{ "type": "bundle", "id": "bundle--560c1c35-fd9c-4fb4-9a93-801b950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:43:42.000Z", "modified": "2015-10-01T06:43:42.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--560c1c35-fd9c-4fb4-9a93-801b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:43:42.000Z", "modified": "2015-10-01T06:43:42.000Z", "name": "OSINT When ELF.BillGates met Windows by Arkoon+Netasq", "published": "2015-10-01T06:43:46Z", "object_refs": [ "observed-data--560c1c4d-a4bc-49c3-b22d-6789950d210b", "url--560c1c4d-a4bc-49c3-b22d-6789950d210b", "indicator--560c1c8f-05a8-4724-a235-6789950d210b", "indicator--560c1cc4-0984-4576-9d59-8024950d210b", "indicator--560c1cc4-ff38-43cc-9b05-8024950d210b", "indicator--560c1cc5-debc-4000-8253-8024950d210b", "indicator--560c1cc5-7154-4873-be3b-8024950d210b", "indicator--560c1cc5-4784-49b1-8ed0-8024950d210b", "indicator--560c1d2a-5ffc-4e83-99cc-8022950d210b", "indicator--560c1d2a-2eac-4b6a-a9f1-8022950d210b", "indicator--560c1d2a-e788-42d7-baa6-8022950d210b", "indicator--560c1d2b-38a4-4e2f-85f6-8022950d210b", "indicator--560c1d2b-eb64-4fdb-a51d-8022950d210b", "indicator--560c1d2c-0570-40c3-acf4-8022950d210b", "indicator--560c1d2c-3d98-427a-a61e-8022950d210b", "indicator--560c1d2c-488c-414f-a771-8022950d210b", "indicator--560c1d45-63bc-4f07-9ccc-6221950d210b", "indicator--560c1d46-86e4-4032-bb59-6221950d210b", "indicator--560c1d46-9364-41b3-8509-6221950d210b", "indicator--560c1d47-284c-410b-b4fe-6221950d210b", "indicator--560c1d47-0584-458b-9819-6221950d210b", "indicator--560c1d48-fbb8-4978-ab44-6221950d210b", "indicator--560c1d48-4e78-45cb-9ad5-6221950d210b", "indicator--560c1d49-b02c-4db0-947d-6221950d210b", "indicator--560cd0e5-96f8-4be7-8853-801c950d210b", "indicator--560cd0e6-145c-4336-bc21-801c950d210b", "observed-data--560cd0e6-188c-463c-82f3-801c950d210b", "url--560cd0e6-188c-463c-82f3-801c950d210b", "indicator--560cd0e7-f514-4c7b-a757-801c950d210b", "indicator--560cd0e7-86e4-4368-9656-801c950d210b", "observed-data--560cd0e7-0238-4fe1-aa85-801c950d210b", "url--560cd0e7-0238-4fe1-aa85-801c950d210b", "indicator--560cd0e8-fc38-4565-bfa5-801c950d210b", "indicator--560cd0e8-d208-4923-be9a-801c950d210b", "observed-data--560cd0e8-ec74-42f0-8c16-801c950d210b", "url--560cd0e8-ec74-42f0-8c16-801c950d210b", "indicator--560cd0e9-bbac-415b-8d4d-801c950d210b", "indicator--560cd0e9-7c40-4d41-867e-801c950d210b", "observed-data--560cd0e9-2480-4d1f-a35e-801c950d210b", "url--560cd0e9-2480-4d1f-a35e-801c950d210b", "indicator--560cd0ea-9750-4a76-b276-801c950d210b", "indicator--560cd0ea-bd54-40a5-a3e1-801c950d210b", "observed-data--560cd0eb-2448-4924-b638-801c950d210b", "url--560cd0eb-2448-4924-b638-801c950d210b", "indicator--560cd0eb-6f80-44f2-8ed5-801c950d210b", "indicator--560cd0eb-41a0-4f9e-8af9-801c950d210b", "observed-data--560cd0ec-efa0-4a7d-9277-801c950d210b", "url--560cd0ec-efa0-4a7d-9277-801c950d210b", "indicator--560cd0ec-8744-4dfe-a85c-801c950d210b", "indicator--560cd0ec-3004-43cc-bbe5-801c950d210b", "observed-data--560cd0ed-f9c0-43ad-a544-801c950d210b", "url--560cd0ed-f9c0-43ad-a544-801c950d210b", "indicator--560cd0ed-59f4-4152-941e-801c950d210b", "indicator--560cd0ed-2fcc-4467-bfa6-801c950d210b", "observed-data--560cd0ee-9928-43e5-b9e1-801c950d210b", "url--560cd0ee-9928-43e5-b9e1-801c950d210b", "indicator--560cd0ee-53b4-491e-abdb-801c950d210b", "indicator--560cd0ee-d8e8-438b-a5e8-801c950d210b", "observed-data--560cd0ef-0258-4b9b-9c61-801c950d210b", "url--560cd0ef-0258-4b9b-9c61-801c950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560c1c4d-a4bc-49c3-b22d-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:30:53.000Z", "modified": "2015-09-30T17:30:53.000Z", "first_observed": "2015-09-30T17:30:53Z", "last_observed": "2015-09-30T17:30:53Z", "number_observed": 1, "object_refs": [ "url--560c1c4d-a4bc-49c3-b22d-6789950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560c1c4d-a4bc-49c3-b22d-6789950d210b", "value": "http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1c8f-05a8-4724-a235-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:31:59.000Z", "modified": "2015-09-30T17:31:59.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '4b14d7aca890642c3e269b75953e65cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:31:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1cc4-0984-4576-9d59-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:32:52.000Z", "modified": "2015-09-30T17:32:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '39.109.0.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:32:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1cc4-ff38-43cc-9b05-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:32:52.000Z", "modified": "2015-09-30T17:32:52.000Z", "pattern": "[domain-name:value = 'say.f322.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:32:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1cc5-debc-4000-8253-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:32:53.000Z", "modified": "2015-09-30T17:32:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.82.184.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:32:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1cc5-7154-4873-be3b-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:32:53.000Z", "modified": "2015-09-30T17:32:53.000Z", "pattern": "[domain-name:value = 'mou521.f3322.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:32:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1cc5-4784-49b1-8ed0-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:32:53.000Z", "modified": "2015-09-30T17:32:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.231.45.171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:32:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2a-5ffc-4e83-99cc-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:34.000Z", "modified": "2015-09-30T17:34:34.000Z", "description": "Win32.BillGates", "pattern": "[file:hashes.MD5 = 'fb7e7b5c35bb5311acc8139350344878']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2a-2eac-4b6a-a9f1-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:34.000Z", "modified": "2015-09-30T17:34:34.000Z", "description": "Win32.BillGates", "pattern": "[file:hashes.MD5 = '51f00e56b4ef21e6b7d6685ca3fbad1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2a-e788-42d7-baa6-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:34.000Z", "modified": "2015-09-30T17:34:34.000Z", "description": "Win32.BillGates", "pattern": "[file:hashes.MD5 = 'f864867f277330f81669a7c90fb6a3f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2b-38a4-4e2f-85f6-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:35.000Z", "modified": "2015-09-30T17:34:35.000Z", "description": "Win32.BillGates", "pattern": "[file:hashes.MD5 = 'c32f27eaadda31c36e32e97c481771c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2b-eb64-4fdb-a51d-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:35.000Z", "modified": "2015-09-30T17:34:35.000Z", "description": "Win32.BillGates", "pattern": "[file:hashes.MD5 = '8e9e4da1272f0b637917201443fcbd0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2c-0570-40c3-acf4-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:36.000Z", "modified": "2015-09-30T17:34:36.000Z", "description": "Win32.BillGates infected by Win32.Virut:", "pattern": "[file:hashes.MD5 = '93fe8980c6279c090924e8669b0cb582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2c-3d98-427a-a61e-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:36.000Z", "modified": "2015-09-30T17:34:36.000Z", "description": "Win32.BillGates infected by Win32.Virut:", "pattern": "[file:hashes.MD5 = '2130df6f7817c86890a5e922f99430a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d2c-488c-414f-a771-8022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:34:36.000Z", "modified": "2015-09-30T17:34:36.000Z", "description": "Win32.BillGates infected by Win32.Parite", "pattern": "[file:hashes.MD5 = '129877bf0cbc9b8239c674810675f6f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:34:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d45-63bc-4f07-9ccc-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:01.000Z", "modified": "2015-09-30T17:35:01.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\DbSecuritySpt.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d46-86e4-4032-bb59-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:02.000Z", "modified": "2015-09-30T17:35:02.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\svch0st.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d46-9364-41b3-8509-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:02.000Z", "modified": "2015-09-30T17:35:02.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\agony.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d47-284c-410b-b4fe-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:03.000Z", "modified": "2015-09-30T17:35:03.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\agony.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d47-0584-458b-9819-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:03.000Z", "modified": "2015-09-30T17:35:03.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\DNSProtection.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d48-fbb8-4978-ab44-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:04.000Z", "modified": "2015-09-30T17:35:04.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\Windows Media Player\\\\DNSSupport.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d48-4e78-45cb-9ad5-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:04.000Z", "modified": "2015-09-30T17:35:04.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\NPF.sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c1d49-b02c-4db0-947d-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T17:35:05.000Z", "modified": "2015-09-30T17:35:05.000Z", "pattern": "[file:name = '\\\\%PROGRAMFILES\\\\%\\\\DbSecuritySpt\\\\packet.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T17:35:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e5-96f8-4be7-8853-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:25.000Z", "modified": "2015-10-01T06:21:25.000Z", "description": "Win32.BillGates infected by Win32.Parite - Xchecked via VT: 129877bf0cbc9b8239c674810675f6f7", "pattern": "[file:hashes.SHA256 = '2f1ae7942df4f4d47a569e20913fe9107caa14bfd89b08925473f6536acbc6a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e6-145c-4336-bc21-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:26.000Z", "modified": "2015-10-01T06:21:26.000Z", "description": "Win32.BillGates infected by Win32.Parite - Xchecked via VT: 129877bf0cbc9b8239c674810675f6f7", "pattern": "[file:hashes.SHA1 = '8d51d194aab4727ff3469b8b4e1486a39f84d6f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0e6-188c-463c-82f3-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:26.000Z", "modified": "2015-10-01T06:21:26.000Z", "first_observed": "2015-10-01T06:21:26Z", "last_observed": "2015-10-01T06:21:26Z", "number_observed": 1, "object_refs": [ "url--560cd0e6-188c-463c-82f3-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0e6-188c-463c-82f3-801c950d210b", "value": "https://www.virustotal.com/file/2f1ae7942df4f4d47a569e20913fe9107caa14bfd89b08925473f6536acbc6a3/analysis/1432574759/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e7-f514-4c7b-a757-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:27.000Z", "modified": "2015-10-01T06:21:27.000Z", "description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 2130df6f7817c86890a5e922f99430a3", "pattern": "[file:hashes.SHA256 = 'd7efd8ab33fe77b689968ef3fe790ed7939624c754a455ce512fe5bb67be732f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e7-86e4-4368-9656-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:27.000Z", "modified": "2015-10-01T06:21:27.000Z", "description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 2130df6f7817c86890a5e922f99430a3", "pattern": "[file:hashes.SHA1 = '8531f1e1b3d2ee15af6ed3ab5b4a804773650d25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0e7-0238-4fe1-aa85-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:27.000Z", "modified": "2015-10-01T06:21:27.000Z", "first_observed": "2015-10-01T06:21:27Z", "last_observed": "2015-10-01T06:21:27Z", "number_observed": 1, "object_refs": [ "url--560cd0e7-0238-4fe1-aa85-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0e7-0238-4fe1-aa85-801c950d210b", "value": "https://www.virustotal.com/file/d7efd8ab33fe77b689968ef3fe790ed7939624c754a455ce512fe5bb67be732f/analysis/1439312871/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e8-fc38-4565-bfa5-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:28.000Z", "modified": "2015-10-01T06:21:28.000Z", "description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 93fe8980c6279c090924e8669b0cb582", "pattern": "[file:hashes.SHA256 = '9dc3068a321b41def24dca518b07a717a633a84d953f9e6d6bd94be2e21e8e98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e8-d208-4923-be9a-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:28.000Z", "modified": "2015-10-01T06:21:28.000Z", "description": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 93fe8980c6279c090924e8669b0cb582", "pattern": "[file:hashes.SHA1 = 'a80fbe481dfab7d0f4a9e11f649f6863a6b8a844']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0e8-ec74-42f0-8c16-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:28.000Z", "modified": "2015-10-01T06:21:28.000Z", "first_observed": "2015-10-01T06:21:28Z", "last_observed": "2015-10-01T06:21:28Z", "number_observed": 1, "object_refs": [ "url--560cd0e8-ec74-42f0-8c16-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0e8-ec74-42f0-8c16-801c950d210b", "value": "https://www.virustotal.com/file/9dc3068a321b41def24dca518b07a717a633a84d953f9e6d6bd94be2e21e8e98/analysis/1424121957/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e9-bbac-415b-8d4d-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:29.000Z", "modified": "2015-10-01T06:21:29.000Z", "description": "Win32.BillGates - Xchecked via VT: 8e9e4da1272f0b637917201443fcbd0a", "pattern": "[file:hashes.SHA256 = 'aa068ca86fd9ec4e29d3bf00c7d99a3039f04f701e358e31ee98e5c48c09cc7a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0e9-7c40-4d41-867e-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:29.000Z", "modified": "2015-10-01T06:21:29.000Z", "description": "Win32.BillGates - Xchecked via VT: 8e9e4da1272f0b637917201443fcbd0a", "pattern": "[file:hashes.SHA1 = '4367ae72e85d42e979c7faca87c0754e5aa9da41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0e9-2480-4d1f-a35e-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:29.000Z", "modified": "2015-10-01T06:21:29.000Z", "first_observed": "2015-10-01T06:21:29Z", "last_observed": "2015-10-01T06:21:29Z", "number_observed": 1, "object_refs": [ "url--560cd0e9-2480-4d1f-a35e-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0e9-2480-4d1f-a35e-801c950d210b", "value": "https://www.virustotal.com/file/aa068ca86fd9ec4e29d3bf00c7d99a3039f04f701e358e31ee98e5c48c09cc7a/analysis/1418116709/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ea-9750-4a76-b276-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:30.000Z", "modified": "2015-10-01T06:21:30.000Z", "description": "Win32.BillGates - Xchecked via VT: c32f27eaadda31c36e32e97c481771c9", "pattern": "[file:hashes.SHA256 = '8ad95441c528ab80226ad2bb4be5d921acb6818e97c3e793a05f2677e1591e24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ea-bd54-40a5-a3e1-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:30.000Z", "modified": "2015-10-01T06:21:30.000Z", "description": "Win32.BillGates - Xchecked via VT: c32f27eaadda31c36e32e97c481771c9", "pattern": "[file:hashes.SHA1 = '91c6e2ac9dce76bf8ee6bdb5ec58735a6bad98f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0eb-2448-4924-b638-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:31.000Z", "modified": "2015-10-01T06:21:31.000Z", "first_observed": "2015-10-01T06:21:31Z", "last_observed": "2015-10-01T06:21:31Z", "number_observed": 1, "object_refs": [ "url--560cd0eb-2448-4924-b638-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0eb-2448-4924-b638-801c950d210b", "value": "https://www.virustotal.com/file/8ad95441c528ab80226ad2bb4be5d921acb6818e97c3e793a05f2677e1591e24/analysis/1406118682/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0eb-6f80-44f2-8ed5-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:31.000Z", "modified": "2015-10-01T06:21:31.000Z", "description": "Win32.BillGates - Xchecked via VT: f864867f277330f81669a7c90fb6a3f4", "pattern": "[file:hashes.SHA256 = '6341eec9e0bdfad72ae6b05ae9e196539b15a8eb7eb2ece1ca79e93ac6f35e25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0eb-41a0-4f9e-8af9-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:31.000Z", "modified": "2015-10-01T06:21:31.000Z", "description": "Win32.BillGates - Xchecked via VT: f864867f277330f81669a7c90fb6a3f4", "pattern": "[file:hashes.SHA1 = '495bb971f973104a30a83d1f1e8739dc70181912']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0ec-efa0-4a7d-9277-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:32.000Z", "modified": "2015-10-01T06:21:32.000Z", "first_observed": "2015-10-01T06:21:32Z", "last_observed": "2015-10-01T06:21:32Z", "number_observed": 1, "object_refs": [ "url--560cd0ec-efa0-4a7d-9277-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0ec-efa0-4a7d-9277-801c950d210b", "value": "https://www.virustotal.com/file/6341eec9e0bdfad72ae6b05ae9e196539b15a8eb7eb2ece1ca79e93ac6f35e25/analysis/1403672511/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ec-8744-4dfe-a85c-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:32.000Z", "modified": "2015-10-01T06:21:32.000Z", "description": "Win32.BillGates - Xchecked via VT: 51f00e56b4ef21e6b7d6685ca3fbad1a", "pattern": "[file:hashes.SHA256 = '4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ec-3004-43cc-bbe5-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:32.000Z", "modified": "2015-10-01T06:21:32.000Z", "description": "Win32.BillGates - Xchecked via VT: 51f00e56b4ef21e6b7d6685ca3fbad1a", "pattern": "[file:hashes.SHA1 = 'c145e5e23cd95de4c0b521f0eb7ded59ba0a381e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0ed-f9c0-43ad-a544-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:33.000Z", "modified": "2015-10-01T06:21:33.000Z", "first_observed": "2015-10-01T06:21:33Z", "last_observed": "2015-10-01T06:21:33Z", "number_observed": 1, "object_refs": [ "url--560cd0ed-f9c0-43ad-a544-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0ed-f9c0-43ad-a544-801c950d210b", "value": "https://www.virustotal.com/file/4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441/analysis/1431436610/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ed-59f4-4152-941e-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:33.000Z", "modified": "2015-10-01T06:21:33.000Z", "description": "Win32.BillGates - Xchecked via VT: fb7e7b5c35bb5311acc8139350344878", "pattern": "[file:hashes.SHA256 = '0434ba4a0dc59bca819f7586f12f9ef0de83de28b37da9c83a0b12520d3ebbd1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ed-2fcc-4467-bfa6-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:33.000Z", "modified": "2015-10-01T06:21:33.000Z", "description": "Win32.BillGates - Xchecked via VT: fb7e7b5c35bb5311acc8139350344878", "pattern": "[file:hashes.SHA1 = '3038ca2fc80c4c90cd7909724a937e9890bc0203']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0ee-9928-43e5-b9e1-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:34.000Z", "modified": "2015-10-01T06:21:34.000Z", "first_observed": "2015-10-01T06:21:34Z", "last_observed": "2015-10-01T06:21:34Z", "number_observed": 1, "object_refs": [ "url--560cd0ee-9928-43e5-b9e1-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0ee-9928-43e5-b9e1-801c950d210b", "value": "https://www.virustotal.com/file/0434ba4a0dc59bca819f7586f12f9ef0de83de28b37da9c83a0b12520d3ebbd1/analysis/1424273883/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ee-53b4-491e-abdb-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:34.000Z", "modified": "2015-10-01T06:21:34.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 4b14d7aca890642c3e269b75953e65cb", "pattern": "[file:hashes.SHA256 = 'd241880aefef812b462153ae0f8ec079e8b56789f1c7547624e9406b74da12fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd0ee-d8e8-438b-a5e8-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:34.000Z", "modified": "2015-10-01T06:21:34.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 4b14d7aca890642c3e269b75953e65cb", "pattern": "[file:hashes.SHA1 = 'cb4271a5ed7cf66b1d508d3d7364c11280c1763d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:21:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd0ef-0258-4b9b-9c61-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:21:35.000Z", "modified": "2015-10-01T06:21:35.000Z", "first_observed": "2015-10-01T06:21:35Z", "last_observed": "2015-10-01T06:21:35Z", "number_observed": 1, "object_refs": [ "url--560cd0ef-0258-4b9b-9c61-801c950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd0ef-0258-4b9b-9c61-801c950d210b", "value": "https://www.virustotal.com/file/d241880aefef812b462153ae0f8ec079e8b56789f1c7547624e9406b74da12fd/analysis/1435885257/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }