ba-c420-4555-b293-4d40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:50:18.000Z", "modified": "2018-04-18T07:50:18.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Tracing\\\\FWCFG' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:50:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f91a-2de4-4254-9d2c-4a3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:51:54.000Z", "modified": "2018-04-18T07:51:54.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\qagent\\\\traceIdentifier' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:51:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f9bb-17b8-45f7-95c1-4b2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:54:35.000Z", "modified": "2018-04-18T07:54:35.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\NAP\\\\Netsh' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:54:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f9e4-6c78-41af-a9b3-4281950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:55:16.000Z", "modified": "2018-04-18T07:55:16.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Notify\\\\host2lc' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:55:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6f9fc-db4c-4b83-bf35-4316950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:55:40.000Z", "modified": "2018-04-18T07:55:40.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\qagent' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:55:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6fa19-558c-4a98-acec-4b42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T07:56:09.000Z", "modified": "2018-04-18T07:56:09.000Z", "description": "Win.Dropper.Neutrinopos-6500704-1", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\NAP\\\\Netsh\\\\Napmontr' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T07:56:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad7118c-1138-4b45-8e7d-459f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T09:36:12.000Z", "modified": "2018-04-18T09:36:12.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\HANDSHAKE\\\\{E5EC135A-79D5-4595-A051-FFFB0E1F7FB4}' AND windows-registry-key:values[0].data = 'data' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T09:36:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad711dd-2f60-48cb-8064-47a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T09:37:33.000Z", "modified": "2018-04-18T09:37:33.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\COMPATIBILITYADAPTER\\\\SIGNATURES' AND windows-registry-key:values[0].data = 'aybbmte.job.fp' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T09:37:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad7141a-7b48-45e6-b995-4900950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T09:47:06.000Z", "modified": "2018-04-18T09:47:06.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\COMPATIBILITYADAPTER\\\\SIGNATURES' AND windows-registry-key:values[0].data = 'aybbmte.job' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T09:47:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad71704-9bf0-4378-bb92-4080950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T09:59:32.000Z", "modified": "2018-04-18T09:59:32.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TREE\\\\AYBBMTE' AND windows-registry-key:values[0].data = 'Index' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T09:59:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad71723-79f0-4756-a2b4-476f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T10:00:03.000Z", "modified": "2018-04-18T10:00:03.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TREE\\\\AYBBMTE' AND windows-registry-key:values[0].data = 'Id' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T10:00:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad71760-a4ac-4bbf-be00-4450950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T10:01:04.000Z", "modified": "2018-04-18T10:01:04.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'DynamicInfo' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T10:01:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad7178f-2830-42b7-b039-4712950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T10:01:51.000Z", "modified": "2018-04-18T10:01:51.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'Path' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCC']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T10:01:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad717a7-fb54-41c9-b567-47a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T10:02:15.000Z", "modified": "2018-04-18T10:02:15.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'Hash' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T10:02:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad736e3-c084-4e9a-b288-7b76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:15:31.000Z", "modified": "2018-04-18T12:15:31.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'Triggers' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:15:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73722-7364-4e67-9abd-20c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:16:34.000Z", "modified": "2018-04-18T12:16:34.000Z", "description": "Win.Dropper.Shipup-6503419-0", "pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\HANDSHAKE\\\\{E5EC135A-79D5-4595-A051-FFFB0E1F7FB4}' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:16:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73ecf-f4a4-48dd-bc42-7ba2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:49:19.000Z", "modified": "2018-04-18T12:49:19.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\ControlSet001\\\\Services\\\\xkqrdots' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:49:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad73ef5-ea08-492d-9124-219b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-18T12:49:57.000Z", "modified": "2018-04-18T12:49:57.000Z", "description": "Win.Packed.Tofsee-6504793-0", "pattern": "[windows-registry-key:key = '\\\\Control Panel\\\\Buses' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKU']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-18T12:49:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e803fec-57d0-4a64-bffa-8c406bfa4df8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:05.000Z", "modified": "2018-04-20T09:08:05.000Z", "pattern": "[file:hashes.MD5 = '7de3b44801868f8da4e983f9818f1e0b' AND file:hashes.SHA1 = '48f0481cbf046c32f240376aaf5d5dd5d4d90e13' AND file:hashes.SHA256 = 'e981fd64b4c1f1d50cdf3f21d3cd07dfb04dec58c518bee8697a187069997498']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1d03fb64-13be-4f35-87e1-ad4700b35b8c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:03.000Z", "modified": "2018-04-20T09:08:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-24T01:51:21", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adf3-f334-4561-9f0a-468a02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e981fd64b4c1f1d50cdf3f21d3cd07dfb04dec58c518bee8697a187069997498/analysis/1508809881/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adf3-74b0-471d-95d5-4a7b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adf4-3420-46f9-8c26-444102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d4884a7-3654-4522-9024-5916811aa592", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:07.000Z", "modified": "2018-04-20T09:08:07.000Z", "pattern": "[file:hashes.MD5 = '0e42f545f20a7066e80b1cb0ee73c00a' AND file:hashes.SHA1 = '880afff080d249f26514e4d26a8211d43f7ca1fe' AND file:hashes.SHA256 = '1ca88b2c00b625bf596b93abafae873a6aec5bf1afeee1e116dc402cae69f83a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b4b37264-5f7b-43ed-9857-782b9d942a9d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:05.000Z", "modified": "2018-04-20T09:08:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T01:46:22", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adf5-1ee0-4033-a947-466402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1ca88b2c00b625bf596b93abafae873a6aec5bf1afeee1e116dc402cae69f83a/analysis/1508895982/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adf6-3c4c-48f6-a875-4a4e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adf6-7d1c-4aa2-9e17-47ea02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5665818-45ad-4e55-872a-d64f9564f57c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:09.000Z", "modified": "2018-04-20T09:08:09.000Z", "pattern": "[file:hashes.MD5 = '053e2d245b3192f430ee06c33865f531' AND file:hashes.SHA1 = '120718cc4ca8df9dd7b11108e632bb7b0981f2ce' AND file:hashes.SHA256 = '174286f1a0bd66552237da989be39ef821b11fc6acccef5eabc00448991d1876']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e2c5a4be-2cfe-4eed-8a62-52f5a8918745", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:07.000Z", "modified": "2018-04-20T09:08:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-31T09:17:46", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9adf8-b854-462a-bb6a-464f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/174286f1a0bd66552237da989be39ef821b11fc6acccef5eabc00448991d1876/analysis/1509441466/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9adf8-5e7c-4bc2-b802-4a5602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9adf8-7490-4581-9e8d-472d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce15aa39-ec50-4981-8929-3019908b5ceb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:11.000Z", "modified": "2018-04-20T09:08:11.000Z", "pattern": "[file:hashes.MD5 = 'ee9803dab96dba5f4acc1323d9dfc2c3' AND file:hashes.SHA1 = 'b4d3075cf211fca5556a5ceb4e59672052860a43' AND file:hashes.SHA256 = '85d0021f75a2d312a27bc1c17702d09520006aff590d439a90d8045d2325a04e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--00da20c8-dd00-4c56-bfb0-46add8af6839", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:10.000Z", "modified": "2018-04-20T09:08:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-25T00:10:35", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adfa-126c-4d15-9e77-469902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/85d0021f75a2d312a27bc1c17702d09520006aff590d439a90d8045d2325a04e/analysis/1514160635/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adfa-5e68-4ff7-859b-4eb902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adfb-4c28-42b5-b992-4cd002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c88e6ef-671c-48e1-a0d0-9932be1a8cc5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:14.000Z", "modified": "2018-04-20T09:08:14.000Z", "pattern": "[file:hashes.MD5 = '01cb31d2516e8a3e4d4340dd698809ad' AND file:hashes.SHA1 = 'db2c7e74092e6a4499fb8bfe53985850f2121c0b' AND file:hashes.SHA256 = '41bf7b4e4d7a87395cc8867e026ed9d586830420a70325a672d07ea9c1a351e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--452c6b20-11a0-41ca-bc89-a8e7de5f2779", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:12.000Z", "modified": "2018-04-20T09:08:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T22:32:22", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9adfc-fe08-4477-a286-40e902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41bf7b4e4d7a87395cc8867e026ed9d586830420a70325a672d07ea9c1a351e0/analysis/1518993142/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9adfc-7b98-45ee-b7b7-472502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9adfd-1cbc-4301-a0fd-47c502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f128ac41-042d-495c-939c-11d3d83d1b19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:16.000Z", "modified": "2018-04-20T09:08:16.000Z", "pattern": "[file:hashes.MD5 = '8d0fb621ee78ad8e35aa4965cbf4e475' AND file:hashes.SHA1 = '9b3389de25b4f5248760ad9c520d4e52db0c0b9e' AND file:hashes.SHA256 = 'ba0a2f6e001bc9c02ee8c5fbcd6cceaa74ced5ec058dfda71623146f06ff2490']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--05cc5c9e-5cf4-406f-8a8e-c7653cb7dcb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:14.000Z", "modified": "2018-04-20T09:08:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-26T13:23:04", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adfe-8ad8-4d9d-81ec-45fc02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ba0a2f6e001bc9c02ee8c5fbcd6cceaa74ced5ec058dfda71623146f06ff2490/analysis/1509024184/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adff-a1d4-453c-a066-492d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9adff-7ff8-49cf-86bb-46b702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0f188cf-3ab6-4014-9327-4c09757acf99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:18.000Z", "modified": "2018-04-20T09:08:18.000Z", "pattern": "[file:hashes.MD5 = '0a2f5b366536bf0d7c2d9bcf04ba0281' AND file:hashes.SHA1 = 'e7ca93029ce7c3e83cfbf2f5ee97e0e813092c29' AND file:hashes.SHA256 = '4696ddd4a7ed96a86a09413f14657c7e01053213f6f1f6008a3a3bbe4fe45229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--08068585-edc1-40fa-a64d-5080ad1e0311", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:16.000Z", "modified": "2018-04-20T09:08:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-22T01:57:24", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae00-f274-4da3-868e-47c502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4696ddd4a7ed96a86a09413f14657c7e01053213f6f1f6008a3a3bbe4fe45229/analysis/1519264644/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae01-956c-403d-b41c-471802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae01-c770-49a8-ae00-4f8602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--efdd79ca-bfbd-425d-816a-1de5a615d4f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:20.000Z", "modified": "2018-04-20T09:08:20.000Z", "pattern": "[file:hashes.MD5 = '969552b1ace8c8b73aa1e65a7b5cdaed' AND file:hashes.SHA1 = '592b6d0d075e3f724cca9115a0f678984206e6a9' AND file:hashes.SHA256 = '877d9c4195c38a9dc55c472f7c72ec3d6ad0d95a544458a2050edf22df3aac5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ee5376c5-6962-420f-aec1-e6ac03cf5ab3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:19.000Z", "modified": "2018-04-20T09:08:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T07:51:34", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae03-c13c-4e90-ae0e-498f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/877d9c4195c38a9dc55c472f7c72ec3d6ad0d95a544458a2050edf22df3aac5c/analysis/1512892294/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae03-456c-49b4-9af0-4ba002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae03-1e80-4f54-9937-493d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--513cd9b4-6715-4444-81de-c6d9f0a86318", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:22.000Z", "modified": "2018-04-20T09:08:22.000Z", "pattern": "[file:hashes.MD5 = '049be07740c4928fec7cee21a07cc414' AND file:hashes.SHA1 = 'bd1c84b7fa1baefcede8e4be89b7cc73001ca3f2' AND file:hashes.SHA256 = '6b6eb4cc4aa8e3d71a97a8657ffcd27d2bd12466faf3b1f7fcbcd274a4b9561c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f7d51df1-5efb-42cb-891d-24f914eb835f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:21.000Z", "modified": "2018-04-20T09:08:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T17:36:46", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae05-5334-407f-90e6-4f7b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b6eb4cc4aa8e3d71a97a8657ffcd27d2bd12466faf3b1f7fcbcd274a4b9561c/analysis/1511199406/", "category": "External analysis", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae05-f330-47b6-a1a5-46de02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/68", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae06-2b38-409c-9b60-4f4802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8009eae4-08fe-4674-8c61-3d790fdeb86a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:25.000Z", "modified": "2018-04-20T09:08:25.000Z", "pattern": "[file:hashes.MD5 = 'aa971830a71ac5ed72a41008e817d68e' AND file:hashes.SHA1 = '545674151c18be26a234873cabd26836a0304aab' AND file:hashes.SHA256 = 'a854a9702c14be3508d35873e80577ee9b1296c993ee2a4269c283884775564e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--13ef15ad-c73c-4ae3-b7bb-4827d33f81f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:23.000Z", "modified": "2018-04-20T09:08:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-24T06:39:27", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae07-ab30-4947-8ef5-4a0d02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a854a9702c14be3508d35873e80577ee9b1296c993ee2a4269c283884775564e/analysis/1514097567/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae08-3c50-4be5-899c-44d802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae08-5524-4061-b587-44c002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1f3104e-c6b4-4111-a006-5c69509c7f75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:27.000Z", "modified": "2018-04-20T09:08:27.000Z", "pattern": "[file:hashes.MD5 = 'c106bebb5cc2b4e9787c6f81159ae21b' AND file:hashes.SHA1 = 'dba4bbb120f9ef22c58d4570c86a89514ebfbc8a' AND file:hashes.SHA256 = '683339b58c7cbc066f84c625efa0248eb89bfcd24de916f5fe600c33867084e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b7e219d4-82e9-40f3-9812-d833f1c4bf60", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:25.000Z", "modified": "2018-04-20T09:08:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T13:16:52", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae09-a990-4e1c-9324-44a602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/683339b58c7cbc066f84c625efa0248eb89bfcd24de916f5fe600c33867084e7/analysis/1512911812/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae0a-eec0-4d8b-bb6e-498b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae0a-e9b4-4877-8b86-43a002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73ac235c-e3db-4617-a968-47e2ea6f6b8b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:29.000Z", "modified": "2018-04-20T09:08:29.000Z", "pattern": "[file:hashes.MD5 = 'd5d05a6827c5dfff19ae5726295afef7' AND file:hashes.SHA1 = '0763ddfca3fedcbadbf91f2946d6701e7425e7de' AND file:hashes.SHA256 = '1d7a1a4181706379a7f80ed926c47cb0ebc7beb953739c9b41cec20093c63914']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--279cd6bd-aa55-47a5-af76-2826253108bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:27.000Z", "modified": "2018-04-20T09:08:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-12T07:16:27", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae0c-5634-4b92-a9d0-426b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1d7a1a4181706379a7f80ed926c47cb0ebc7beb953739c9b41cec20093c63914/analysis/1520838987/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae0c-4534-4495-95c4-49c302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae0c-55fc-4eee-8e29-4a5b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2119423-0173-4009-b875-e913f911653d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:31.000Z", "modified": "2018-04-20T09:08:31.000Z", "pattern": "[file:hashes.MD5 = 'f361c249ee3d8f4e5aa365e7dc8eb1cb' AND file:hashes.SHA1 = '6f6eaee7ae811898f9e9bb30715ae3d8303c7687' AND file:hashes.SHA256 = 'b1d0bfdd95f168cea0df0e138ee627cb7feb0a26ac7a736baa031547bb6fb08d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--47f144bd-561a-4e14-b508-d7313f28add9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:30.000Z", "modified": "2018-04-20T09:08:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-12T07:33:00", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae0e-e674-40c7-940e-431902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b1d0bfdd95f168cea0df0e138ee627cb7feb0a26ac7a736baa031547bb6fb08d/analysis/1520839980/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae0e-f470-4517-ae95-43f102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/65", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae0e-194c-447d-a78f-4fac02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--526cfc6f-1c12-422e-89ba-f6de05aab48f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:33.000Z", "modified": "2018-04-20T09:08:33.000Z", "pattern": "[file:hashes.MD5 = '6ed420bce873b34153f076776fe6b91d' AND file:hashes.SHA1 = '43d1813f848e5d1fa639a8b09c964e33e95d8dee' AND file:hashes.SHA256 = 'f68b0c32da95c0fb06c4cefb992e1a0039afed32f6cfcef083db39a0702a06c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--42544fa3-e8aa-4f6b-8869-2b12571c968f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:32.000Z", "modified": "2018-04-20T09:08:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-26T12:15:21", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae10-23d8-4329-899e-4f4b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f68b0c32da95c0fb06c4cefb992e1a0039afed32f6cfcef083db39a0702a06c7/analysis/1509020121/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae10-aecc-4bf8-a63b-46ee02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae11-aa7c-442e-ac2f-4aa102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68952c57-5f30-4f16-b04a-6cadc596e4c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:36.000Z", "modified": "2018-04-20T09:08:36.000Z", "pattern": "[file:hashes.MD5 = 'd939dc2d8297c32805f7182f13c56891' AND file:hashes.SHA1 = '1c2c3f3d4efe36ab51263a502a4670c444041121' AND file:hashes.SHA256 = '1a1144444adb05aee9ef8adfb3c892a97d32b870d1ee300975a5f3597f2ed638']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0745ebfe-aea5-421a-8e0f-0c298339d924", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:34.000Z", "modified": "2018-04-20T09:08:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-28T17:04:59", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae12-a7ec-4bed-9096-417e02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1a1144444adb05aee9ef8adfb3c892a97d32b870d1ee300975a5f3597f2ed638/analysis/1509210299/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae12-9bc8-498f-82da-457802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae13-6edc-43e2-8ca0-4bd502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d22be2e-b385-4542-bafd-8cda3281f8af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:38.000Z", "modified": "2018-04-20T09:08:38.000Z", "pattern": "[file:hashes.MD5 = '0236820e0e54b9db96afebbee3719673' AND file:hashes.SHA1 = 'ab279e125a2aa2cd86934da9f27d36184a01813f' AND file:hashes.SHA256 = 'f1dbfaf0378434cd1758feaabe050171df1c234ddc6215df494c6592a9e92547']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6c18a448-9381-44bb-b7ba-97b81413fc84", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:36.000Z", "modified": "2018-04-20T09:08:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T10:09:16", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae14-fa3c-46a3-8735-48c702de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f1dbfaf0378434cd1758feaabe050171df1c234ddc6215df494c6592a9e92547/analysis/1518948556/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae15-dd90-4fb2-aa92-45a402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae15-a610-474e-a15f-483102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0b5debd-236b-418d-8531-a3bca58059e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:40.000Z", "modified": "2018-04-20T09:08:40.000Z", "pattern": "[file:hashes.MD5 = '13d7c9aacc6ff7e6da96c31a8a48d70d' AND file:hashes.SHA1 = 'edcf28f99ac96b162385a63b4a323b8167ad6808' AND file:hashes.SHA256 = '7bc897c2c55ff708cbccff1461d2406aaef7953686817bd2d6a39ad58af393f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4d5cd1b8-e117-411c-afae-a3d69e619e90", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:38.000Z", "modified": "2018-04-20T09:08:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T12:07:53", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae17-a4f4-45e1-adc5-458a02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7bc897c2c55ff708cbccff1461d2406aaef7953686817bd2d6a39ad58af393f9/analysis/1512907673/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae17-5350-4dd2-94b9-432602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/67", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae17-5154-46c5-8a3c-425902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa497e72-a431-479b-8077-5ac653a7ef21", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:42.000Z", "modified": "2018-04-20T09:08:42.000Z", "pattern": "[file:hashes.MD5 = '4ca8f7fc1d0e14356266b2a0297bbefa' AND file:hashes.SHA1 = '7079a3f9b57f039d8ab418ea51867e87fc5faf46' AND file:hashes.SHA256 = '33ab8e652c16836caf3b22518485757f417fab73a92e916f0c6aaf27b57f3be4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--451113c2-f016-43ed-a80e-dd42f3b61bf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:41.000Z", "modified": "2018-04-20T09:08:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-16T16:17:53", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae19-2738-4b6c-aa71-4c1402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/33ab8e652c16836caf3b22518485757f417fab73a92e916f0c6aaf27b57f3be4/analysis/1521217073/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae19-64ec-4e85-bd29-45e002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/67", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1a-1c80-4eef-8068-415102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1283755-9512-4fb4-952b-2f4d65e1281e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:45.000Z", "modified": "2018-04-20T09:08:45.000Z", "pattern": "[file:hashes.MD5 = '13cbd91b4636b937355217faefe28355' AND file:hashes.SHA1 = 'b7e552c45906412cfb5aeac079fe8d3aadfe178d' AND file:hashes.SHA256 = 'db5b0bb4d05292e6649fa84f076195d7a0cfb15516ce386f214dc2dd96a5e467']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--24d66f9a-7b0a-4668-8c5c-6ca6050b9148", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:43.000Z", "modified": "2018-04-20T09:08:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-15T05:29:05", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1b-3b48-446c-9630-411502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/db5b0bb4d05292e6649fa84f076195d7a0cfb15516ce386f214dc2dd96a5e467/analysis/1518672545/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1b-c150-46d8-8c3c-439d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/67", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1c-6208-47d0-ae52-48d602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9942e1a6-6aff-4d41-9c65-ac96ad725488", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:47.000Z", "modified": "2018-04-20T09:08:47.000Z", "pattern": "[file:hashes.MD5 = 'ccd6b858459e00abf2a59da56ba85bc6' AND file:hashes.SHA1 = '16b6585515546689f69111d049bf01b357c2145a' AND file:hashes.SHA256 = '0a6cabedfabfbab3fba2057d30b1faab2f1b2d2d47a6227aa3b677af45f92da2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ea2d92b0-2297-4284-9a47-20f003e7649f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:45.000Z", "modified": "2018-04-20T09:08:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T07:37:35", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1d-4ad4-4163-99a0-43ab02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0a6cabedfabfbab3fba2057d30b1faab2f1b2d2d47a6227aa3b677af45f92da2/analysis/1512891455/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1e-6f3c-484b-be5a-486502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae1e-0378-4b36-b421-466f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef41bd1f-8663-4df6-a8f0-a32f05ee2929", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:49.000Z", "modified": "2018-04-20T09:08:49.000Z", "pattern": "[file:hashes.MD5 = '01721c6ccbbb56f63476aa17a3cb7dba' AND file:hashes.SHA1 = 'e537d1bc24836778059e89a891232feef7529fc0' AND file:hashes.SHA256 = '6c8ca3ba14ee685739ea32a3ddc613d4544c69194a97c55365c570c053609938']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c7efea86-38e8-48f9-bbf4-7ed8e0cccd7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:47.000Z", "modified": "2018-04-20T09:08:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T22:26:07", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae1f-cd24-49ed-87b1-44a402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6c8ca3ba14ee685739ea32a3ddc613d4544c69194a97c55365c570c053609938/analysis/1518992767/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae20-afb0-4b11-8083-4c9902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "17/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae20-1328-49ca-8f7a-42c702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--40076ee5-8c95-4b32-830d-016ea2cebaf2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:51.000Z", "modified": "2018-04-20T09:08:51.000Z", "pattern": "[file:hashes.MD5 = '02d70e303afff2a186d4459bf384ddc7' AND file:hashes.SHA1 = 'b71a6988660ac18b1ad6fe0667f958727eaed6ec' AND file:hashes.SHA256 = 'e586da2bd9fd73223281176033b97e6e4e137249f9aff8430004099b31508e12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b50d528-62f5-4f78-9df4-40a2e5a095bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:49.000Z", "modified": "2018-04-20T09:08:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T16:34:15", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae22-c1b0-48a7-bec9-4a3602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e586da2bd9fd73223281176033b97e6e4e137249f9aff8430004099b31508e12/analysis/1518971655/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae22-d2dc-4c72-97e4-429a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae22-13b4-492b-a28a-4f3e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4ce6a07-a96e-491d-912d-93b9c2853c3b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:53.000Z", "modified": "2018-04-20T09:08:53.000Z", "pattern": "[file:hashes.MD5 = '989c3e07b6440efd432220e312e8df1d' AND file:hashes.SHA1 = '5714754b2d8dd7976d78a76fe846888857510cb4' AND file:hashes.SHA256 = '4605f6041d93c6390c1ed856336c01a6cf3982bea1987c6de846752ca7006882']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--35102d8f-3918-45f0-b06f-e56249794342", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:52.000Z", "modified": "2018-04-20T09:08:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-01T05:29:50", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae24-a9d0-4089-9a0e-4d1b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4605f6041d93c6390c1ed856336c01a6cf3982bea1987c6de846752ca7006882/analysis/1512106190/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae24-c3b0-49cc-8270-4afb02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "15/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae25-5fd4-44b7-8a91-4e7102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f93d9038-ecd3-4445-86e9-3887a797a5b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:56.000Z", "modified": "2018-04-20T09:08:56.000Z", "pattern": "[file:hashes.MD5 = 'd4ecd35ba98595ce86442c472ef2113d' AND file:hashes.SHA1 = '78dc8028af915547543310b96a79e69b861da70a' AND file:hashes.SHA256 = '9af34cdb7f0b01c044fdeb64f0b733d78e8b9be854c4beeee679f8ee083530b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c3c3c27-41c9-4498-be03-8b7e20ef7a01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:54.000Z", "modified": "2018-04-20T09:08:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-12T07:32:52", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae26-34a0-4acc-ac8b-4da302de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9af34cdb7f0b01c044fdeb64f0b733d78e8b9be854c4beeee679f8ee083530b1/analysis/1520839972/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae26-a024-49db-bf24-4c6d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae27-524c-48ac-9c62-4bc102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a801296-d29c-4f5f-8b79-cb38789995ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:58.000Z", "modified": "2018-04-20T09:08:58.000Z", "pattern": "[file:hashes.MD5 = '00613dd1637c16fe5abc5a7d3e838626' AND file:hashes.SHA1 = 'bec0a96f3877b587656be58aef2da475032343ec' AND file:hashes.SHA256 = 'b622971e681f9e2fa5f84bfcb9e7144b6198d3fb554de8d4488117ca1e3f51c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b23c1243-8546-43e6-b6ac-bdc9a52e5bd4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:56.000Z", "modified": "2018-04-20T09:08:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-19T10:40:33", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae28-76e0-4b5d-ae74-4b7602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b622971e681f9e2fa5f84bfcb9e7144b6198d3fb554de8d4488117ca1e3f51c8/analysis/1519036833/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae28-8394-4662-bb83-4e5402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae29-1478-464c-962e-422902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9b13b31-1a5d-4a7e-a46f-d8dea222c73f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:00.000Z", "modified": "2018-04-20T09:09:00.000Z", "pattern": "[file:hashes.MD5 = '36661ea762fcfb7bfee99a90696c5caa' AND file:hashes.SHA1 = '16ec8afa964a524f40e4dcfd285415c299a3315d' AND file:hashes.SHA256 = '4632c1023c0baaa1e227defd4923098c4f3c49317964ff1cb088b40b9df7a605']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--edd1a003-7c62-43a9-a8a4-f00159990874", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:08:58.000Z", "modified": "2018-04-20T09:08:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-01T02:32:20", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae2a-e654-4195-987e-440f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4632c1023c0baaa1e227defd4923098c4f3c49317964ff1cb088b40b9df7a605/analysis/1509503540/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae2b-c284-4c8e-8e2b-452802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae2b-9ff0-4b9e-8f92-4edd02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9766aaf4-2b4d-42a8-b271-07a8430ff750", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:02.000Z", "modified": "2018-04-20T09:09:02.000Z", "pattern": "[file:hashes.MD5 = '32e4fc7790f9c8a19967fad355bd6a3a' AND file:hashes.SHA1 = '99543608d4ae2ffb43b3742f671a5574121a8189' AND file:hashes.SHA256 = '84c269a1661a987058f51dea4644ec2703b28170324fbeab6920e40ad1a05a54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9f9e8c03-a143-42d7-b717-70ed7682d916", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:00.000Z", "modified": "2018-04-20T09:09:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-08T13:10:41", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae2c-4b28-46f2-bd85-45f002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84c269a1661a987058f51dea4644ec2703b28170324fbeab6920e40ad1a05a54/analysis/1512738641/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae2d-181c-4011-8045-414e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae2d-4b14-4932-9aa4-4d7202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de30466c-306a-4ff8-a134-3016bd00c2da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:04.000Z", "modified": "2018-04-20T09:09:04.000Z", "pattern": "[file:hashes.MD5 = '015fd37556083555fe11ad6dd0a144e0' AND file:hashes.SHA1 = '57fb04b626594b1ef374073a4c4f85dfd4dd4543' AND file:hashes.SHA256 = '79a50327843a8ccf58147971d1c86945f9a40cd0d4ee35084b8af26c9f5ab210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d77bdd19-aec1-4b36-b72e-1d67bb46e2ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:02.000Z", "modified": "2018-04-20T09:09:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-21T01:16:39", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae2f-3948-448d-a6b1-4dc902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/79a50327843a8ccf58147971d1c86945f9a40cd0d4ee35084b8af26c9f5ab210/analysis/1513818999/", "category": "External analysis", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae2f-4b8c-4788-b869-4da302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "60/68", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae2f-562c-455b-822d-40d002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be24abb2-78bb-4d0a-9dff-b8d9d47ac518", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:06.000Z", "modified": "2018-04-20T09:09:06.000Z", "pattern": "[file:hashes.MD5 = '91bea40c811de97826177159d8bbdde1' AND file:hashes.SHA1 = '307eced0088f03a1c535a050f794e49e3cb6e248' AND file:hashes.SHA256 = 'ff5d541f260063a88b04a892cacfb3bcb13b8dd83c5f29ed5000737dbd6662c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7988c9d7-a714-433c-a302-4a38a99896d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:05.000Z", "modified": "2018-04-20T09:09:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-03T06:07:20", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae31-a5f4-49fa-b6ea-4a9002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ff5d541f260063a88b04a892cacfb3bcb13b8dd83c5f29ed5000737dbd6662c4/analysis/1509689240/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae31-353c-4587-b6d7-4b0102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/67", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae31-c894-448e-a5a1-409b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff8766ca-b4b6-4c3d-a8db-7c64fa5d5166", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:08.000Z", "modified": "2018-04-20T09:09:08.000Z", "pattern": "[file:hashes.MD5 = '665a7013308c25b7b08173d58218e34c' AND file:hashes.SHA1 = '37998b9399096642ec6f961f9354f9dea4a067de' AND file:hashes.SHA256 = 'afcdd2fda5b3c9e78a977df31be307ea7323b746e07e35e4d3c39a3a3f4b4b79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--82da5b6c-dc6e-4612-be44-ee4bbd7a65e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:07.000Z", "modified": "2018-04-20T09:09:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-13T06:17:05", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae33-fd64-4d58-b52b-43af02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/afcdd2fda5b3c9e78a977df31be307ea7323b746e07e35e4d3c39a3a3f4b4b79/analysis/1513145825/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae33-d254-4069-8602-472202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae34-5250-4d4e-bb7c-4dd302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c33e937c-3313-4bd8-9d42-8a213ad27271", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:11.000Z", "modified": "2018-04-20T09:09:11.000Z", "pattern": "[file:hashes.MD5 = '0f102fc1cc92f69ee36e08fcdd3e1968' AND file:hashes.SHA1 = 'a0d18993251ae90c83bf97008cf08d35188a6714' AND file:hashes.SHA256 = '0863bf4a5476b5de02a15c3bdec1604c7d8ab7c8ca1c0546edf2f16a756e0d8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a9affe73-79d3-46e1-9175-550e62f9d545", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:09.000Z", "modified": "2018-04-20T09:09:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-19T06:10:40", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae35-3bb0-4f2c-9dbf-462d02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0863bf4a5476b5de02a15c3bdec1604c7d8ab7c8ca1c0546edf2f16a756e0d8f/analysis/1519020640/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae35-dee8-41d8-9da0-400a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/68", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae36-dcfc-45e2-bc0a-4c5402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e70ded6-3a06-4520-86d4-77316815da01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:13.000Z", "modified": "2018-04-20T09:09:13.000Z", "pattern": "[file:hashes.MD5 = 'f4c9124b5e37043d05d2d30f63a86c82' AND file:hashes.SHA1 = '2348d1cf008df2d9a6a438cbfb576751bca00ab2' AND file:hashes.SHA256 = '05be7b2de818dcb358a4f24d6050ae2b91d728c80a8af279894b5e701b060926']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a6d5940d-d687-4031-89c7-d527a7cb1083", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:11.000Z", "modified": "2018-04-20T09:09:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-03T10:13:57", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae37-a758-4f42-a1b5-4ac502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/05be7b2de818dcb358a4f24d6050ae2b91d728c80a8af279894b5e701b060926/analysis/1512296037/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae38-70a0-4c3d-9205-4aa902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae38-5868-462c-83ce-4cfc02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31abe87c-b601-4581-ba6c-55e716214d8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:15.000Z", "modified": "2018-04-20T09:09:15.000Z", "pattern": "[file:hashes.MD5 = '06475fb6c697ecbe07baad0014d507f5' AND file:hashes.SHA1 = '92ead94fed5ef97166bf31b318400dc83f7c5b69' AND file:hashes.SHA256 = '404746279f7d963489d1d7d2d9be4bd1b1dd82e81e21f6ebf09091ee7b059988']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d6f9fda9-bb3e-4a6d-951a-ef2b7b91810b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:13.000Z", "modified": "2018-04-20T09:09:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T20:48:11", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae39-6620-4763-88fc-416b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/404746279f7d963489d1d7d2d9be4bd1b1dd82e81e21f6ebf09091ee7b059988/analysis/1518986891/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae3a-2eb0-414c-8a80-4d8702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/66", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae3a-4b58-45f3-aaf4-487f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea39a79f-3211-4917-8ba8-11798108d030", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:17.000Z", "modified": "2018-04-20T09:09:17.000Z", "pattern": "[file:hashes.MD5 = '05d7f6cb4e4711de53515e9587442dee' AND file:hashes.SHA1 = '662ac4eebb5060027016d9875594832741d0e687' AND file:hashes.SHA256 = '739f27ac00dc449895f589ff28e86d78ea17ca298ffc0b40021136d7c77ed679']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--36ca324b-a75e-40dc-a318-a368d201799b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:15.000Z", "modified": "2018-04-20T09:09:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-20T20:11:38", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae3c-d11c-4ab2-891e-461102de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/739f27ac00dc449895f589ff28e86d78ea17ca298ffc0b40021136d7c77ed679/analysis/1519157498/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae3c-6900-4f73-a658-413902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/68", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae3c-0fd0-42c7-9d0a-41e902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba5fa1e3-8824-42b7-8158-8885efa936dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:19.000Z", "modified": "2018-04-20T09:09:19.000Z", "pattern": "[file:hashes.MD5 = '4ef158b4573016629ad7e98ac8745bf6' AND file:hashes.SHA1 = '8084b94e5dfab7e19e9f55c20f66db700af70949' AND file:hashes.SHA256 = 'b4abd9556f093b7d80bdc755d502917310a807d5ee9d9f9bac19bb0c8d596dbc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4b6521e7-b216-4bb7-8b2e-d03294f7a176", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:18.000Z", "modified": "2018-04-20T09:09:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-15T17:54:15", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae3e-63d0-4db0-b37d-445902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b4abd9556f093b7d80bdc755d502917310a807d5ee9d9f9bac19bb0c8d596dbc/analysis/1521136455/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae3e-5d90-463c-84d7-4e6f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae3f-8b5c-4898-bf08-4c7902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--049ddb48-7266-48ef-946e-c19acf93d44b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:22.000Z", "modified": "2018-04-20T09:09:22.000Z", "pattern": "[file:hashes.MD5 = '86e461c77c398bf314605556bb03cd9d' AND file:hashes.SHA1 = 'd29cbf86f56d0cddab991028f941f05d49a2b1e3' AND file:hashes.SHA256 = '3431065d2208123137714d2d432427d33cff576d202e1fc7ea2990b21847cce1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--44a5a106-6496-434f-837c-f4b710cbcfac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:20.000Z", "modified": "2018-04-20T09:09:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-29T04:35:23", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae40-9f4c-457a-a137-416c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3431065d2208123137714d2d432427d33cff576d202e1fc7ea2990b21847cce1/analysis/1511930123/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae40-d0e0-400c-906f-45ca02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae41-0e90-4b0b-bbe6-47dd02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--797ea4f5-30c7-40ac-baf6-28db7149f503", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:24.000Z", "modified": "2018-04-20T09:09:24.000Z", "pattern": "[file:hashes.MD5 = 'd29bf2c7365d0f4a381d34b088ba2796' AND file:hashes.SHA1 = 'e30e34e3a914de109585cd0421b5dec2ff7490aa' AND file:hashes.SHA256 = 'a10aefc70a3d3512cf54f74e39b3ee5cc5403c003179c57aeea7fb3895ed8ace']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1086f8ba-2d76-4d9b-b26a-5e18c595f194", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:22.000Z", "modified": "2018-04-20T09:09:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-01T05:25:35", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae42-e82c-411c-98bd-4a3302de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a10aefc70a3d3512cf54f74e39b3ee5cc5403c003179c57aeea7fb3895ed8ace/analysis/1512105935/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae43-aa5c-4cb2-948d-491202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae43-6948-438d-885e-4f4302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ed8ca28-2829-4ca6-ba71-03b2a41bf521", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:26.000Z", "modified": "2018-04-20T09:09:26.000Z", "pattern": "[file:hashes.MD5 = '00169225291abe1864627a2da79125a9' AND file:hashes.SHA1 = '7a589eb3487062f60ac1f98a309aed5227be1221' AND file:hashes.SHA256 = '0fee9d67ef1967d2bee1f67b1dc5ae24dff5d6dba17b9247e33b87f5bf6e6856']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d249aa60-eb0b-4861-a6b4-87b813998e73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:24.000Z", "modified": "2018-04-20T09:09:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-19T13:02:52", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae44-f018-47f9-9860-476102de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0fee9d67ef1967d2bee1f67b1dc5ae24dff5d6dba17b9247e33b87f5bf6e6856/analysis/1519045372/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae45-3300-49d4-ba64-4c0602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae45-4fe4-44d0-b467-4fd102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a91eac4f-7259-4a12-8838-2b0f051d6696", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:28.000Z", "modified": "2018-04-20T09:09:28.000Z", "pattern": "[file:hashes.MD5 = '0a72951f5e1ed79de9f470ba42cdd606' AND file:hashes.SHA1 = '2be592e359a630f45b5a59b5953c1cbe9c7b3308' AND file:hashes.SHA256 = '7b24f0523af239668ee8946c433c53d0c233b0290bbaca405885d39dff86fa1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6088b568-f7ad-4a41-a8d8-d4522a466ac9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:26.000Z", "modified": "2018-04-20T09:09:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-24T01:43:52", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae46-94e8-4d6d-a553-465402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7b24f0523af239668ee8946c433c53d0c233b0290bbaca405885d39dff86fa1f/analysis/1508809432/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae47-8418-427f-a911-442b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae47-61b8-48af-9fa8-4bbb02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6ea2fd2-8462-4e6f-9a19-cce766827d36", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:30.000Z", "modified": "2018-04-20T09:09:30.000Z", "pattern": "[file:hashes.MD5 = '9de2f18b09633a5aa822df9df7cd52d2' AND file:hashes.SHA1 = '4c244838fd8588e6cc4b5107067e0025a01d536f' AND file:hashes.SHA256 = '24281907f8904bf6b9af4116f52ae2ba8b4b97ce586cd3b2b2777a8f3c76c8cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--16acc5bd-90ec-431b-bbca-953b2b06ece8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:29.000Z", "modified": "2018-04-20T09:09:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-29T02:54:27", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae49-5570-40b2-887c-493f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/24281907f8904bf6b9af4116f52ae2ba8b4b97ce586cd3b2b2777a8f3c76c8cc/analysis/1511924067/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae49-7b60-4451-b72f-4d3002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae4a-0884-465b-a4a8-414e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecdf5094-5fc6-44c6-8c47-412f3bb5b255", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:33.000Z", "modified": "2018-04-20T09:09:33.000Z", "pattern": "[file:hashes.MD5 = 'fc1710d508e09f6744118738f7c90f63' AND file:hashes.SHA1 = 'c52e3af53b67c35337e5ef884b0ecfcd3b27ec20' AND file:hashes.SHA256 = 'e1e31a797b01f5f4ec694fb03d894e5ab331f41f3bc8c34bb407d390554bfe3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--98a86f21-1cc1-4708-9b3e-74e14dfe7f48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:31.000Z", "modified": "2018-04-20T09:09:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T15:10:25", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae4b-6fd0-48a8-9742-40e602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e1e31a797b01f5f4ec694fb03d894e5ab331f41f3bc8c34bb407d390554bfe3a/analysis/1512918625/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae4b-ea74-4327-be7f-43b002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae4c-2fc0-4c85-8407-455f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77cfb676-5e8d-4566-84e1-4e6817db2990", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:35.000Z", "modified": "2018-04-20T09:09:35.000Z", "pattern": "[file:hashes.MD5 = '4f08735aa600f1c9ac4ce5af469e994e' AND file:hashes.SHA1 = '70de718c364af5831fc7227d394df71424786f7f' AND file:hashes.SHA256 = 'df58773cc519e82a8beebeca8035018168cb3cb26aa491aae89c8d68cec835a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f604786f-c9dd-4c19-ab31-aa89044f4a1b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:33.000Z", "modified": "2018-04-20T09:09:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T01:50:14", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae4d-b868-4c41-89da-420b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/df58773cc519e82a8beebeca8035018168cb3cb26aa491aae89c8d68cec835a7/analysis/1508896214/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae4e-251c-4c14-82d0-45fe02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae4e-6888-49db-b19c-49bb02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96745ec9-e044-4f68-a3cb-383e0fa9f872", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:37.000Z", "modified": "2018-04-20T09:09:37.000Z", "pattern": "[file:hashes.MD5 = '0228d240888782fa29a9d1902986eeaa' AND file:hashes.SHA1 = '491ed32451e271c68726c60d47dd0e6d4e87da77' AND file:hashes.SHA256 = 'e616d1e7e2b6e1d4f1ac2fea3e2041b842d27f5de05ff941b5661997cfe8a856']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b55b4b48-6ba3-44f3-b8da-903bfd98ea29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:36.000Z", "modified": "2018-04-20T09:09:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T10:56:14", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae50-5950-45e6-941c-4ce502de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e616d1e7e2b6e1d4f1ac2fea3e2041b842d27f5de05ff941b5661997cfe8a856/analysis/1518951374/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae50-bd24-47dc-bc67-4bfb02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae50-fbf8-4ced-94fb-46bc02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f85b4db-24d4-40a8-a7d8-71d30219b53e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:39.000Z", "modified": "2018-04-20T09:09:39.000Z", "pattern": "[file:hashes.MD5 = '1a6c4aa20f4ec39be5ac38f409e10162' AND file:hashes.SHA1 = '92de724b963b3c1114a48040305bd1a60461d59b' AND file:hashes.SHA256 = '6bd49db136718b3cef01348bc839e206d566a1e1c32e0537be61dfa2ee87de6b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c55b37c5-82e6-4fc8-a929-4118f95504af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:38.000Z", "modified": "2018-04-20T09:09:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-08T13:07:14", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae52-1614-44e3-9bde-4f9702de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6bd49db136718b3cef01348bc839e206d566a1e1c32e0537be61dfa2ee87de6b/analysis/1512738434/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae52-70cc-4f5f-a3b5-4f5002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae53-744c-4f96-8fb7-4b0302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1852f268-9a82-42b0-8a9e-d7e52d16abbd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:42.000Z", "modified": "2018-04-20T09:09:42.000Z", "pattern": "[file:hashes.MD5 = '82233a133847696c7ddbdf5a1241be17' AND file:hashes.SHA1 = 'c13f5e7a55857f2297d3282d672fe1e10304d49d' AND file:hashes.SHA256 = '9b4536855237fe80447950bf86d1177489dbc1b231122e4a5d2157ba93c1b504']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f6ec3f23-3273-49b5-8dea-910fbcf248b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:40.000Z", "modified": "2018-04-20T09:09:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-20T01:25:42", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae54-2894-4246-a7ae-4a5002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9b4536855237fe80447950bf86d1177489dbc1b231122e4a5d2157ba93c1b504/analysis/1513733142/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae54-138c-49f6-9e5c-43d102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/66", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae55-e7b0-43dd-90d1-4e9702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37bf3b5d-cb41-409f-94e9-f50be725a4af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:44.000Z", "modified": "2018-04-20T09:09:44.000Z", "pattern": "[file:hashes.MD5 = '4472d7dcfc811e1b0da7d62fa3ce486b' AND file:hashes.SHA1 = 'ae79399cc079dbb20d6ab3b50b30236e9d015038' AND file:hashes.SHA256 = '86746d7dfa923b5b1e0e5a0d27f19eb40979dcf342f2fba01ccbb09175b9363c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f354861e-6452-4a92-a456-69b235657f4d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:42.000Z", "modified": "2018-04-20T09:09:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-02T02:55:35", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae56-1598-49ed-94df-444002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/86746d7dfa923b5b1e0e5a0d27f19eb40979dcf342f2fba01ccbb09175b9363c/analysis/1509591335/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae56-a994-48c2-926c-49ae02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/66", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae57-525c-4994-a1ce-4fc502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd71e68d-d005-441d-8ee0-7b5c1812bf8b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:46.000Z", "modified": "2018-04-20T09:09:46.000Z", "pattern": "[file:hashes.MD5 = 'edfaea51fd99182341fe5c0b503b738c' AND file:hashes.SHA1 = 'fe6bd0ecd3dc1be10d3fbadf08075e22bac98ca3' AND file:hashes.SHA256 = '530607f9b54be981e420a7bca1d33d0fa180e6c42877beddeb23836cc440f062']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4c74c847-cc7b-492c-87b0-f33694b4c6ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:44.000Z", "modified": "2018-04-20T09:09:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-01T04:41:40", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae58-1588-4412-b726-4e8402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/530607f9b54be981e420a7bca1d33d0fa180e6c42877beddeb23836cc440f062/analysis/1512103300/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae59-ac34-4d5d-b2f3-4d2802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae59-4bd8-45cf-8cf9-476302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--139196f6-be99-47ed-b809-73d2853fa944", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:48.000Z", "modified": "2018-04-20T09:09:48.000Z", "pattern": "[file:hashes.MD5 = 'e65541fea778be35e24b5dc27b866819' AND file:hashes.SHA1 = '79d8b1df541e1aadae1a59a4a10e24749803986e' AND file:hashes.SHA256 = 'e9a7b16189e27dff9ff67e31d09fa05e7f32658dfa56bb51feff8ca0cfb4eb85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0a753999-8af3-41ac-8ddd-dcc50453ed70", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:46.000Z", "modified": "2018-04-20T09:09:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-28T04:51:14", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae5a-0c04-48b1-a181-43e602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e9a7b16189e27dff9ff67e31d09fa05e7f32658dfa56bb51feff8ca0cfb4eb85/analysis/1509166274/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae5b-1340-489b-a131-46af02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae5b-d124-476b-9894-4bf802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc2b374f-3d33-44e7-a28a-aa0e6581036e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:50.000Z", "modified": "2018-04-20T09:09:50.000Z", "pattern": "[file:hashes.MD5 = '0d2372f66e72cd334751ad39f9577686' AND file:hashes.SHA1 = '3c792497664d6244ed4593d7c1a7ff47706aae24' AND file:hashes.SHA256 = '4694e19504a1bbc0335c213bad487727ab75faab3bf29d92cb7e3d14a2d3a8d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--78ef6597-c29d-407c-90da-5c9ac51c0d20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:49.000Z", "modified": "2018-04-20T09:09:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-19T04:56:53", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae5d-4bb0-446c-9983-408f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4694e19504a1bbc0335c213bad487727ab75faab3bf29d92cb7e3d14a2d3a8d0/analysis/1519016213/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae5d-15a8-4996-8d17-47c002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae5d-11e4-48c1-b92a-428002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b1058c5-64f7-4e3b-a392-29bf82262d28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:52.000Z", "modified": "2018-04-20T09:09:52.000Z", "pattern": "[file:hashes.MD5 = '7cdaf947fdcd6dbfc03f975a77d4a12d' AND file:hashes.SHA1 = '3415c7bfc040b417006f5f4ca6dea6080a19348a' AND file:hashes.SHA256 = 'e5d34b53cb6e4e111e167cf13b608b87f7ab7d43d7f08f995ae9f2c1139e8f51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d46ebad3-0ea9-4fa6-9449-2ed4fd77bda5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:51.000Z", "modified": "2018-04-20T09:09:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-20T04:39:40", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae5f-c3bc-4e4e-bab9-4b2f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e5d34b53cb6e4e111e167cf13b608b87f7ab7d43d7f08f995ae9f2c1139e8f51/analysis/1508474380/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae5f-9cb4-47b1-bd2b-42fb02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae60-c144-441d-a561-40ae02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2904375-8986-41ef-b6b7-4cafbad88a0e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:55.000Z", "modified": "2018-04-20T09:09:55.000Z", "pattern": "[file:hashes.MD5 = '0be9f7aa72c6ad4e138282ebb971ef16' AND file:hashes.SHA1 = '48b053a220182e475659502d1cacd4c30d50ee87' AND file:hashes.SHA256 = 'a0365a881396fa66719255cd617e5ef7e175343f28b7ee7ec347bf87811274c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dd8685d4-ae68-4e10-9a02-4ff2a38bd092", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:53.000Z", "modified": "2018-04-20T09:09:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-03T14:18:18", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae61-f448-4c57-88b1-450002de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a0365a881396fa66719255cd617e5ef7e175343f28b7ee7ec347bf87811274c0/analysis/1512310698/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae61-2700-4535-9534-41a002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae62-3c64-433f-ac73-442302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61c11e5f-54fb-43cc-9485-ccf4f7f6c41a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:57.000Z", "modified": "2018-04-20T09:09:57.000Z", "pattern": "[file:hashes.MD5 = 'd0fdb7548795050ae3e7b4029b3e98f1' AND file:hashes.SHA1 = 'efd6815a6099d4d3a5f4e549bff436baa3be470a' AND file:hashes.SHA256 = 'fa8c301685d5ceb6a97b75f3bb665871e3ddf5b47410179dd7a55f4f3cebf4ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--23867c24-4af9-4a2f-bedc-dda5c1b39c75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:55.000Z", "modified": "2018-04-20T09:09:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-10T18:42:31", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae63-0ef4-4a38-a8f6-475802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fa8c301685d5ceb6a97b75f3bb665871e3ddf5b47410179dd7a55f4f3cebf4ab/analysis/1512931351/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae64-d6c0-471b-84b9-4ca902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae64-5600-48f5-a8ba-4d6e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--964d2d64-c17a-4c3e-91bd-80776bc6644f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:59.000Z", "modified": "2018-04-20T09:09:59.000Z", "pattern": "[file:hashes.MD5 = '0dceec9a6b080d4bd9d14696259386c9' AND file:hashes.SHA1 = 'fe6672e154b70441b6d144ede426012cffec2e02' AND file:hashes.SHA256 = '444147472ba54f1f58776a84e98152ae28dfbca23602cb440a830fddd4a283cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:09:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6c20a0c5-39a6-49c9-aaf2-9fb0b1938633", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:57.000Z", "modified": "2018-04-20T09:09:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-20T04:30:04", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae65-3d00-4242-8484-48ba02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/444147472ba54f1f58776a84e98152ae28dfbca23602cb440a830fddd4a283cf/analysis/1508473804/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae66-1118-44c2-8463-414d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae66-a434-4cf5-959d-478202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9393f4f9-b9fc-416b-92bd-4c090307ae39", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:01.000Z", "modified": "2018-04-20T09:10:01.000Z", "pattern": "[file:hashes.MD5 = 'adac8ee518ffdc3d850fe66480df0d77' AND file:hashes.SHA1 = '46c92b1f400dc1af1e5563cded21a7b6d051eaec' AND file:hashes.SHA256 = '11117fe96292e5d5702f2c82e4b21c3cbc4234f13417b22ad963a9f746978482']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f22c7776-6135-4800-9901-5a4de6adee83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:09:59.000Z", "modified": "2018-04-20T09:09:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-16T23:32:50", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae67-ea44-4f97-864b-4c9602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/11117fe96292e5d5702f2c82e4b21c3cbc4234f13417b22ad963a9f746978482/analysis/1518823970/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae68-f8fc-4ea9-a17b-436502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae68-0a70-4d7d-9635-474302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c97afdae-f971-4e34-8ce8-c3f0151f6e38", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:03.000Z", "modified": "2018-04-20T09:10:03.000Z", "pattern": "[file:hashes.MD5 = '0b2e3b4b0f7966745eab9308f9c7f563' AND file:hashes.SHA1 = '1ec05f2f0fd5cadb5ebd4d85d50989f69ad08661' AND file:hashes.SHA256 = '66af9dc27feb2b69729b82e4076dd699cc504c3c8dce943d2023c7bdeca00f2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--395fc03d-627f-47dd-a7db-71cf2e558e15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:02.000Z", "modified": "2018-04-20T09:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-19T01:08:06", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae6a-5110-4eeb-ba12-421802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/66af9dc27feb2b69729b82e4076dd699cc504c3c8dce943d2023c7bdeca00f2a/analysis/1519002486/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae6a-c9e4-4967-84f1-4bea02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/68", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae6b-680c-4667-8f1f-472702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1867223-f5e0-4877-a819-9612307f3867", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:06.000Z", "modified": "2018-04-20T09:10:06.000Z", "pattern": "[file:hashes.MD5 = '818a695c9bf2b107c4394695a2f57528' AND file:hashes.SHA1 = '8fbf05caf42e5618cadb0343bcf4b249e33ceb22' AND file:hashes.SHA256 = '431e6a8252837a5e1c7c98aa9b72c1df4b21e34ae8c7e73882294097f140466e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c3feebd9-263b-4900-a98c-8bec8b9440f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:04.000Z", "modified": "2018-04-20T09:10:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-26T13:08:06", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae6c-27e0-43fa-8aca-44f702de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/431e6a8252837a5e1c7c98aa9b72c1df4b21e34ae8c7e73882294097f140466e/analysis/1509023286/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae6c-5a44-45e1-9c82-496d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae6d-7d7c-4776-96b8-422502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b805ea51-f04a-4f6a-8ecf-c9ec51fa83cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:08.000Z", "modified": "2018-04-20T09:10:08.000Z", "pattern": "[file:hashes.MD5 = 'feaa9e91b65701090f24d63b6454206a' AND file:hashes.SHA1 = '074e44100027996f616253eefe6ae4185b585899' AND file:hashes.SHA256 = '7c83266775aceac7e54b9d7db2620245520a52e854a5e61f5c5f2452a60432de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--15222292-8bfb-4e86-91fa-b0e4ec0adc58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:06.000Z", "modified": "2018-04-20T09:10:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-20T04:33:23", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae6e-64d8-4c6d-b94b-497902de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7c83266775aceac7e54b9d7db2620245520a52e854a5e61f5c5f2452a60432de/analysis/1511152403/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae6f-59b0-49b8-8d07-4f0602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae6f-012c-4be2-ad51-487802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb42f6f1-2c60-490e-8e04-79cdc4144a37", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:10.000Z", "modified": "2018-04-20T09:10:10.000Z", "pattern": "[file:hashes.MD5 = '4633642e88630f65f9661d0117535446' AND file:hashes.SHA1 = '9d47f46a1e364eda6b2ead54e22a9ffc61111027' AND file:hashes.SHA256 = '61cb5cbccb6d1c329cb1a641c3a74fd4a4521dee0d2d03e810f3f12303e0f1f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8c0ecebc-54db-4732-b8e6-8a3e388aadaf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:08.000Z", "modified": "2018-04-20T09:10:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-01T07:00:55", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae70-31f4-4257-bf6e-4a5302de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/61cb5cbccb6d1c329cb1a641c3a74fd4a4521dee0d2d03e810f3f12303e0f1f1/analysis/1509519655/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae71-07b8-4652-a918-492f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae71-837c-44e7-be71-447902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7967e5b8-00eb-4320-9412-e01a082c07ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:12.000Z", "modified": "2018-04-20T09:10:12.000Z", "pattern": "[file:hashes.MD5 = '02ec2f2d6b01680a83378bd6c6c8144a' AND file:hashes.SHA1 = 'a1f3c47e5ffde75e7285b6bd891b4c8336dd39cc' AND file:hashes.SHA256 = 'a677a593cebda3734ab26828b65fd93b54bbc02199a080a26da61afcff29ae48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7300f602-1abc-44a4-9093-a7e2165d7a91", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:10.000Z", "modified": "2018-04-20T09:10:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-08T17:27:25", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae73-7520-4e12-8f4f-4a5202de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a677a593cebda3734ab26828b65fd93b54bbc02199a080a26da61afcff29ae48/analysis/1512754045/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae73-6c3c-43e0-a30d-432302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae73-f608-4a44-97ad-4bc802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6007d8cd-f034-477a-9e08-2fd715e5e884", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:14.000Z", "modified": "2018-04-20T09:10:14.000Z", "pattern": "[file:hashes.MD5 = 'aebe8f53070a8e5687641789666e9482' AND file:hashes.SHA1 = '50f9f2eae65ccb06723a3f470ebf338978b23277' AND file:hashes.SHA256 = '97702356739358d428d1e7c7ddcc8aa08379562b290edb12348cae2bc0ddbb32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--27e7462f-edef-4bff-b8fc-d526b1399b40", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:13.000Z", "modified": "2018-04-20T09:10:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-27T08:43:40", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae75-b3d0-4c40-8ed8-4c1d02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/97702356739358d428d1e7c7ddcc8aa08379562b290edb12348cae2bc0ddbb32/analysis/1522140220/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae75-6744-4ff7-a920-431502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae75-aabc-43b6-898a-4e0f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04a6579c-e5e5-4b9f-8941-c896ddbea402", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:16.000Z", "modified": "2018-04-20T09:10:16.000Z", "pattern": "[file:hashes.MD5 = '107fac484f2ba8f2b8b80a52a8631707' AND file:hashes.SHA1 = 'c50ab16bb0fa34aead71090ccfbe0d5f5556cfbd' AND file:hashes.SHA256 = '39974f2161bc0151692ae2f380d38b626f2b47904f92ce5706e29b2fe05122d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c579ecb-1bdd-491f-bcae-9aeb77253f1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:15.000Z", "modified": "2018-04-20T09:10:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T16:45:10", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae77-3804-4787-b417-435d02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/39974f2161bc0151692ae2f380d38b626f2b47904f92ce5706e29b2fe05122d3/analysis/1518972310/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae77-abc4-4402-a2b3-49ed02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/68", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae78-8190-4174-80d1-4ebb02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95c00602-db58-40f5-91c5-3b5abeb62f34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:19.000Z", "modified": "2018-04-20T09:10:19.000Z", "pattern": "[file:hashes.MD5 = '1c4badb1eb960a07ddacdeeed29c2d6d' AND file:hashes.SHA1 = '7cce23ad0e776f6d9bc4429cd657f164a589c948' AND file:hashes.SHA256 = 'a32a315ae45f62d26cdd22281a69932c83f147fc4e820a9cc7bf05bcc4680777']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5ef6db2d-f867-495b-9515-aee0b0c69572", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:17.000Z", "modified": "2018-04-20T09:10:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-06T15:11:35", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae79-01f8-4fd6-aff0-499a02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a32a315ae45f62d26cdd22281a69932c83f147fc4e820a9cc7bf05bcc4680777/analysis/1512573095/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae79-3330-4aa2-9567-4a2c02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae7a-ac20-437d-aa5d-45e902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--927a32d1-3581-4660-a7cb-b3b983b1d2b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:21.000Z", "modified": "2018-04-20T09:10:21.000Z", "pattern": "[file:hashes.MD5 = 'cff98f9196a16ae1aeb0fdba17121232' AND file:hashes.SHA1 = '0f877673d6c362ebdf418e38143c5817c24917d0' AND file:hashes.SHA256 = 'b4e2b99c18bf61acedaff5b1908a212470eb902ddfe8e164e01ffcfbab19834b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f5e79c89-6ae1-40b3-8d64-7ccc44962818", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:19.000Z", "modified": "2018-04-20T09:10:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-26T03:58:13", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae7b-7a30-49f5-9b48-41ac02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b4e2b99c18bf61acedaff5b1908a212470eb902ddfe8e164e01ffcfbab19834b/analysis/1514260693/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae7b-6f00-437e-a64f-445502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae7c-6f40-4ee6-8603-44d902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33ada061-a11c-4b80-bfe1-2a219c8b4216", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:23.000Z", "modified": "2018-04-20T09:10:23.000Z", "pattern": "[file:hashes.MD5 = '05bef52c0d184f19d99d55e90aa2a40f' AND file:hashes.SHA1 = '052c2631b3af54323f2514827b1413084fdaa62f' AND file:hashes.SHA256 = 'bc782f40d16fd6574c1e84edd0728470f426a31d2ff94e4bbb87a19cf3992048']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4d75191a-9322-46a4-8bb1-28edd400300e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:21.000Z", "modified": "2018-04-20T09:10:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-20T17:54:27", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae7d-5088-4dfc-9929-4ede02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bc782f40d16fd6574c1e84edd0728470f426a31d2ff94e4bbb87a19cf3992048/analysis/1519149267/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae7e-9de8-40c7-9a5d-4f7302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae7e-1948-452d-906e-491302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--231da622-eca5-46f9-8b3d-7a60271bbf5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:25.000Z", "modified": "2018-04-20T09:10:25.000Z", "pattern": "[file:hashes.MD5 = 'd0f9b66595164fd1c9dac24d60feeba3' AND file:hashes.SHA1 = '637fd31d870fda81f19378df838bf639dcfd3492' AND file:hashes.SHA256 = '9c6def0cb6963372a10888e6f702d80381559a29db1da32ab149273b3d10ca34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d8b83106-c718-4884-bc69-e1ec3157b231", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:23.000Z", "modified": "2018-04-20T09:10:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T01:58:13", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae7f-2a24-4506-a49f-459f02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9c6def0cb6963372a10888e6f702d80381559a29db1da32ab149273b3d10ca34/analysis/1508896693/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae80-3124-45f5-b863-459a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae80-d2a0-4d79-8ea4-419102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--900b2299-4d91-4311-8eb6-3d8dcde3c53e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:27.000Z", "modified": "2018-04-20T09:10:27.000Z", "pattern": "[file:hashes.MD5 = '5d02896f184bdc95400b10d02227177c' AND file:hashes.SHA1 = 'a129959a7e2b279273942088665fbebf521c2a1c' AND file:hashes.SHA256 = 'e9bcf85599744033e320f5031ecc8157e0498a42d699cb175d7242c95b9f4358']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ba9454c8-868b-4c61-99a5-7f1c6eaba02e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:25.000Z", "modified": "2018-04-20T09:10:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-01T14:22:53", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae81-ac90-4144-a381-4dbc02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e9bcf85599744033e320f5031ecc8157e0498a42d699cb175d7242c95b9f4358/analysis/1509546173/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae82-71d4-4701-9c9c-4a0002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae82-f644-4a06-b8f4-4e2402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--123260f2-c093-487a-8da6-0a38a26956b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:29.000Z", "modified": "2018-04-20T09:10:29.000Z", "pattern": "[file:hashes.MD5 = '057f0c2b9a3377366ea36bc8f4454b40' AND file:hashes.SHA1 = '9c385db869ef98dbe7df24e509f336d2307504c1' AND file:hashes.SHA256 = '1d70d1eb3210984b8d2c3c62ca6ade7b018f44688d009cbde3c2c214224a3ffb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--52bb8f52-813c-42b9-b810-935626ee2a80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:28.000Z", "modified": "2018-04-20T09:10:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-20T19:59:05", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae84-fb88-4f10-a31d-427b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1d70d1eb3210984b8d2c3c62ca6ade7b018f44688d009cbde3c2c214224a3ffb/analysis/1519156745/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae84-9d64-437f-92fd-453a02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/68", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae84-5e44-4aca-9715-4aaf02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9967b9a-c9d0-48cf-8c84-d7527995794e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:31.000Z", "modified": "2018-04-20T09:10:31.000Z", "pattern": "[file:hashes.MD5 = '59e614f10a687b16c08b684ffbf5c556' AND file:hashes.SHA1 = '239958c1d53838bee3c7559df1a4bd60333e0a3e' AND file:hashes.SHA256 = 'ad7c7472d980025e3edbab89988fec2d5776b4f72b0757c2b1dac54d1c991c37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf02e3cf-264a-406b-bafe-860ff8d96eae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:30.000Z", "modified": "2018-04-20T09:10:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-07T00:34:15", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae86-10b8-4b4b-84dd-425302de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ad7c7472d980025e3edbab89988fec2d5776b4f72b0757c2b1dac54d1c991c37/analysis/1515285255/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae86-b91c-48aa-bb52-4ef202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/67", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae87-cd30-4c96-85e7-451c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1aa193f1-c768-4a16-a2cb-0c0381dba191", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:34.000Z", "modified": "2018-04-20T09:10:34.000Z", "pattern": "[file:hashes.MD5 = 'bdaf573f5f56f4542196d69e9af17b60' AND file:hashes.SHA1 = '0700816b242e950ca16e58e33f8c31d173b9371a' AND file:hashes.SHA256 = '973c024f2af38334bfe80a5c1fc2f96b2215397124ff08110e3c96aa986e7440']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6bd8fb6f-dd9f-4d3f-aa56-e4c18e904991", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:32.000Z", "modified": "2018-04-20T09:10:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-06T18:52:52", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae88-925c-4dad-a805-4db802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/973c024f2af38334bfe80a5c1fc2f96b2215397124ff08110e3c96aa986e7440/analysis/1512586372/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae88-c50c-4080-b3f4-419902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae89-63ac-4e9b-a6cb-475802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--67459c2e-6974-4168-a4bb-0c94041b7a1c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:36.000Z", "modified": "2018-04-20T09:10:36.000Z", "pattern": "[file:hashes.MD5 = '4e70fdc8daeb5407f94ae0fc08153a69' AND file:hashes.SHA1 = '1bf33d2d59953981ceb693ae5a2c83f5050965e8' AND file:hashes.SHA256 = '3ed671f4ea7e92ef0e0bf61e7bacc0b7a2a82ccea73a53e7cde66e3497a86520']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d2ae4a97-361c-42ac-90f2-42867b1bec12", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:34.000Z", "modified": "2018-04-20T09:10:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T01:50:11", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae8a-a5d0-4e20-ba24-495e02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3ed671f4ea7e92ef0e0bf61e7bacc0b7a2a82ccea73a53e7cde66e3497a86520/analysis/1508896211/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae8a-2fe8-4e4e-9052-4e9602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/63", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae8b-edc8-415e-bc6d-4f7f02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ee2136a-174e-41ca-8e77-c55b330a2d7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:38.000Z", "modified": "2018-04-20T09:10:38.000Z", "pattern": "[file:hashes.MD5 = '021828ddd4e024644001a759bb4829bf' AND file:hashes.SHA1 = 'ab2192f0ac57ebfb3a16062b1aad790c7acc9e96' AND file:hashes.SHA256 = '06c65a259d7c96000fcec97a7d8c5b6c4d0c8b8e52ed1d45c934a50d0369b3eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4dcb2323-6adc-4e6f-9a4c-4da633df6bfa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:36.000Z", "modified": "2018-04-20T09:10:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-16T22:30:34", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae8c-74ec-4a7d-a484-4f6d02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/06c65a259d7c96000fcec97a7d8c5b6c4d0c8b8e52ed1d45c934a50d0369b3eb/analysis/1513463434/", "category": "External analysis", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae8d-71a0-4345-8b02-448902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/68", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae8d-a1d4-4713-b8b0-4db302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a558cc1a-df6e-4ddd-bd8c-694a27a2e298", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:40.000Z", "modified": "2018-04-20T09:10:40.000Z", "pattern": "[file:hashes.MD5 = '0bccb0c7a3e542a36ec6448c02efc415' AND file:hashes.SHA1 = '380d90a3fd1606c22c16ddc9f3b04426c37abee0' AND file:hashes.SHA256 = 'a7d667e9d67d4b7db00c52572ca1e945b1aba8139dce9c647b8b9bce89ba45e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ff7f2a21-2be3-447a-9137-7fd1eb8a7100", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:38.000Z", "modified": "2018-04-20T09:10:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-27T14:32:39", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae8e-29a4-457f-b45d-481b02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a7d667e9d67d4b7db00c52572ca1e945b1aba8139dce9c647b8b9bce89ba45e0/analysis/1509114759/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae8f-f89c-431d-82b4-46ba02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae8f-2598-4825-8ef4-40ce02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--966e7ca9-3fb4-4d2a-8c16-b8911848b40b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:42.000Z", "modified": "2018-04-20T09:10:42.000Z", "pattern": "[file:hashes.MD5 = '30da06d9c1d3c8bd4f90256e56af0d8e' AND file:hashes.SHA1 = 'b13be4845ad3c6fe74719fcf13c8d69f4640c24f' AND file:hashes.SHA256 = '19a5f6fc34e531409c787b00444671b44a5c11dec0dafab0e0ef699de29eea6d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6b683fae-c19a-4048-a4df-87877482042a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:41.000Z", "modified": "2018-04-20T09:10:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-24T05:13:02", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae91-ed3c-42c2-96cf-422802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/19a5f6fc34e531409c787b00444671b44a5c11dec0dafab0e0ef699de29eea6d/analysis/1514092382/", "category": "External analysis", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae91-05d4-4b99-965d-4b3802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/68", "category": "Other", "comment": "Win.Dropper.Mikey-6502276-0", "uuid": "5ad9ae92-74ec-469d-ab7b-450302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--871505a5-67b3-4e0e-a061-771e9e689bf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:45.000Z", "modified": "2018-04-20T09:10:45.000Z", "pattern": "[file:hashes.MD5 = 'ad21e171d278d27ccebfbc9b2d4d0992' AND file:hashes.SHA1 = '8cdfd3e94086a82b4fc9579d7e6fbe42c0b253cb' AND file:hashes.SHA256 = 'ba975d346f8f543f348e1e42f03bf50167045740b321ae6dc8a8497e608e8766']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--da838904-52a0-4aba-a34c-444c519ca9e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:43.000Z", "modified": "2018-04-20T09:10:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-30T16:49:06", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae93-0bfc-44da-8f39-49ba02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ba975d346f8f543f348e1e42f03bf50167045740b321ae6dc8a8497e608e8766/analysis/1509382146/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae93-d184-44b1-b0c8-493902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae94-eb74-416a-8536-485702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b1c027bf-e678-4107-9332-782883a20df5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:47.000Z", "modified": "2018-04-20T09:10:47.000Z", "pattern": "[file:hashes.MD5 = '01ebe810b6d69d0f6588191c333d6106' AND file:hashes.SHA1 = 'af14fd59d99d16ff6fd967986d000bb8a773b6ba' AND file:hashes.SHA256 = 'f0bfcb581935377def575a18a89290427d335c95da6781b11d1ad91711cb4a81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e18d455e-9797-4cfd-bc4e-7f58784671eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:45.000Z", "modified": "2018-04-20T09:10:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-02-18T16:32:37", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae95-1f30-407a-8383-435c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f0bfcb581935377def575a18a89290427d335c95da6781b11d1ad91711cb4a81/analysis/1518971557/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae96-88a4-4dfb-a877-450702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/67", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae96-8874-4c70-bf40-4b4c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2eaac486-82b0-49c2-8dc7-c0e0d1334bc5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:49.000Z", "modified": "2018-04-20T09:10:49.000Z", "pattern": "[file:hashes.MD5 = 'bf09e291cb6a4aff8e1eab04efe7bf13' AND file:hashes.SHA1 = '699171ae82700a702a02ba5cc0743f08814e4f18' AND file:hashes.SHA256 = '09574981553c2729c9779beee8e6007734f932a155de278eb46d9fc557c39400']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4880b0ee-33df-4e81-8a32-8f53fabe84e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:47.000Z", "modified": "2018-04-20T09:10:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-31T02:04:36", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae97-ce3c-45fa-bfd8-470602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09574981553c2729c9779beee8e6007734f932a155de278eb46d9fc557c39400/analysis/1509415476/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae98-1b0c-4afa-8876-4e4202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9ae98-cc8c-4e46-aaf0-4d2c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f74b8766-0e2c-48dd-97fe-7a6bcbd3683f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:51.000Z", "modified": "2018-04-20T09:10:51.000Z", "pattern": "[file:hashes.MD5 = '05c9bafd172cd4832bf57ac9bc7e37c9' AND file:hashes.SHA1 = 'fcf95beedf57b54a8891eb8b1d91d9d9762e052b' AND file:hashes.SHA256 = '04ead5ee82c762a26e1dc0e6a8b21c54669c771cca0291b5d41282d2e73a7fc0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d5e5151a-6fe7-4aea-8c1b-f384641f3de1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:50.000Z", "modified": "2018-04-20T09:10:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-04-01T08:09:24", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae9a-31f4-423c-a7e7-496602de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/04ead5ee82c762a26e1dc0e6a8b21c54669c771cca0291b5d41282d2e73a7fc0/analysis/1522570164/", "category": "External analysis", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae9a-1f84-4938-9069-4a2402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/64", "category": "Other", "comment": "Win.Dropper.Startsurf-6502245-0", "uuid": "5ad9ae9a-533c-4b7c-af73-42a302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e508395-c56b-44f3-8d8f-c27378c24948", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:53.000Z", "modified": "2018-04-20T09:10:53.000Z", "pattern": "[file:hashes.MD5 = 'ab282b76982e4d9dc477732a3aecd93a' AND file:hashes.SHA1 = '3ee8a12b2110b21ceffb54942a0b925bc5a44c26' AND file:hashes.SHA256 = '2df889657dd28f91ea10c08d5a72cf890bf142a6fb4928520ecdefcf708cc2b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--91d65c73-3c78-4c78-9b43-04795a21d2dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:52.000Z", "modified": "2018-04-20T09:10:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-30T02:21:49", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae9c-0308-4a0e-b903-413802de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2df889657dd28f91ea10c08d5a72cf890bf142a6fb4928520ecdefcf708cc2b5/analysis/1512008509/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae9c-0444-43f1-808d-484602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9ae9d-f4ec-4a77-a68d-473b02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce1148cb-ccbb-4534-a264-987b0a02387e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:56.000Z", "modified": "2018-04-20T09:10:56.000Z", "pattern": "[file:hashes.MD5 = '04b1767fc8c7576329d0d9f130570483' AND file:hashes.SHA1 = 'd564f1a814aa7ee497506900e9f6f08dac802a62' AND file:hashes.SHA256 = 'e122d91eb62a33c8b4ef56b2299caf2f58fd4e48694c97e06c92f858497cf860']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7b05f522-f1e9-4890-b0bc-3dcbcd58388e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:54.000Z", "modified": "2018-04-20T09:10:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-02T19:09:49", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae9e-f694-429e-b42d-4fd402de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e122d91eb62a33c8b4ef56b2299caf2f58fd4e48694c97e06c92f858497cf860/analysis/1512241789/", "category": "External analysis", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae9e-2d60-4ad8-9350-427d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/68", "category": "Other", "comment": "Win.Dropper.Upatre-6498441-1", "uuid": "5ad9ae9f-10e0-42eb-bddd-453702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ed19c62-1efa-47b5-bd86-5ce3ea96eea3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:58.000Z", "modified": "2018-04-20T09:10:58.000Z", "pattern": "[file:hashes.MD5 = '9164bbb56803391261d42d9ee69b42da' AND file:hashes.SHA1 = 'b8aaf98dca8a84eee3bb4151fa66ae61d51e5331' AND file:hashes.SHA256 = '2593e0c6d66d36c7d8b3061f3c242875113310a2939f89aea73eda1397e44e31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:10:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ba0df232-2b85-4c6e-ad5f-0bf6e12cc26a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:56.000Z", "modified": "2018-04-20T09:10:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-28T14:24:09", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9aea0-ef24-497a-8710-41e702de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2593e0c6d66d36c7d8b3061f3c242875113310a2939f89aea73eda1397e44e31/analysis/1509200649/", "category": "External analysis", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9aea1-bf6c-46c8-a310-4f4202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/68", "category": "Other", "comment": "Win.Dropper.Neutrinopos-6500704-1", "uuid": "5ad9aea1-73f4-416e-90ab-46c802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c750f8a8-1526-41bf-9e8c-3ac273664df7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:11:00.000Z", "modified": "2018-04-20T09:11:00.000Z", "pattern": "[file:hashes.MD5 = 'ed1ef9158da2ef353c31613b649d906b' AND file:hashes.SHA1 = '3766378217eea6e7047771e0108983000c697321' AND file:hashes.SHA256 = '61ff6f5d48f02c0a5b7a28936f8aa9ebad2344f3552608fae2ce3f14a9bf14d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:11:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1d1ce1a4-cf6c-4dee-83fd-c67c479b0e7b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:10:58.000Z", "modified": "2018-04-20T09:10:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-25T02:00:00", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9aea2-54d8-4f03-8d4b-4d0c02de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/61ff6f5d48f02c0a5b7a28936f8aa9ebad2344f3552608fae2ce3f14a9bf14d4/analysis/1508896800/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9aea3-2c28-4930-9798-497902de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/66", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9aea3-5c50-408e-ba63-471302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b93c146-e37e-43df-8900-5c0faf08a5f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "pattern": "[file:hashes.MD5 = '4a6b63f1b4efaf59a4343f3fed896026' AND file:hashes.SHA1 = '59e38dbfed36c465202cea50f908d445da969098' AND file:hashes.SHA256 = '3f2925b26b0f0b0f141346d8a654a74704d9326492537de17518bd6fb11671e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-04-20T09:11:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--066ffd6c-1f8a-4876-b8e7-4c6c950c58d8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-04-20T09:11:00.000Z", "modified": "2018-04-20T09:11:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-18T15:51:50", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9aea4-1d30-4edb-bb10-45d702de0b81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3f2925b26b0f0b0f141346d8a654a74704d9326492537de17518bd6fb11671e8/analysis/1508341910/", "category": "External analysis", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9aea5-f118-412f-a4b3-490e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/63", "category": "Other", "comment": "Win.Dropper.Fareit-6500687-1", "uuid": "5ad9aea5-ed30-484a-babd-475e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87308c90-9b77-485f-ab06-df1ce4a90aee", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d8250151-a555-4e5e-9239-e4d6a705c550", "target_ref": "x-misp-object--f18a6769-9119-4ce8-8261-38c8c36c6d48" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13d85698-038f-4371-a30c-8d078265ceb1", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5667d69e-d4e0-49ff-b66d-ee9c0d1606a0", "target_ref": "x-misp-object--2777d3d2-815c-4e73-92b3-e7c5f6a6bb4f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bbf71e0c-90ae-4427-b608-0afe2f06cbe7", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a0f795c-3740-4127-ae11-5719c06e4613", "target_ref": "x-misp-object--ff6c2680-4cca-4e84-aeef-dbf889d731cb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6cedbc6-f6a9-4547-95dd-7f38682d1c94", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f770580-9cd5-4055-8779-f7214ff95236", "target_ref": "x-misp-object--ee0ed29e-9ebc-4abb-b406-61d5e5e7d74f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--59fa9eec-4ec9-4929-a029-c110bdaf4b9c", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--16dd834b-161d-4a5d-a463-e0fe0c82ddb8", "target_ref": "x-misp-object--c2c034d9-7fc9-4b07-b85e-b77886481632" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5249487-5afe-4298-bc1b-4fa084055de4", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c3353ab-72a9-4b8d-bf7b-26b82f95bcab", "target_ref": "x-misp-object--ca39f2b2-ab66-4b27-b7c6-c0e6031aa3c6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9aedfb5b-6167-44e3-a9b8-0c04f24e1843", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4bbac67b-db88-4ff1-b57e-99611cfee662", "target_ref": "x-misp-object--7d0a5db8-4b69-4b06-b514-861ac2bcc9c8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8784247c-c14f-44f6-beba-1cb7a78dddb1", "created": "2018-04-17T09:38:24.000Z", "modified": "2018-04-17T09:38:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--38195b20-39ab-4f46-a15f-4cac8fa71f0b", "target_ref": "x-misp-object--b9326c01-9fbc-4562-9806-9eb7f18f1658" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d446323e-40aa-4418-86be-358e6a8adb9c", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--23168de0-12c0-4447-aecb-32d09f2215d6", "target_ref": "x-misp-object--6ffec30e-27e2-4994-b80e-41bbfc7b35ca" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cd5524a0-23ed-495b-9877-700786d09607", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3797aea4-eab0-4f22-9e6d-a1a543cb0009", "target_ref": "x-misp-object--bc2915ec-2b50-47b9-abaa-3481306c33d2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28e45edc-01ea-424e-9b12-f16d3c20d739", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d9bd8f68-4507-4e45-b3b2-51b238bf210c", "target_ref": "x-misp-object--e050e2a6-56c7-45ff-82a3-771b9fed5773" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a30abce8-d2b6-45c4-b8de-ba6a386e5b51", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bdfb2aaf-fbc1-4f37-a1c2-3d2e7ab849e4", "target_ref": "x-misp-object--0b1fa52a-e14a-41b1-870c-6f2f34beb767" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08a4f335-c068-44b2-9478-cdbfce8880c1", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5bf3dff0-e75c-4c33-b4a1-eb598f12b360", "target_ref": "x-misp-object--52911c0c-a5de-4e05-b24b-f95bc38926b4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a47e21f7-f455-48c3-9546-029f0a39b6c0", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--614923b5-0de4-4fc9-a207-736b5e32740d", "target_ref": "x-misp-object--8ea75fc7-ff1e-45ce-806b-6542e4d5da9c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c385d166-c894-4671-a409-f570e80fceb7", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--995bfffe-f2bd-4180-9982-f4700327897d", "target_ref": "x-misp-object--bdda72e7-74f6-4a7e-9ce2-860f07a867cc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1ad099c5-a313-441e-808e-616c5d9c1266", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3d6d671b-63e1-4e34-add1-f1ac1def5d61", "target_ref": "x-misp-object--73b55eba-1b5c-4404-a1fe-f8776317e5db" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb40c929-69e2-429d-9c11-dc6b82b5496d", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4faa8c04-91b8-4cae-a6e4-b7e025fba6fb", "target_ref": "x-misp-object--2c7fb252-23a4-4d0f-a7d2-38ef26d62292" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc45c418-edc9-4c2b-8783-15b5ea59e50c", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--973396c7-45b7-4106-addf-ac2d80c845bf", "target_ref": "x-misp-object--caf0696e-f479-451b-87c4-55c4e29e725c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98749d0b-9257-4dff-bef7-bf02c4830cec", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--54f5c200-a42b-4430-bbf0-b9669a922753", "target_ref": "x-misp-object--3c6123b5-074a-48ac-8e18-eacd3427f3e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9804dfbc-a6fb-4833-bfdd-0435a6593240", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--31544fd1-56dd-45f2-b82e-92735845680d", "target_ref": "x-misp-object--3c388591-92db-40b6-ae4b-b929b333b015" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e9cab4d-2d1e-48e1-a2e8-e75e8f4a0194", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--112a8e0b-9c16-4653-b33c-dd0c9395e5f1", "target_ref": "x-misp-object--3c1121a3-79bf-4e3d-9f13-9a8b93a071cb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a589b76-efb7-40f2-98de-d39427ff5a69", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--94710067-d371-4822-8b18-19de4086162d", "target_ref": "x-misp-object--682b1d3f-030c-4473-ba89-9cd2fe00057c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d543c7cd-04ed-43ee-aced-1a35d7b8f315", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4801e439-9b95-4e31-b323-19141dc9f661", "target_ref": "x-misp-object--49706bc5-c3ca-4603-9c8c-27e7b7da5aea" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c69cfa15-0f8d-47c6-8a46-649b92a7314b", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a323b8bb-713c-49d2-9182-c5c82a7ad35d", "target_ref": "x-misp-object--3b0a52e2-f7d8-4624-9306-b85a5d163797" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c6ec0a3-7f4b-4df9-bc16-0a7aaf3c53bc", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--471e1471-53fb-4110-b102-8cce0d58cf5b", "target_ref": "x-misp-object--afea6952-1d7c-42e2-8600-2db8d77a821e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8889f6b-dd5a-476e-b83c-347e5646dfbe", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7db6a294-00d5-4a9d-b4ff-29e484eb8d4a", "target_ref": "x-misp-object--4f42f6bc-bc09-4beb-b412-645e35f3d61c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fa6e7ec9-46a0-4102-9f64-f33ad4e31910", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--30ffb028-4ee1-479d-ad8e-b16c1c787b24", "target_ref": "x-misp-object--cdd6e30a-cb0d-4276-8b1c-208f8db7873c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dc39d21e-4508-4211-a528-b02cd34de80c", "created": "2018-04-17T09:38:25.000Z", "modified": "2018-04-17T09:38:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--58e315b7-b23a-4232-a7df-24c01f2c6147", "target_ref": "x-misp-object--a8ef1585-9219-4fd3-82c4-fd44b510ec44" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c21f5f7b-3911-4b6f-83b1-cb3b8059435e", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eead743e-4f7b-417e-ab5b-754be3ab4639", "target_ref": "x-misp-object--44db359a-2322-4199-b7b2-ad7047055145" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c6f7df0-0447-4cb1-b494-7b34de17f64a", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c462c18c-5dd2-474d-9bdb-683249100648", "target_ref": "x-misp-object--51803a65-599e-4c65-a62e-47cedcfdf679" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e96b732d-4845-4445-b0cf-1b87a5ae1267", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--24579f89-a5e2-40a1-b402-1a3f503a9fee", "target_ref": "x-misp-object--4df065d3-0e9e-474e-99f0-ddcfd2163f78" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c088aac3-32a1-4c85-bdc8-4dcc1db1bd69", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8e397422-74ed-45d1-9b6a-68a3333869ce", "target_ref": "x-misp-object--3136bde9-7b09-4380-9688-b316ff8030a3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--79b663ba-4c96-4bdc-bfb9-3f4e7b4301ad", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a9fa6c94-efe8-4dbf-b103-c24ab19cbbf7", "target_ref": "x-misp-object--62a360ce-dbdb-4fbb-8e80-7ce96f87946c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c7e987f0-2a38-45f1-b30a-32ef9f513d2a", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f165aa6e-5d89-4258-8673-39c9f6b9948c", "target_ref": "x-misp-object--85cfd077-9915-43ee-80d6-d145645df836" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--40552076-e662-4d58-a584-b111d6b29151", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--475a6596-dcd2-4cd5-bde7-91710d2635ae", "target_ref": "x-misp-object--20aa948a-2c13-4806-97db-a0b7b736ef88" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9d69380-127a-4369-9664-5e75e1c57bfc", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f66345c9-da87-4634-807e-95b40b3f7829", "target_ref": "x-misp-object--4f729230-95ef-4dd1-8e92-e3ca84fde7b0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7a95e681-db14-4cba-b3f6-4529f815582c", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3ec767cb-63b7-4634-936d-ec2c72b7f414", "target_ref": "x-misp-object--e68803ee-8f52-4a45-b1ad-fadc751112e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e0fec1d-5ee6-4358-ab35-06e63934fd83", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2f1a76d0-7049-4e63-b652-573bad749c33", "target_ref": "x-misp-object--66400a8a-058c-46d1-be9e-5e0a8e28a098" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5622810-9ca3-42b6-9980-0ccdc58e578e", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e7bf71e1-5ed5-46ce-8ba8-a1f4f00e8d19", "target_ref": "x-misp-object--92a63283-9df8-4cf5-831d-a1d429ae0a04" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32d1c533-aaa8-46d6-aa3c-32b5b16d8687", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c7451e3-1e01-469b-87a2-8fe5a7a8a1b3", "target_ref": "x-misp-object--4f0576c0-d450-4279-9daa-96479dfa26ee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ab2564f2-8ebd-4014-869a-9cdcf4c87210", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fe05184f-77b8-4157-80b7-07aa043c9936", "target_ref": "x-misp-object--2f79727e-28c0-423d-9ed6-8cbf85e2b518" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--55b5a4ff-e048-42cd-a580-dcd934289292", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3732f786-fed1-4ec0-81a2-cf90bac3e268", "target_ref": "x-misp-object--dc2dd4e7-efc4-4d62-8c13-1af4257ee137" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--baf1833c-0ad7-4f58-8ab7-9bd1ffea253d", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3bf3ae13-b58d-4f5d-8469-5a34c8122639", "target_ref": "x-misp-object--409f2f05-3619-4f32-9c87-2ba0be7d1f14" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bdf67d1f-3f1f-40fc-80d2-0ad7e89e68f3", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ca3966ec-726d-4dcb-81f4-39c21bce3b57", "target_ref": "x-misp-object--54df5a27-b7e9-4370-b86a-434bc5c4bfb0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c8ad7091-e08c-4f12-b13f-db4dc81c7702", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--54175632-8cf7-4b49-934a-da9ed750f839", "target_ref": "x-misp-object--1602037e-3d0a-4d7c-aad4-690589211f3d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--37c50d90-db1d-4e3b-810d-8a5e19f5e4fa", "created": "2018-04-17T09:38:26.000Z", "modified": "2018-04-17T09:38:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--22060082-286e-4e92-a9de-5932cc66684c", "target_ref": "x-misp-object--da7a7be3-a8bf-4a4b-942e-6366ca70d287" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0460e90a-01a9-4338-b08b-b54de83a63ef", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bc3cbc70-c086-48a4-8c6e-faf4f66dc4fd", "target_ref": "x-misp-object--fe8692b8-47ed-49ae-ac84-c200cf0fb40b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7b756392-8163-49fa-9fee-309d0308263e", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f971946a-c11f-4e87-958e-b1216469856d", "target_ref": "x-misp-object--7fc03e03-5dfe-4d7b-9ca9-d4f2c47233fb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7bc42fa1-e7e1-4466-bf4a-2da6be7b4a69", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--820f1598-4c73-4860-8239-acc32c501496", "target_ref": "x-misp-object--686748b5-288c-48a2-9596-1fc1e96df87b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ec66bf6-0e38-43b8-be5c-aae93322f7d3", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9b31f6f2-1afa-4cc1-b1c9-3939d61c351e", "target_ref": "x-misp-object--c3012495-b7ed-4916-9049-53b6c65ac11b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--039e7736-d8c6-4013-bf52-7c8fc225736d", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4febf0f3-b71a-45e4-baed-ebd75779a918", "target_ref": "x-misp-object--872d5324-22bb-4366-a495-9cfe1ab1fcb8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--704e7518-b793-4506-8d61-2322290dab61", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b366383d-8567-41d5-8bd2-098a72d6410b", "target_ref": "x-misp-object--c18455f9-0c99-40ad-9307-b6c207b78199" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08da14fc-ebc9-411a-9b48-63b71a5eeea9", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--338c09b1-8889-4266-bc9c-9b6198986d8e", "target_ref": "x-misp-object--ed59d7cd-6596-4802-b2c8-8bc71943c90f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--69d7dc32-6226-4c26-9a4e-d9a31428ce90", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9b0cbf41-9f55-4c12-af30-95638bcb9724", "target_ref": "x-misp-object--ddd0eeec-07f6-4e82-aa68-2237276ef93e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c40567aa-7ad3-4782-bd1a-655367ef2d56", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--23d68864-87dc-40f6-8bdb-0382a2de717f", "target_ref": "x-misp-object--6a099e7c-a5dd-400b-8bca-df7575a5f1e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24071bda-1f57-4a6c-9833-9cc6eda686bd", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bf50fe3f-7ce4-4162-bee5-5b58898ff862", "target_ref": "x-misp-object--e031d087-ef4b-4824-9859-b46854c2939b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--872f5323-381d-4f08-8ce3-ab0c16100bec", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a2d09237-7842-4a7c-9966-66901fed8c9d", "target_ref": "x-misp-object--f2130b6f-d3b1-4d06-9938-964ee58f732c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--65e9a9fb-f749-4f0e-9e95-39a7858a7340", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--93d0b571-4b57-409a-8616-fe681227c5b0", "target_ref": "x-misp-object--ef46be73-9a3e-44c3-83c2-4ede304d137b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3518dd94-7902-4a53-9e3c-e277c0ad9121", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d3888401-a744-46ca-af6a-ebd96da536f0", "target_ref": "x-misp-object--d0fb5f61-30c3-4b2e-a514-31fc3fff048f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bfb04b99-69eb-4dfb-8b92-4cc53b9610d3", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--48f7985a-f575-46f2-b2a6-d8f9f349e20d", "target_ref": "x-misp-object--1ef1d86b-f368-4bf7-899f-8e2141bf5ae7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95f78ca8-6817-492e-95c5-d854bdbf34fc", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bbb9a50d-b258-4447-b8a5-c15bf7581ae8", "target_ref": "x-misp-object--0a443b7d-1866-4230-b65b-dedabfe03e83" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08dfd337-e863-4cfe-b2a2-5d2e871f15d6", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--34f4e2b6-3c81-4759-984f-86d7b4918862", "target_ref": "x-misp-object--332bc7c4-5a4e-4d1f-ad95-ba547a1bd03d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--66fd6b46-7a42-43a3-9ee5-271d30e66e45", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d1fc796f-8f35-4217-a3cc-d034728cab47", "target_ref": "x-misp-object--91de0b6e-f4f2-43e9-8ea7-3f3e5341eecb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b96c356-824b-4288-bf3e-fc9e29f16dae", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8d5831df-85b4-49dd-ac0e-a65280af1025", "target_ref": "x-misp-object--0475bcfd-dcdf-44d2-87b0-2083883a290c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dc8d491e-db81-4978-b7ec-f8a2e753a000", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2bd61b04-6327-416d-b613-a56d7c4a6dfe", "target_ref": "x-misp-object--610984d9-b024-4156-9823-26b761e17e15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07d525aa-eeb7-4704-b466-72b58fcac900", "created": "2018-04-17T09:38:27.000Z", "modified": "2018-04-17T09:38:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7bebd57c-bb57-4da1-a8b1-97fb53694f80", "target_ref": "x-misp-object--4d3f77ed-8659-4a4c-8a0f-65c772c7a7fe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe96a059-208e-46d4-8daa-9617f5c4b209", "created": "2018-04-17T09:38:28.000Z", "modified": "2018-04-17T09:38:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b91d5808-92ad-4fa7-9b4d-7348cc563091", "target_ref": "x-misp-object--7994aa0e-7f14-4988-8820-5ffe04a261d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--add13a8b-139a-4e1d-b9c8-1adf035d0423", "created": "2018-04-17T09:38:28.000Z", "modified": "2018-04-17T09:38:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f46250f9-0e9b-4e25-9bee-b06e384c3a53", "target_ref": "x-misp-object--c4796178-b6f0-433b-96a2-9b72e558e59a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef8938da-9aac-41a7-b1f0-ab247a884772", "created": "2018-04-17T09:38:28.000Z", "modified": "2018-04-17T09:38:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--911c04f4-f1f2-44c4-8242-c69e588493f0", "target_ref": "x-misp-object--d436e73b-9629-4c08-988b-73650cd12315" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9e574553-a812-4982-b999-b4ba14e6e882", "created": "2018-04-17T09:38:28.000Z", "modified": "2018-04-17T09:38:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c878521d-9b6b-4046-a3d2-fc9798c3c8df", "target_ref": "x-misp-object--03a28507-7341-429a-afef-14f0e4faeae6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--faca5f54-ad71-4778-b4e8-072a9e2c2d81", "created": "2018-04-17T09:38:28.000Z", "modified": "2018-04-17T09:38:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ac554dac-0487-4973-be4d-4d2efbcfc1b9", "target_ref": "x-misp-object--49e363d6-17fc-41dc-b434-a102e236ceba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42ddd102-4d32-441e-bce7-938668afd3bc", "created": "2018-04-17T09:38:28.000Z", "modified": "2018-04-17T09:38:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7606e8b5-261a-40ea-99e1-383c9a1c85f7", "target_ref": "x-misp-object--a0ebe82c-5513-4e78-9d9c-2b1ee9be03c0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--caf6e812-4d5c-40dd-aa35-5c46d984b164", "created": "2018-04-20T09:11:01.000Z", "modified": "2018-04-20T09:11:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3e803fec-57d0-4a64-bffa-8c406bfa4df8", "target_ref": "x-misp-object--1d03fb64-13be-4f35-87e1-ad4700b35b8c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f56342a-d674-486d-8bcc-06dc7ba5a439", "created": "2018-04-20T09:11:01.000Z", "modified": "2018-04-20T09:11:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d4884a7-3654-4522-9024-5916811aa592", "target_ref": "x-misp-object--b4b37264-5f7b-43ed-9857-782b9d942a9d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ab50b46-f2d0-41ae-9f61-68b3bddfd360", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b5665818-45ad-4e55-872a-d64f9564f57c", "target_ref": "x-misp-object--e2c5a4be-2cfe-4eed-8a62-52f5a8918745" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--209cf88c-b085-47e6-aff4-d27de4c98d21", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ce15aa39-ec50-4981-8929-3019908b5ceb", "target_ref": "x-misp-object--00da20c8-dd00-4c56-bfb0-46add8af6839" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7c18ce0f-daa3-4140-a0c5-baa6fc5a000b", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c88e6ef-671c-48e1-a0d0-9932be1a8cc5", "target_ref": "x-misp-object--452c6b20-11a0-41ca-bc89-a8e7de5f2779" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4afe1863-d22f-45eb-8123-9fbb9ac9be20", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f128ac41-042d-495c-939c-11d3d83d1b19", "target_ref": "x-misp-object--05cc5c9e-5cf4-406f-8a8e-c7653cb7dcb5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e2a8059-f97a-41e4-bf41-5e2d6385c410", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e0f188cf-3ab6-4014-9327-4c09757acf99", "target_ref": "x-misp-object--08068585-edc1-40fa-a64d-5080ad1e0311" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--038f31fb-d469-4091-b062-d5a72c5bdbce", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--efdd79ca-bfbd-425d-816a-1de5a615d4f8", "target_ref": "x-misp-object--ee5376c5-6962-420f-aec1-e6ac03cf5ab3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28ca564e-d12b-4904-b929-261f8c9c5c10", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--513cd9b4-6715-4444-81de-c6d9f0a86318", "target_ref": "x-misp-object--f7d51df1-5efb-42cb-891d-24f914eb835f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--135ccc68-5485-4e0c-8914-51146c90c553", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8009eae4-08fe-4674-8c61-3d790fdeb86a", "target_ref": "x-misp-object--13ef15ad-c73c-4ae3-b7bb-4827d33f81f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ada07c3b-a88a-4b14-b923-8cba90ae9330", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f1f3104e-c6b4-4111-a006-5c69509c7f75", "target_ref": "x-misp-object--b7e219d4-82e9-40f3-9812-d833f1c4bf60" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a57bcd3-e5f8-43c3-9fb8-8616f1ceaac2", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--73ac235c-e3db-4617-a968-47e2ea6f6b8b", "target_ref": "x-misp-object--279cd6bd-aa55-47a5-af76-2826253108bc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf994441-bebf-4601-a9f9-7c3b76d022cf", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e2119423-0173-4009-b875-e913f911653d", "target_ref": "x-misp-object--47f144bd-561a-4e14-b508-d7313f28add9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bfd0ffb7-7131-41db-b3d2-9b31e5fee4d6", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--526cfc6f-1c12-422e-89ba-f6de05aab48f", "target_ref": "x-misp-object--42544fa3-e8aa-4f6b-8869-2b12571c968f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf5a292f-4bd2-4ede-976d-26913079537b", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68952c57-5f30-4f16-b04a-6cadc596e4c6", "target_ref": "x-misp-object--0745ebfe-aea5-421a-8e0f-0c298339d924" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7a5a239-a0cd-4988-8544-9a34a537837a", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7d22be2e-b385-4542-bafd-8cda3281f8af", "target_ref": "x-misp-object--6c18a448-9381-44bb-b7ba-97b81413fc84" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--020ad898-b9ee-4383-abb6-9b3525946f5e", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b0b5debd-236b-418d-8531-a3bca58059e6", "target_ref": "x-misp-object--4d5cd1b8-e117-411c-afae-a3d69e619e90" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--69d0921d-a87b-45f7-80ef-408454f83ded", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aa497e72-a431-479b-8077-5ac653a7ef21", "target_ref": "x-misp-object--451113c2-f016-43ed-a80e-dd42f3b61bf3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b285eef2-3fb0-4349-8f9f-6f639e6e1708", "created": "2018-04-20T09:11:02.000Z", "modified": "2018-04-20T09:11:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1283755-9512-4fb4-952b-2f4d65e1281e", "target_ref": "x-misp-object--24d66f9a-7b0a-4668-8c5c-6ca6050b9148" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d236ce7d-71d2-4b5e-b21a-36f931b31932", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9942e1a6-6aff-4d41-9c65-ac96ad725488", "target_ref": "x-misp-object--ea2d92b0-2297-4284-9a47-20f003e7649f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81579c54-bc54-4aaa-a67e-6d1369e5f0d7", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ef41bd1f-8663-4df6-a8f0-a32f05ee2929", "target_ref": "x-misp-object--c7efea86-38e8-48f9-bbf4-7ed8e0cccd7d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--51230d4e-cea6-49ab-ae2f-e779cb11cddf", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--40076ee5-8c95-4b32-830d-016ea2cebaf2", "target_ref": "x-misp-object--1b50d528-62f5-4f78-9df4-40a2e5a095bd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3196631f-3022-4574-86f8-bc4e1c4d4ebb", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c4ce6a07-a96e-491d-912d-93b9c2853c3b", "target_ref": "x-misp-object--35102d8f-3918-45f0-b06f-e56249794342" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--53e8f7fe-3648-4b3f-b3e4-a391d57f5c7b", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f93d9038-ecd3-4445-86e9-3887a797a5b7", "target_ref": "x-misp-object--5c3c3c27-41c9-4498-be03-8b7e20ef7a01" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d986c8d-2db3-4386-bcc2-dd51a33acc6f", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4a801296-d29c-4f5f-8b79-cb38789995ae", "target_ref": "x-misp-object--b23c1243-8546-43e6-b6ac-bdc9a52e5bd4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--965d3af2-3368-4da5-844d-9eee5ecc55cc", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9b13b31-1a5d-4a7e-a46f-d8dea222c73f", "target_ref": "x-misp-object--edd1a003-7c62-43a9-a8a4-f00159990874" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--070410de-66a1-4633-99ef-b61df4940502", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9766aaf4-2b4d-42a8-b271-07a8430ff750", "target_ref": "x-misp-object--9f9e8c03-a143-42d7-b717-70ed7682d916" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4bafb045-f7ef-4538-90e1-4f24116de787", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--de30466c-306a-4ff8-a134-3016bd00c2da", "target_ref": "x-misp-object--d77bdd19-aec1-4b36-b72e-1d67bb46e2ee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81ce73bd-d3bd-41b9-8f07-a3641f881829", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--be24abb2-78bb-4d0a-9dff-b8d9d47ac518", "target_ref": "x-misp-object--7988c9d7-a714-433c-a302-4a38a99896d7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce8ce892-f29c-4595-8c72-0aecb696eb6d", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ff8766ca-b4b6-4c3d-a8db-7c64fa5d5166", "target_ref": "x-misp-object--82da5b6c-dc6e-4612-be44-ee4bbd7a65e8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8808f900-2a29-48dc-9bc0-af5449359460", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c33e937c-3313-4bd8-9d42-8a213ad27271", "target_ref": "x-misp-object--a9affe73-79d3-46e1-9175-550e62f9d545" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--748cd53e-1f6a-4849-9cb0-c7bc607c0d6d", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5e70ded6-3a06-4520-86d4-77316815da01", "target_ref": "x-misp-object--a6d5940d-d687-4031-89c7-d527a7cb1083" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26258908-c658-4c4e-9893-aea1f115b707", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--31abe87c-b601-4581-ba6c-55e716214d8e", "target_ref": "x-misp-object--d6f9fda9-bb3e-4a6d-951a-ef2b7b91810b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1bd70fd0-33ae-4fd0-aa1f-a42ca15ad001", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ea39a79f-3211-4917-8ba8-11798108d030", "target_ref": "x-misp-object--36ca324b-a75e-40dc-a318-a368d201799b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--05862f52-70e4-4d45-9e46-0e63b2d29596", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ba5fa1e3-8824-42b7-8158-8885efa936dc", "target_ref": "x-misp-object--4b6521e7-b216-4bb7-8b2e-d03294f7a176" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--378e42d6-c4bc-4042-8d93-1c9f226250c6", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--049ddb48-7266-48ef-946e-c19acf93d44b", "target_ref": "x-misp-object--44a5a106-6496-434f-837c-f4b710cbcfac" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7a80a60-399f-4afb-94ef-5e6bc8fe9917", "created": "2018-04-20T09:11:03.000Z", "modified": "2018-04-20T09:11:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--797ea4f5-30c7-40ac-baf6-28db7149f503", "target_ref": "x-misp-object--1086f8ba-2d76-4d9b-b26a-5e18c595f194" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4aaa0ce7-6ad0-4cc9-abaa-1c3570cc69fb", "created": "2018-04-20T09:11:04.000Z", "modified": "2018-04-20T09:11:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0ed8ca28-2829-4ca6-ba71-03b2a41bf521", "target_ref": "x-misp-object--d249aa60-eb0b-4861-a6b4-87b813998e73" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52ef5097-3b58-4725-a960-446af5dbbabf", "created": "2018-04-20T09:11:04.000Z", "modified": "2018-04-20T09:11:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a91eac4f-7259-4a12-8838-2b0f051d6696", "target_ref": "x-misp-object--6088b568-f7ad-4a41-a8d8-d4522a466ac9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1a9ecc6-d719-4abd-a72a-88c2c00d02c1", "created": "2018-04-20T09:11:04.000Z", "modified": "2018-04-20T09:11:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e6ea2fd2-8462-4e6f-9a19-cce766827d36", "target_ref": "x-misp-object--16acc5bd-90ec-431b-bbca-953b2b06ece8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9907b336-191f-42d5-b6dd-361499352194", "created": "2018-04-20T09:11:04.000Z", "modified": "2018-04-20T09:11:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ecdf5094-5fc6-44c6-8c47-412f3bb5b255", "target_ref": "x-misp-object--98a86f21-1cc1-4708-9b3e-74e14dfe7f48" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a77c48cb-c716-42c0-8fe4-ddf6224e9f79", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--77cfb676-5e8d-4566-84e1-4e6817db2990", "target_ref": "x-misp-object--f604786f-c9dd-4c19-ab31-aa89044f4a1b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d935b4cc-8519-48de-8382-f2d925e5230e", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--96745ec9-e044-4f68-a3cb-383e0fa9f872", "target_ref": "x-misp-object--b55b4b48-6ba3-44f3-b8da-903bfd98ea29" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d617596-53b1-4e66-8793-a6f5f743abbb", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3f85b4db-24d4-40a8-a7d8-71d30219b53e", "target_ref": "x-misp-object--c55b37c5-82e6-4fc8-a929-4118f95504af" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b2d39f84-1e7c-4057-b0b5-613cb8ed4e08", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1852f268-9a82-42b0-8a9e-d7e52d16abbd", "target_ref": "x-misp-object--f6ec3f23-3273-49b5-8dea-910fbcf248b5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f82d3c1-c248-463c-9aa7-2809da1d12d7", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--37bf3b5d-cb41-409f-94e9-f50be725a4af", "target_ref": "x-misp-object--f354861e-6452-4a92-a456-69b235657f4d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57694c3f-1744-4be3-b79a-35163541f52e", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fd71e68d-d005-441d-8ee0-7b5c1812bf8b", "target_ref": "x-misp-object--4c74c847-cc7b-492c-87b0-f33694b4c6ec" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--625d9913-a809-4814-a083-03324a2e4895", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--139196f6-be99-47ed-b809-73d2853fa944", "target_ref": "x-misp-object--0a753999-8af3-41ac-8ddd-dcc50453ed70" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d2bdc5ee-f71a-4974-9ab5-a75b8b28de47", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cc2b374f-3d33-44e7-a28a-aa0e6581036e", "target_ref": "x-misp-object--78ef6597-c29d-407c-90da-5c9ac51c0d20" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a06749b2-1709-4f37-b7d4-7ba99e6753e4", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2b1058c5-64f7-4e3b-a392-29bf82262d28", "target_ref": "x-misp-object--d46ebad3-0ea9-4fa6-9449-2ed4fd77bda5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d98e633-924c-43f1-b1e4-3e944149facc", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a2904375-8986-41ef-b6b7-4cafbad88a0e", "target_ref": "x-misp-object--dd8685d4-ae68-4e10-9a02-4ff2a38bd092" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f07dd15-ee89-49cb-a258-fab361cee96b", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--61c11e5f-54fb-43cc-9485-ccf4f7f6c41a", "target_ref": "x-misp-object--23867c24-4af9-4a2f-bedc-dda5c1b39c75" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c004e09f-b56b-4385-8250-4e2479a959f0", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--964d2d64-c17a-4c3e-91bd-80776bc6644f", "target_ref": "x-misp-object--6c20a0c5-39a6-49c9-aaf2-9fb0b1938633" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7462081-7acc-4d50-b4d3-1011bacc38bb", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9393f4f9-b9fc-416b-92bd-4c090307ae39", "target_ref": "x-misp-object--f22c7776-6135-4800-9901-5a4de6adee83" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fc9d5ecc-1f2b-4c98-8017-75c89cce4cd8", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c97afdae-f971-4e34-8ce8-c3f0151f6e38", "target_ref": "x-misp-object--395fc03d-627f-47dd-a7db-71cf2e558e15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12540011-b625-4a22-b5b1-9e35237ea9ca", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e1867223-f5e0-4877-a819-9612307f3867", "target_ref": "x-misp-object--c3feebd9-263b-4900-a98c-8bec8b9440f8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cde331f3-334a-400b-8ace-e0153a592f2f", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b805ea51-f04a-4f6a-8ecf-c9ec51fa83cb", "target_ref": "x-misp-object--15222292-8bfb-4e86-91fa-b0e4ec0adc58" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dffb6cee-b0dd-4df8-bb04-7c2d4a3c5813", "created": "2018-04-20T09:11:05.000Z", "modified": "2018-04-20T09:11:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eb42f6f1-2c60-490e-8e04-79cdc4144a37", "target_ref": "x-misp-object--8c0ecebc-54db-4732-b8e6-8a3e388aadaf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--939e6a4b-f100-4e8f-a10d-997cf4a053f7", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7967e5b8-00eb-4320-9412-e01a082c07ec", "target_ref": "x-misp-object--7300f602-1abc-44a4-9093-a7e2165d7a91" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3aedfded-61eb-473f-9a65-bb97547139da", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6007d8cd-f034-477a-9e08-2fd715e5e884", "target_ref": "x-misp-object--27e7462f-edef-4bff-b8fc-d526b1399b40" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aa4aaa65-38d8-4acd-b5a5-056ede1eb3b3", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--04a6579c-e5e5-4b9f-8941-c896ddbea402", "target_ref": "x-misp-object--3c579ecb-1bdd-491f-bcae-9aeb77253f1d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60b24de9-899f-4a40-8a57-5eaeb45702db", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--95c00602-db58-40f5-91c5-3b5abeb62f34", "target_ref": "x-misp-object--5ef6db2d-f867-495b-9515-aee0b0c69572" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--94383110-b42e-4380-9a73-55027a006730", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--927a32d1-3581-4660-a7cb-b3b983b1d2b6", "target_ref": "x-misp-object--f5e79c89-6ae1-40b3-8d64-7ccc44962818" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1efacc8-9258-410c-81a9-9032d5e87c06", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--33ada061-a11c-4b80-bfe1-2a219c8b4216", "target_ref": "x-misp-object--4d75191a-9322-46a4-8bb1-28edd400300e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb6950f5-76fb-4356-ad87-8feb0630b50d", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--231da622-eca5-46f9-8b3d-7a60271bbf5a", "target_ref": "x-misp-object--d8b83106-c718-4884-bc69-e1ec3157b231" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1b57363-70cf-417e-a093-879f91a3739d", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--900b2299-4d91-4311-8eb6-3d8dcde3c53e", "target_ref": "x-misp-object--ba9454c8-868b-4c61-99a5-7f1c6eaba02e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6afe942f-362c-4089-909b-b9d4bdd54823", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--123260f2-c093-487a-8da6-0a38a26956b0", "target_ref": "x-misp-object--52bb8f52-813c-42b9-b810-935626ee2a80" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--daf04e6b-ea75-4c54-977c-5bf8c5db562e", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b9967b9a-c9d0-48cf-8c84-d7527995794e", "target_ref": "x-misp-object--bf02e3cf-264a-406b-bafe-860ff8d96eae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4434af00-fd20-4c0d-ab23-e74866bd576d", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1aa193f1-c768-4a16-a2cb-0c0381dba191", "target_ref": "x-misp-object--6bd8fb6f-dd9f-4d3f-aa56-e4c18e904991" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0c1ac63-454d-4ed9-92b7-518b577f7528", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--67459c2e-6974-4168-a4bb-0c94041b7a1c", "target_ref": "x-misp-object--d2ae4a97-361c-42ac-90f2-42867b1bec12" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ebf0a78a-2de3-43e9-ae93-511d5f0c54a0", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7ee2136a-174e-41ca-8e77-c55b330a2d7d", "target_ref": "x-misp-object--4dcb2323-6adc-4e6f-9a4c-4da633df6bfa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c92b03c-c40c-4cf0-82e3-bbf5d6d31fe9", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a558cc1a-df6e-4ddd-bd8c-694a27a2e298", "target_ref": "x-misp-object--ff7f2a21-2be3-447a-9137-7fd1eb8a7100" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62b3b9fd-4702-4916-96a6-6fe3d0c3a2f8", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--966e7ca9-3fb4-4d2a-8c16-b8911848b40b", "target_ref": "x-misp-object--6b683fae-c19a-4048-a4df-87877482042a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9bd4745c-6bf1-4f7d-b795-d636f4963f08", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--871505a5-67b3-4e0e-a061-771e9e689bf3", "target_ref": "x-misp-object--da838904-52a0-4aba-a34c-444c519ca9e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7c37368d-8c70-4452-8fe4-cb57da87dfee", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b1c027bf-e678-4107-9332-782883a20df5", "target_ref": "x-misp-object--e18d455e-9797-4cfd-bc4e-7f58784671eb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82430df2-aeb0-42b5-a2b7-5174d17a18db", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2eaac486-82b0-49c2-8dc7-c0e0d1334bc5", "target_ref": "x-misp-object--4880b0ee-33df-4e81-8a32-8f53fabe84e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07881c0c-80b2-4b55-94fa-cb5d91e9e78e", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f74b8766-0e2c-48dd-97fe-7a6bcbd3683f", "target_ref": "x-misp-object--d5e5151a-6fe7-4aea-8c1b-f384641f3de1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--122de45c-9197-40ec-8588-7126d54c0516", "created": "2018-04-20T09:11:06.000Z", "modified": "2018-04-20T09:11:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5e508395-c56b-44f3-8d8f-c27378c24948", "target_ref": "x-misp-object--91d65c73-3c78-4c78-9b43-04795a21d2dc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7aeba813-f3fb-43d8-943a-4244ca865e96", "created": "2018-04-20T09:11:07.000Z", "modified": "2018-04-20T09:11:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ce1148cb-ccbb-4534-a264-987b0a02387e", "target_ref": "x-misp-object--7b05f522-f1e9-4890-b0bc-3dcbcd58388e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a45bf289-8b62-4f86-b88e-e50e74649af6", "created": "2018-04-20T09:11:07.000Z", "modified": "2018-04-20T09:11:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8ed19c62-1efa-47b5-bd86-5ce3ea96eea3", "target_ref": "x-misp-object--ba0df232-2b85-4c6e-ad5f-0bf6e12cc26a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc0eae47-e388-493d-8a74-a19c42f19111", "created": "2018-04-20T09:11:07.000Z", "modified": "2018-04-20T09:11:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c750f8a8-1526-41bf-9e8c-3ac273664df7", "target_ref": "x-misp-object--1d1ce1a4-cf6c-4dee-83fd-c67c479b0e7b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1caade4-3d01-4c10-940c-578815f57742", "created": "2018-04-20T09:11:07.000Z", "modified": "2018-04-20T09:11:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0b93c146-e37e-43df-8900-5c0faf08a5f5", "target_ref": "x-misp-object--066ffd6c-1f8a-4876-b8e7-4c6c950c58d8" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }