{ "type": "bundle", "id": "bundle--5df0b000-ce20-4cee-89d6-1e9f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:19:39.000Z", "modified": "2019-12-11T09:19:39.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5df0b000-ce20-4cee-89d6-1e9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:19:39.000Z", "modified": "2019-12-11T09:19:39.000Z", "name": "OSINT - trickbot cashcore hashes", "published": "2019-12-11T09:19:52Z", "object_refs": [ "indicator--5df0b03b-e42c-4c15-ae50-412e950d210f", "indicator--5df0b03b-cd14-40ce-b472-4421950d210f", "indicator--5df0b03b-4b78-4d3c-997b-43cc950d210f", "indicator--5df0b03b-3f08-4c2d-8507-4c5a950d210f", "indicator--5df0b03b-d36c-4c63-a2c7-42ad950d210f", "indicator--5df0b03b-f384-4019-8151-4318950d210f", "indicator--5df0b03b-1f54-4e48-aab7-4f10950d210f", "indicator--5df0b03b-1034-4265-a7a8-4c3f950d210f", "indicator--5df0b03b-aa1c-4aab-8c4f-49b9950d210f", "indicator--5df0b03b-d8d8-41d5-87b2-4e71950d210f", "indicator--5df0b03b-7354-4e0d-bfc3-4c1b950d210f", "indicator--5df0b03c-57fc-4aa2-9a8e-4f83950d210f", "indicator--5df0b03c-c048-4978-bfd9-42ae950d210f", "indicator--5df0b03c-8128-44c8-8fb8-4353950d210f", "indicator--5df0b03c-b074-4407-a952-448e950d210f", "indicator--5df0b03c-f6b8-4023-b8d8-411f950d210f", "indicator--5df0b03c-6614-4bb1-8214-45c0950d210f", "indicator--5df0b03c-6bb8-4008-9b60-4074950d210f", "indicator--5df0b03c-d624-4417-8b7c-4ad1950d210f", "indicator--5df0b03c-5c4c-44d3-a372-4f31950d210f", "indicator--5df0b03c-8b84-41ef-89c9-4bfd950d210f", "indicator--5df0b03c-0764-4c59-a1ba-4781950d210f", "indicator--5df0b03c-c600-4652-b7e8-44ed950d210f", "indicator--5df0b03c-a578-414e-84da-40bc950d210f", "indicator--5df0b03c-83f0-407c-aea7-4901950d210f", "indicator--5df0b03c-645c-42ed-a0d5-445e950d210f", "indicator--5df0b03c-2890-44bb-83d0-46dc950d210f", "indicator--5df0b03c-29a0-428d-8258-45cc950d210f", "indicator--5df0b03c-46c8-415a-baa1-4e3f950d210f", "indicator--5df0b03c-4d34-4344-827b-48f6950d210f", "indicator--5df0b03c-76b0-4f02-bd23-4930950d210f", "indicator--5df0b03c-f73c-4780-9f0c-4fd8950d210f", "indicator--5df0b03c-aab4-4637-b433-4327950d210f", "indicator--5df0b03c-37a8-46f8-bffc-4d5a950d210f", "indicator--5df0b03c-46ec-47b7-a2e6-427e950d210f", "indicator--5df0b03c-4840-4cee-b55e-4ebd950d210f", "indicator--5df0b03c-f7d8-4537-bf89-40d7950d210f", "indicator--5df0b03c-f9b8-4bc2-bc9e-4bd3950d210f", "indicator--5df0b03c-d67c-4d61-8203-4c30950d210f", "indicator--5df0b03c-7284-4195-b9da-4a2d950d210f", "indicator--5df0b03c-e298-45b6-91de-4a3b950d210f", "indicator--5df0b03c-c700-417e-9513-4e7e950d210f", "indicator--5df0b03c-04e8-4bdd-8114-4cf9950d210f", "indicator--5df0b03c-b5a4-4d45-8bfa-42f7950d210f", "indicator--5df0b03c-4be4-4ae9-aed0-4307950d210f", "indicator--5df0b03c-1e80-4a6d-b6eb-4fd7950d210f", "indicator--5df0b03c-dca0-4339-a2a4-4a65950d210f", "indicator--5df0b03c-d534-4176-850f-4d0d950d210f", "indicator--5df0b03c-de1c-4824-ac34-4c1e950d210f", "indicator--5df0b03c-1748-420b-977e-442d950d210f", "indicator--5df0b03c-f76c-4172-9b77-4438950d210f", "indicator--5df0b03c-113c-4b19-ad6d-434c950d210f", "indicator--5df0b03c-d66c-4011-9935-4960950d210f", "indicator--5df0b03c-947c-44c1-abd8-459c950d210f", "indicator--5df0b03c-3378-4f3e-9124-4dcd950d210f", "indicator--5df0b03c-acac-4bfa-b48c-479e950d210f", "indicator--5df0b03c-8344-42d0-a6ae-4837950d210f", "indicator--5df0b03c-72b8-46f8-80c3-4402950d210f", "indicator--5df0b03c-0d7c-4f9a-884c-46f3950d210f", "indicator--5df0b03c-78c4-45ee-92b5-4f60950d210f", "indicator--5df0b03c-9c6c-459c-8998-4c05950d210f", "indicator--5df0b03c-b354-45ac-ab17-4b8b950d210f", "indicator--5df0b03c-b954-4b8f-a683-4b0e950d210f", "indicator--5df0b03c-c8f4-4776-acc7-49de950d210f", "indicator--5df0b03d-f794-4f85-b13d-437b950d210f", "indicator--5df0b03d-7a30-4d31-9143-4221950d210f", "indicator--5df0b03d-0dbc-4761-a1c4-40bb950d210f", "indicator--5df0b03d-f7d8-47a1-9cc5-4477950d210f", "indicator--5df0b03d-e924-4554-8009-46a0950d210f", "indicator--5df0b03d-298c-452c-9d7f-405c950d210f", "indicator--5df0b03d-4ce0-4722-8c07-4a7f950d210f", "indicator--5df0b03d-f7cc-48f9-bf33-4e69950d210f", "indicator--5df0b03d-ba30-4484-8656-4f61950d210f", "indicator--5df0b03d-4e30-4a2a-892b-436b950d210f", "indicator--5df0b03d-3368-43eb-b26f-40a6950d210f", "indicator--5df0b03d-82a4-4273-adbd-43e4950d210f", "indicator--5df0b03d-0b14-4e2f-a34d-44a0950d210f", "indicator--5df0b03d-5474-4868-bfc1-4b8d950d210f", "indicator--5df0b03d-1e98-4f8e-bdcf-4ee5950d210f", "indicator--5df0b03d-9d84-4f88-856b-4154950d210f", "indicator--5df0b03d-281c-4a4f-9a12-42c5950d210f", "indicator--5df0b03d-fd6c-4e3b-aecb-4418950d210f", "indicator--5df0b03d-5684-4e20-8226-4fb5950d210f", "indicator--5df0b03d-e560-4aa5-bef1-4370950d210f", "indicator--5df0b03d-7cb0-4adc-a8a4-4784950d210f", "indicator--5df0b03d-1c10-46c0-b3ca-468d950d210f", "indicator--5df0b03d-ef40-4639-b993-4fa7950d210f", "indicator--5df0b03d-fe3c-4907-aae3-4d9d950d210f", "indicator--5df0b03d-fc74-4861-9e74-45de950d210f", "indicator--5df0b03d-6bf0-4c28-80c3-48cc950d210f", "indicator--5df0b03d-5304-413e-9be2-45d8950d210f", "indicator--5df0b03d-7970-4d84-a48d-4278950d210f", "indicator--5df0b03d-48e4-45b7-b617-4f32950d210f", "indicator--5df0b03d-b238-432e-8332-494f950d210f", "indicator--5df0b03d-d5e8-4fdd-bf4e-4598950d210f", "indicator--5df0b03d-c4f8-4b2f-a96d-4353950d210f", "indicator--5df0b03d-24d0-4ebf-9fe7-4d10950d210f", "indicator--5df0b03d-b68c-4da4-a1d8-481a950d210f", "indicator--5df0b03d-8e34-494a-9719-4387950d210f", "indicator--5df0b03d-0db8-4f4e-a96a-41f0950d210f", "indicator--5df0b03d-2e34-40d1-a6be-43c4950d210f", "indicator--5df0b03e-738c-4320-9f77-4c1e950d210f", "indicator--5df0b03e-f73c-4fbf-99ce-4c88950d210f", "indicator--5df0b03e-bee0-49ec-bd32-45bd950d210f", "indicator--5df0b03e-1954-4498-b9c2-44be950d210f", "indicator--5df0b03e-f6d8-48bb-9c62-4ac9950d210f", "indicator--5df0b03e-e028-43d7-b17a-4047950d210f", "indicator--5df0b03e-aff0-4b63-aa9b-4f50950d210f", "indicator--5df0b03e-c6bc-46bb-b04d-4a25950d210f", "indicator--5df0b03e-c328-4db9-8883-4961950d210f", "indicator--5df0b03e-a0d4-460d-85a3-4c1d950d210f", "indicator--5df0b03e-3434-471f-8655-49ef950d210f", "indicator--5df0b03e-2218-422f-80bc-4816950d210f", "indicator--5df0b03e-6b48-42ed-971a-4c49950d210f", "indicator--5df0b03e-2e38-4a15-a040-43a9950d210f", "indicator--5df0b03f-072c-476a-9919-4742950d210f", "indicator--5df0b03f-2ad8-44ca-a1ed-4290950d210f", "indicator--5df0b03f-8d08-4845-9b8b-45b5950d210f", "indicator--5df0b03f-106c-4fd6-aa0f-4aee950d210f", "indicator--5df0b03f-61c4-4742-a4de-4085950d210f", "indicator--5df0b03f-cb04-4f73-9d5b-42ed950d210f", "indicator--5df0b03f-7d08-4fc5-afae-4338950d210f", "indicator--5df0b03f-3d4c-4090-91e5-4896950d210f", "indicator--5df0b03f-e5b8-4baa-9867-405d950d210f", "indicator--5df0b03f-0354-4fec-9ada-4544950d210f", "indicator--5df0b03f-5268-475f-b1a8-4c2d950d210f", "indicator--5df0b03f-9418-49af-8e23-4f31950d210f", "indicator--5df0b03f-0f98-4bf2-8f7b-41f8950d210f", "indicator--5df0b03f-8830-44e9-b79b-4edc950d210f", "indicator--5df0b03f-35e8-45cc-948d-4ea1950d210f", "indicator--5df0b03f-ae54-4a2e-a9b4-4426950d210f", "indicator--5df0b03f-3460-4b60-b0bf-4321950d210f", "indicator--5df0b03f-273c-4ca4-a725-4009950d210f", "indicator--5df0b03f-6340-4455-9e32-4e30950d210f", "indicator--5df0b03f-275c-4a5a-bb47-4064950d210f", "indicator--5df0b03f-7030-4d91-8c30-428c950d210f", "indicator--5df0b03f-6de8-449b-a47a-4af4950d210f", "indicator--5df0b03f-ebe4-4e7b-ab22-4361950d210f", "indicator--5df0b03f-9b7c-4c5a-a844-4499950d210f", "indicator--5df0b03f-5730-43b6-8f8e-4e9f950d210f", "indicator--5df0b03f-ea84-4598-9737-45ea950d210f", "indicator--5df0b03f-a9bc-41b7-94a4-49a4950d210f", "indicator--5df0b03f-4b20-434b-a381-452d950d210f", "indicator--5df0b03f-f5c0-43f6-b76d-40df950d210f", "indicator--5df0b03f-99e0-4b8b-ad23-4b57950d210f", "indicator--5df0b03f-0304-46dd-b713-4e73950d210f", "indicator--5df0b03f-f770-465a-a9fa-44bd950d210f", "indicator--5df0b03f-ea54-42a0-be59-43db950d210f", "indicator--5df0b03f-415c-41f8-9713-494b950d210f", "indicator--5df0b03f-e558-4a96-967b-494e950d210f", "indicator--5df0b03f-ff0c-490d-89b8-46f9950d210f", "indicator--5df0b03f-f448-4d67-9ab8-412f950d210f", "indicator--5df0b03f-0244-410c-84a0-4d56950d210f", "indicator--5df0b03f-7cd8-4a6e-971d-4ea5950d210f", "indicator--5df0b03f-d4cc-48be-ab18-4ddd950d210f", "indicator--5df0b03f-e840-4758-840f-4154950d210f", "indicator--5df0b03f-1db0-4094-9b55-485b950d210f", "indicator--5df0b03f-c428-4446-b8bf-4981950d210f", "indicator--5df0b03f-79b8-4260-a28a-4bb0950d210f", "indicator--5df0b03f-710c-4683-a2ec-48e6950d210f", "indicator--5df0b03f-0d5c-436f-910e-4c60950d210f", "indicator--5df0b03f-27d8-4f99-9967-46b5950d210f", "indicator--5df0b040-c300-4d41-a7eb-4577950d210f", "indicator--5df0b040-9f3c-496a-80a7-4a22950d210f", "indicator--5df0b040-01fc-4819-be6d-4ff4950d210f", "indicator--5df0b040-5304-4afd-9d5c-4c99950d210f", "indicator--5df0b040-f8b0-4883-9f64-4e98950d210f", "indicator--5df0b040-1c28-496a-b270-4654950d210f", "indicator--5df0b040-b640-4f59-ba81-4260950d210f", "indicator--5df0b040-92f4-49c7-b0cc-431e950d210f", "indicator--5df0b040-9910-4785-b855-4714950d210f", "indicator--5df0b040-8868-4a2b-95cc-459d950d210f", "indicator--5df0b040-0ad4-4157-b48d-4eef950d210f", "indicator--5df0b040-10c4-457d-94d4-489f950d210f", "indicator--5df0b040-948c-451b-86cd-413a950d210f", "indicator--5df0b040-43d4-4321-b56a-4cc7950d210f", "indicator--5df0b040-a52c-41a6-9e35-4176950d210f", "indicator--5df0b040-ec98-477b-9ff8-4427950d210f", "indicator--5df0b040-7be4-40e3-abbe-4507950d210f", "indicator--5df0b040-cf08-4ffd-b873-4d78950d210f", "indicator--5df0b040-1534-4aff-816d-4d7d950d210f", "indicator--5df0b040-f8b0-49bd-96cf-4bf5950d210f", "indicator--5df0b040-25dc-425d-ade0-45cf950d210f", "indicator--5df0b040-e77c-4e6d-90c8-4e72950d210f", "indicator--5df0b040-6bf4-47e1-9d2b-4c05950d210f", "indicator--5df0b040-c1d4-4f96-b94a-4ab8950d210f", "indicator--5df0b040-9f84-41b9-85b3-4b35950d210f", "indicator--5df0b040-51b4-4cc9-a4f6-4126950d210f", "indicator--5df0b040-f440-4c0a-9cc5-4214950d210f", "indicator--5df0b040-76b8-40de-a1a2-4aef950d210f", "indicator--5df0b040-933c-4500-9a0b-49b9950d210f", "indicator--5df0b040-0eec-46fc-b3c5-46bc950d210f", "indicator--5df0b040-300c-4c85-8414-4ad9950d210f", "indicator--5df0b040-4488-4c16-850a-4e0f950d210f", "indicator--5df0b040-2574-4052-9f69-45f2950d210f", "indicator--5df0b040-f0e4-43c9-ae7c-49a8950d210f", "indicator--5df0b040-18a8-4ea3-b6dc-4af4950d210f", "indicator--5df0b040-1d44-4bf4-80a2-4244950d210f", "indicator--5df0b040-1e1c-41be-91f6-49f2950d210f", "indicator--5df0b040-6584-4c5b-9df3-4e48950d210f", "indicator--5df0b040-d0e4-49b4-8e47-45de950d210f", "indicator--5df0b041-c2ac-4009-92a2-4525950d210f", "indicator--5df0b041-e5bc-48ee-a1bb-4eb8950d210f", "indicator--5df0b041-37ec-4bac-93b1-4c95950d210f", "indicator--5df0b041-cd50-4431-a7b8-4042950d210f", "indicator--5df0b041-0270-4dbc-b980-4a6a950d210f", "indicator--5df0b041-8d48-4115-a6aa-4f58950d210f", "indicator--5df0b041-0498-45d1-9a15-45c8950d210f", "indicator--5df0b041-d2c4-48f4-9dd6-401a950d210f", "indicator--5df0b041-8340-4f16-9947-4b91950d210f", "indicator--5df0b041-4060-40cf-bbc1-4392950d210f", "indicator--5df0b041-c478-4853-b3cd-4fff950d210f", "indicator--5df0b041-7db0-42f8-adfb-4819950d210f", "indicator--5df0b041-1a40-415c-bf3c-4bd1950d210f", "indicator--5df0b041-d868-4ec0-ad19-4449950d210f", "indicator--5df0b041-7c00-4ae0-aadb-4b9a950d210f", "indicator--5df0b041-41f8-4a22-a44d-436a950d210f", "indicator--5df0b041-dc94-44c1-a313-42c2950d210f", "indicator--5df0b041-bf10-486f-9f0f-483e950d210f", "indicator--5df0b041-8d3c-4b35-abc5-42fd950d210f", "indicator--5df0b041-4e84-4e72-96db-414d950d210f", "indicator--5df0b041-88a4-4aac-836d-4673950d210f", "indicator--5df0b041-39e8-4227-ab36-474b950d210f", "indicator--5df0b041-db34-402d-b48d-4eb2950d210f", "indicator--5df0b041-270c-46a2-977b-4f54950d210f", "indicator--5df0b041-5f78-4f3a-8e1d-4943950d210f", "indicator--5df0b041-e19c-4d1a-a83e-4c5d950d210f", "indicator--5df0b041-cae0-4fbc-8573-4e55950d210f", "indicator--5df0b041-0fd4-46f0-9fac-4d8b950d210f", "indicator--5df0b041-5144-4a22-a665-4e86950d210f", "indicator--5df0b041-694c-4962-8301-43b7950d210f", "indicator--5df0b041-7d08-479b-b71c-4186950d210f", "indicator--5df0b041-62ec-43c6-a58b-4fdc950d210f", "indicator--5df0b041-35ec-46de-adbf-4901950d210f", "indicator--5df0b041-a184-4cfa-bd64-4fe0950d210f", "indicator--5df0b041-3684-46cf-aaf0-47d9950d210f", "indicator--5df0b041-0514-4cb4-8377-4bd1950d210f", "indicator--5df0b041-4448-46d7-a6ae-4a9c950d210f", "indicator--5df0b041-c34c-47ac-ac4f-474d950d210f", "indicator--5df0b041-cd84-4706-92fa-456e950d210f", "indicator--5df0b041-e990-4066-9c73-4a7f950d210f", "indicator--5df0b041-75b8-42c2-a502-4c84950d210f", "indicator--5df0b041-ac54-4634-9066-4c7c950d210f", "indicator--5df0b041-2598-4749-b882-4ecc950d210f", "indicator--5df0b041-f530-4376-9da4-4b72950d210f", "indicator--5df0b041-0a30-44d3-b448-4ba3950d210f", "indicator--5df0b041-5e18-495f-b59f-4005950d210f", "indicator--5df0b041-7a64-481d-b2c1-48cf950d210f", "indicator--5df0b041-27d4-4441-bd08-4ac2950d210f", "indicator--5df0b041-f384-4c90-a576-488c950d210f", "indicator--5df0b041-060c-47da-869c-4d77950d210f", "indicator--5df0b041-938c-477d-b5ca-44ef950d210f", "indicator--5df0b042-09e0-4277-8962-4e25950d210f", "indicator--5df0b042-9c88-44c4-8abb-4082950d210f", "indicator--5df0b042-b2b8-4775-b356-4384950d210f", "indicator--5df0b042-c008-4534-a608-4986950d210f", "indicator--5df0b042-9d70-4659-a9a5-483e950d210f", "indicator--5df0b042-1dd0-44e7-ab77-47cb950d210f", "indicator--5df0b042-e394-4346-9929-4237950d210f", "indicator--5df0b042-c314-4cc7-a512-4b43950d210f", "indicator--5df0b042-6bc0-40e9-b20f-47d7950d210f", "indicator--5df0b042-dd10-4c61-87cc-484e950d210f", "indicator--5df0b042-ad38-4988-916d-472b950d210f", "indicator--5df0b042-2a50-49bc-9580-408b950d210f", "indicator--5df0b042-6430-45d8-bf83-4c6c950d210f", "indicator--5df0b042-d80c-41a7-96e1-40fe950d210f", "indicator--5df0b042-69b4-4c1b-848f-4c09950d210f", "indicator--5df0b042-1f78-40e8-91cf-48c3950d210f", "indicator--5df0b042-2fcc-437d-ad0b-4b15950d210f", "indicator--5df0b042-5380-41d6-a8a7-4780950d210f", "indicator--5df0b042-17c8-4d15-8c19-4bf7950d210f", "indicator--5df0b042-f130-4ed6-ae69-4578950d210f", "indicator--5df0b042-35c0-414d-b36b-4c03950d210f", "indicator--5df0b042-8ec0-4567-b3b8-402a950d210f", "indicator--5df0b042-2e7c-4522-86fd-464c950d210f", "indicator--5df0b042-38d0-4f6f-ae8a-4dc7950d210f", "indicator--5df0b042-527c-4ab0-9bb8-4112950d210f", "indicator--5df0b042-3030-48ac-ba3b-46f6950d210f", "indicator--5df0b042-4d58-4403-8ed6-471a950d210f", "indicator--5df0b042-901c-40f4-9050-4906950d210f", "indicator--5df0b043-786c-4d68-9fd9-493c950d210f", "indicator--5df0b044-d55c-4c69-98e3-42fd950d210f", "indicator--5df0b04d-9f6c-4d2a-ab00-43d6950d210f", "indicator--5df0b04f-7f98-4a79-9493-4cbb950d210f", "indicator--5df0b057-3134-48e1-826b-4919950d210f", "indicator--5df0b059-6d80-4df4-925c-434c950d210f", "indicator--5df0b05c-c4b8-4ceb-a6bc-4097950d210f", "indicator--5df0b05e-58a0-44b6-99b1-46e3950d210f", "indicator--5df0b063-7864-4911-a99d-441b950d210f", "indicator--5df0b065-4d98-489e-9772-49e1950d210f", "indicator--5df0b067-62d8-4d38-861d-4df1950d210f", "indicator--5df0b06a-ead8-4f25-83e8-4568950d210f", "indicator--5df0b06a-c578-4b52-bba8-49b3950d210f", "indicator--5df0b06a-59e0-4804-83f4-4d0e950d210f", "indicator--5df0b06a-47d4-40fb-805d-4054950d210f", "indicator--5df0b06a-4460-4a42-9d4f-4370950d210f", "indicator--5df0b06a-824c-4d31-be85-4190950d210f", "indicator--5df0b06a-38f0-4f91-86ad-4356950d210f", "indicator--5df0b06a-9db8-47ce-b3ca-44c8950d210f", "indicator--5df0b06b-47c0-4fe6-b4f4-4b85950d210f", "indicator--5df0b06d-ba7c-4100-8dde-4969950d210f", "indicator--5df0b06d-0df4-4f36-9b13-460a950d210f", "indicator--5df0b06d-fd44-46c3-83ab-4551950d210f", "indicator--5df0b06d-7984-47c0-aef4-415b950d210f", "indicator--5df0b06d-19f4-400f-a465-4a58950d210f", "indicator--5df0b06d-cdd4-4ee6-9c15-4c35950d210f", "indicator--5df0b06d-a854-4e21-bb1c-453a950d210f", "indicator--5df0b06d-f8bc-4e6c-a38f-46e1950d210f", "indicator--5df0b06d-3c24-43bf-b9c1-40c2950d210f", "indicator--5df0b06d-ba08-429b-b47e-429d950d210f", "indicator--5df0b06d-7e08-4332-9f1b-40a8950d210f", "indicator--5df0b06e-a7cc-4520-bca0-44b3950d210f", "indicator--5df0b074-b768-4dac-b514-4178950d210f", "indicator--5df0b07a-e414-4719-83fe-4104950d210f", "indicator--5df0b081-9030-42ff-95e3-433b950d210f", "indicator--5df0b081-6f14-45c8-aa64-404b950d210f", "indicator--5df0b081-b90c-4505-9381-44d1950d210f", "indicator--5df0b081-a1c0-4467-9ea7-475e950d210f", "indicator--5df0b081-47b0-4729-8e19-4532950d210f", "indicator--5df0b081-a328-40e0-99b0-4380950d210f", "indicator--5df0b081-845c-489b-9693-4119950d210f", "indicator--5df0b081-5ec8-4fa4-8f66-4a63950d210f", "indicator--5df0b081-2b64-40f0-b040-4c86950d210f", "indicator--5df0b081-934c-45c1-a0db-4928950d210f", "indicator--5df0b081-13b4-4c8d-8d3a-468e950d210f", "indicator--5df0b081-b8cc-44b0-9919-48ae950d210f", "indicator--5df0b081-7fb0-4115-b524-4de8950d210f", "indicator--5df0b081-08b8-49e9-b199-4b78950d210f", "indicator--5df0b081-1fb0-4402-8d88-474f950d210f", "indicator--5df0b081-6b64-4782-899c-494a950d210f", "indicator--5df0b081-8dd4-48b6-a079-478d950d210f", "indicator--5df0b081-0914-4450-b1de-461e950d210f", "indicator--5df0b081-1cd0-4652-9f4b-41b6950d210f", "indicator--5df0b081-a690-4720-99fa-4838950d210f", "indicator--5df0b081-ab1c-4b5c-b168-4523950d210f", "indicator--5df0b081-6554-4473-bf62-4c9a950d210f", "indicator--5df0b081-d9b4-4b7b-8c06-4843950d210f", "indicator--5df0b082-c39c-480c-81e2-4ee6950d210f", "indicator--5df0b082-47b4-48ee-84c5-43b2950d210f", "indicator--5df0b082-bd7c-4d3d-8a2a-4687950d210f", "indicator--5df0b082-7ea8-44fd-adbd-43a0950d210f", "indicator--5df0b082-4d80-44e2-a28e-4565950d210f", "indicator--5df0b082-2a58-4034-9301-41f1950d210f", "indicator--5df0b082-e278-44d6-bb00-427a950d210f", "indicator--5df0b082-ee5c-48c2-be97-47d7950d210f", "indicator--5df0b082-c5e8-4591-a6a2-4608950d210f", "indicator--5df0b082-a9ec-43bb-a6a4-4c85950d210f", "indicator--5df0b082-f08c-4746-bcf8-4b66950d210f", "indicator--5df0b082-e66c-4c57-bab2-42a6950d210f", "indicator--5df0b082-69d8-4704-8b08-40a9950d210f", "indicator--5df0b082-d54c-4f17-9c22-46cb950d210f", "indicator--5df0b082-b2b4-4487-8bce-45ca950d210f", "indicator--5df0b082-37d4-487d-8c43-4ddc950d210f", "indicator--5df0b082-2b1c-4696-bd82-4785950d210f", "indicator--5df0b082-cde4-4ac1-a3b0-4468950d210f", "indicator--5df0b082-cf3c-40ba-96cb-40ea950d210f", "indicator--5df0b082-a3e0-4164-8927-42ff950d210f", "indicator--5df0b082-cf68-4ff7-86fe-40df950d210f", "indicator--5df0b082-5380-4ec9-91c2-452a950d210f", "indicator--5df0b082-f804-4f5e-a485-406a950d210f", "indicator--5df0b082-1474-4f31-b161-4078950d210f", "indicator--5df0b082-caa8-4a17-8974-484c950d210f", "indicator--5df0b082-a2d8-4a00-baed-4f8d950d210f", "indicator--5df0b082-f290-4b24-9c31-40b9950d210f", "indicator--5df0b082-682c-478e-954c-4019950d210f", "indicator--5df0b082-a994-4842-a10c-43fb950d210f", "indicator--5df0b082-6ba4-4e81-bbd8-429c950d210f", "indicator--5df0b082-d454-4c1a-8dc7-454a950d210f", "indicator--5df0b082-3750-4654-856a-4dc5950d210f", "indicator--5df0b082-49ac-488c-958e-4e43950d210f", "indicator--5df0b082-0fb8-4fe8-85c4-4700950d210f", "indicator--5df0b082-6854-489e-aa5e-4ce7950d210f", "indicator--5df0b082-9784-4c9e-8a33-40d7950d210f", "indicator--5df0b082-7650-4efb-b10c-41d0950d210f", "indicator--5df0b082-db44-4098-8add-4932950d210f", "indicator--5df0b082-9138-4e5b-aed4-47e6950d210f", "indicator--5df0b082-43e8-4f74-91ba-46c5950d210f", "indicator--5df0b082-eec8-4898-88d2-4559950d210f", "indicator--5df0b082-0210-45b7-82a9-491b950d210f", "indicator--5df0b082-f728-4c92-9344-4b14950d210f", "indicator--5df0b082-c530-4861-b8fe-4833950d210f", "indicator--5df0b082-e94c-49ad-b320-4bca950d210f", "indicator--5df0b082-f4cc-47b5-b895-4f0c950d210f", "indicator--5df0b082-2014-400c-90ad-4c3c950d210f", "indicator--5df0b082-68a8-4f00-a24e-4b4b950d210f", "indicator--5df0b082-bb64-4045-8cd2-41d0950d210f", "indicator--5df0b082-8590-4dcb-961a-4cb2950d210f", "indicator--5df0b082-4098-4e32-a7a3-4ec6950d210f", "indicator--5df0b082-c708-49c7-8808-4b6c950d210f", "indicator--5df0b082-4778-4ec2-a3b3-4367950d210f", "indicator--5df0b082-a3f8-4ec3-960e-49cb950d210f", "indicator--5df0b082-c9e4-466b-959e-4847950d210f", "indicator--5df0b082-2000-475e-a34f-452a950d210f", "indicator--5df0b082-7384-45a0-89f9-4364950d210f", "indicator--5df0b082-d388-48e0-85f0-406b950d210f", "indicator--5df0b082-bf00-4091-8084-4a1f950d210f", "indicator--5df0b082-6180-419e-8560-4e2e950d210f", "indicator--5df0b082-b924-44d3-a70d-4df6950d210f", "indicator--5df0b082-49d0-45dd-8a28-4b7a950d210f", "indicator--5df0b082-38cc-4112-a5cd-4ab8950d210f", "indicator--5df0b082-8f70-4c03-baae-49c8950d210f", "indicator--5df0b082-d9d4-46e4-8c9f-4fd5950d210f", "indicator--5df0b082-6fc0-4500-9a99-4a19950d210f", "indicator--5df0b082-1d80-4720-95f7-4d8a950d210f", "indicator--5df0b082-6d1c-4fea-a148-409a950d210f", "indicator--5df0b082-acf4-409a-9bc6-4ffd950d210f", "indicator--5df0b083-e524-4950-85af-4003950d210f", "indicator--5df0b083-e094-42c0-b82d-4028950d210f", "indicator--5df0b083-055c-4bdc-8377-4947950d210f", "indicator--5df0b083-1eac-4fba-8e4b-4bca950d210f", "indicator--5df0b083-6ee4-4560-8406-40d0950d210f", "indicator--5df0b083-6784-4e15-b6f5-4a90950d210f", "indicator--5df0b083-1114-4aab-b03f-4fef950d210f", "indicator--5df0b083-dd28-4b6a-a390-4cb2950d210f", "indicator--5df0b083-6ddc-4af8-8a5a-4cab950d210f", "indicator--5df0b083-eb08-48d4-976b-4008950d210f", "indicator--5df0b083-341c-4b6d-bbaa-4053950d210f", "indicator--5df0b083-8be4-4b4c-a669-495b950d210f", "indicator--5df0b083-3ad0-4ec5-937c-4137950d210f", "indicator--5df0b083-712c-4ba5-8795-4ef3950d210f", "indicator--5df0b083-eb1c-44da-b853-48f7950d210f", "indicator--5df0b083-23ac-4f2b-aa95-4e48950d210f", "indicator--5df0b083-4850-4e24-bc7f-4c2a950d210f", "indicator--5df0b083-3f9c-432a-98e5-4dda950d210f", "indicator--5df0b083-5a18-48ab-a74c-4e3e950d210f", "indicator--5df0b083-c9bc-483d-bc16-4efa950d210f", "indicator--5df0b083-2f9c-4eb0-89a9-41b1950d210f", "indicator--5df0b083-78f8-43a6-b793-4296950d210f", "indicator--5df0b083-c524-42f9-98e3-4b6d950d210f", "indicator--5df0b083-fe7c-4882-b2e0-4555950d210f", "indicator--5df0b083-c474-4bdc-993d-4206950d210f", "indicator--5df0b083-e1ec-4206-95ce-4a51950d210f", "indicator--5df0b083-5dec-4c0e-bb2e-4f1d950d210f", "indicator--5df0b083-02b0-4441-a873-4896950d210f", "indicator--5df0b083-0214-4ffa-bded-4e26950d210f", "indicator--5df0b083-eed4-4e01-a11c-4367950d210f", "indicator--5df0b083-da4c-470d-b0cf-4f66950d210f", "indicator--5df0b083-d2e8-41f0-9dd9-4fb9950d210f", "indicator--5df0b083-1170-4a16-9fd6-450a950d210f", "indicator--5df0b083-fa38-45e9-b969-4c02950d210f", "indicator--5df0b083-0aa8-4add-8ef1-4a93950d210f", "indicator--5df0b083-2db4-4dab-8641-4541950d210f", "indicator--5df0b083-4914-40df-9f9e-4ec5950d210f", "indicator--5df0b083-d8a4-4d8a-bd41-4294950d210f", "indicator--5df0b083-bdb8-4847-97e5-4689950d210f", "indicator--5df0b083-cae4-4a28-91e6-4ae5950d210f", "indicator--5df0b083-8898-4207-b205-4f36950d210f", "indicator--5df0b083-8e40-423e-ba54-4256950d210f", "indicator--5df0b083-2514-4352-b3ae-4665950d210f", "indicator--5df0b083-70e0-4576-807e-4b64950d210f", "indicator--5df0b083-9b90-42f7-93f4-4a18950d210f", "indicator--5df0b083-d5cc-4bd4-8fac-4910950d210f", "indicator--5df0b083-b598-4e72-ae68-4a25950d210f", "indicator--5df0b083-5bc0-42ca-a9eb-43b1950d210f", "indicator--5df0b083-9464-4e02-b6fb-46dc950d210f", "indicator--5df0b083-4f64-428a-979f-4636950d210f", "indicator--5df0b083-46cc-4987-ae48-4517950d210f", "indicator--5df0b083-fe2c-487b-9074-49f8950d210f", "indicator--5df0b083-cd20-4422-b207-4eed950d210f", "indicator--5df0b083-82f0-4587-9d34-4647950d210f", "indicator--5df0b083-2a68-4d5b-a044-43a3950d210f", "indicator--5df0b083-79c8-45e1-8da4-46f8950d210f", "indicator--5df0b083-1540-4d18-9022-426a950d210f", "indicator--5df0b083-17f0-4fb7-82c4-4fca950d210f", "indicator--5df0b083-21d8-468c-a158-44eb950d210f", "indicator--5df0b083-1418-4711-ad2e-470e950d210f", "indicator--5df0b083-386c-43a3-8e0a-46b3950d210f", "indicator--5df0b084-b7e0-45e6-9c05-4598950d210f", "indicator--5df0b084-3154-46ce-bc24-4b71950d210f", "indicator--5df0b084-7e98-482a-a8e1-4b5c950d210f", "indicator--5df0b084-1710-4666-8fd3-481a950d210f", "indicator--5df0b084-3244-4214-9d07-4bd8950d210f", "indicator--5df0b084-469c-4a14-87df-4093950d210f", "indicator--5df0b084-139c-471e-995b-4bc3950d210f", "indicator--5df0b084-d734-4417-8e31-4e30950d210f", "indicator--5df0b084-bcc8-412c-94e1-4911950d210f", "indicator--5df0b084-769c-4219-94f9-44b4950d210f", "indicator--5df0b084-1eb8-45c2-9dc2-49fd950d210f", "indicator--5df0b084-aff8-4902-8743-4919950d210f", "indicator--5df0b084-5774-43f6-b6e8-4f4b950d210f", "indicator--5df0b084-3384-4868-adaf-4bf6950d210f", "indicator--5df0b084-6ba8-41c5-b8cc-4c71950d210f", "indicator--5df0b084-cdd8-4723-a4fd-4060950d210f", "indicator--5df0b084-7104-4478-8b6a-4c49950d210f", "indicator--5df0b084-44d8-4d44-99a9-467b950d210f", "indicator--5df0b084-6d38-46d9-a298-489c950d210f", "indicator--5df0b084-9590-443a-a55c-4950950d210f", "indicator--5df0b084-f4e0-4d66-9d40-436d950d210f", "indicator--5df0b084-fb3c-4a7f-b396-42fe950d210f", "indicator--5df0b084-ff88-4407-8146-424f950d210f", "indicator--5df0b084-a7c0-433a-ac8a-4214950d210f", "indicator--5df0b084-ed6c-49a8-b5a3-4449950d210f", "indicator--5df0b084-7d58-40cd-be47-4b65950d210f", "indicator--5df0b084-5d2c-4345-b8f8-4e28950d210f", "indicator--5df0b084-d094-4b50-852c-4ac4950d210f", "indicator--5df0b084-253c-4818-92eb-4a7c950d210f", "indicator--5df0b084-e5b4-4202-b2c0-49d8950d210f", "indicator--5df0b084-b0b8-4ee6-919b-4852950d210f", "indicator--5df0b084-b5b0-4501-a8f8-4825950d210f", "indicator--5df0b084-1610-42a8-a1b6-4284950d210f", "indicator--5df0b084-e9d0-417e-988f-413a950d210f", "indicator--5df0b084-878c-4b16-ab20-41d7950d210f", "indicator--5df0b084-ccb0-4b03-9541-4418950d210f", "indicator--5df0b084-70a4-4f1e-9514-422f950d210f", "indicator--5df0b084-caac-44c7-84b0-4ce8950d210f", "indicator--5df0b084-ad74-431a-81c4-41a2950d210f", "indicator--5df0b084-8f3c-437f-b04a-48c6950d210f", "indicator--5df0b084-8848-4150-bcef-4056950d210f", "indicator--5df0b084-0b90-40a3-ad2d-45fa950d210f", "indicator--5df0b084-063c-4a08-8ae8-443e950d210f", "indicator--5df0b084-f7ec-471d-9d9b-4f39950d210f", "indicator--5df0b084-6a20-4c93-96c1-48f4950d210f", "indicator--5df0b084-8bbc-4803-a274-4a9e950d210f", "indicator--5df0b084-fef8-43fa-beee-4772950d210f", "indicator--5df0b084-9adc-4b2c-8d9e-4689950d210f", "indicator--5df0b084-44f4-4364-811e-439e950d210f", "indicator--5df0b084-b668-4e6c-a077-4d9a950d210f", "indicator--5df0b084-4138-4e1c-92c8-4797950d210f", "indicator--5df0b084-0e04-4ac8-905a-4f52950d210f", "indicator--5df0b084-d8e4-456f-b028-4ce0950d210f", "indicator--5df0b084-d96c-4ada-8e07-4aed950d210f", "indicator--5df0b084-cd50-4409-97ba-4692950d210f", "indicator--5df0b084-72c4-452a-93ab-40dc950d210f", "indicator--5df0b084-64d8-4715-9a1f-408f950d210f", "indicator--5df0b084-0e20-46ff-9db5-4311950d210f", "indicator--5df0b084-0118-4aa9-b8c6-43d8950d210f", "indicator--5df0b085-ac24-49e5-9af1-4a0d950d210f", "indicator--5df0b085-1290-48fa-b54b-45d3950d210f", "indicator--5df0b085-5a58-48f9-aa1b-43c5950d210f", "indicator--5df0b085-85fc-4d16-b422-4b3d950d210f", "indicator--5df0b085-f784-4929-84ae-4dfa950d210f", "indicator--5df0b085-a4d8-4c1a-ba00-4e01950d210f", "indicator--5df0b085-f2a8-4083-8727-4d9d950d210f", "indicator--5df0b085-4d08-48b2-90c6-4431950d210f", "indicator--5df0b085-76a8-4753-b991-4490950d210f", "indicator--5df0b085-a254-4f3d-ace9-4496950d210f", "indicator--5df0b085-a434-4bab-b981-4ecd950d210f", "indicator--5df0b085-706c-4bb0-8041-4cad950d210f", "indicator--5df0b085-d840-4bf1-81eb-449c950d210f", "indicator--5df0b085-5204-4d27-acee-497d950d210f", "indicator--5df0b085-19cc-4563-8df1-44a9950d210f", "indicator--5df0b085-1994-40a2-9581-43c9950d210f", "indicator--5df0b085-2d48-46d6-ae3d-4fea950d210f", "indicator--5df0b085-1988-4452-b4d0-4e15950d210f", "indicator--5df0b085-0074-4cdf-a384-45bb950d210f", "indicator--5df0b085-f22c-4d65-8a73-4bc5950d210f", "indicator--5df0b085-cc34-4cb0-9095-45f4950d210f", "indicator--5df0b085-6d80-4061-918b-4318950d210f", "indicator--5df0b085-571c-439a-bf20-4d7d950d210f", "indicator--5df0b086-6490-47e2-b17a-4267950d210f", "indicator--5df0b086-8ac8-42aa-bb5b-4963950d210f", "indicator--5df0b086-f0c8-4c94-8337-4bc7950d210f", "indicator--5df0b086-71dc-4e53-944e-4487950d210f", "indicator--5df0b086-2f60-4811-b8d4-48c3950d210f", "indicator--5df0b086-65bc-41dc-899b-41b0950d210f", "indicator--5df0b086-3024-4880-9167-4d4a950d210f", "indicator--5df0b086-4f88-4c59-a695-469d950d210f", "indicator--5df0b086-1874-47fc-9f4e-45af950d210f", "indicator--5df0b086-9b88-45ff-afca-4273950d210f", "indicator--5df0b086-9078-4fc8-adb3-4a84950d210f", "indicator--5df0b086-50a4-4c89-8aa3-4806950d210f", "indicator--5df0b086-c1d8-4163-ad56-4fe5950d210f", "indicator--5df0b086-eeb0-4e6c-98e1-4bad950d210f", "indicator--5df0b086-e7c4-4755-a0f8-4f67950d210f", "indicator--5df0b086-82b8-4b95-bece-4649950d210f", "indicator--5df0b086-c8e4-41e9-878d-49d1950d210f", "indicator--5df0b086-ecb0-4607-9bfc-4b85950d210f", "indicator--5df0b086-1bdc-4269-9cca-40e0950d210f", "indicator--5df0b086-3c6c-44ce-8580-49fb950d210f", "indicator--5df0b086-f080-43a7-a251-4ee9950d210f", "indicator--5df0b086-96e8-4ea0-8423-4d76950d210f", "indicator--5df0b086-4dd4-4ffb-9a7e-47c7950d210f", "indicator--5df0b087-4ce8-4b3f-b202-4c07950d210f", "indicator--5df0b087-d720-4bf1-b388-4ea3950d210f", "indicator--5df0b087-0494-4222-bec1-4393950d210f", "indicator--5df0b087-e364-4843-bb8f-4214950d210f", "indicator--5df0b087-c760-4d58-bb00-4ce4950d210f", "indicator--5df0b087-1674-42c7-9ec6-4204950d210f", "indicator--5df0b087-1894-4925-8585-4178950d210f", "indicator--5df0b087-fbfc-4707-b8d5-4bde950d210f", "indicator--5df0b087-dae8-4042-82da-4cb4950d210f", "indicator--5df0b087-0310-42c2-a148-4861950d210f", "indicator--5df0b087-9320-4cbe-9a3c-466a950d210f", "indicator--5df0b087-ce00-4716-8985-4a4e950d210f", "indicator--5df0b087-6dd0-4d9f-96bd-40f9950d210f", "indicator--5df0b087-d290-48b9-8ac4-43e1950d210f", "indicator--5df0b087-cb50-4b9b-9441-40ae950d210f", "indicator--5df0b087-be0c-406f-948e-4d13950d210f", "indicator--5df0b087-1f18-4b44-a0ea-4458950d210f", "indicator--5df0b087-aa6c-4ba2-845c-4fa9950d210f", "indicator--5df0b087-86a8-4cb2-8bff-4dde950d210f", "indicator--5df0b087-bbf4-426d-858d-4ea7950d210f", "indicator--5df0b087-96e0-4cf3-ab86-4d3e950d210f", "indicator--5df0b087-53dc-4ffb-909e-4013950d210f", "indicator--5df0b087-b1a4-40a9-93d8-488b950d210f", "indicator--5df0b087-4514-493f-8056-46ce950d210f", "indicator--5df0b087-8c74-4219-9057-43bc950d210f", "indicator--5df0b087-18b8-4cfa-8f4d-4c2f950d210f", "indicator--5df0b087-1fe0-40a9-9cde-435a950d210f", "indicator--5df0b087-2ba4-46a9-b973-4b0f950d210f", "indicator--5df0b087-676c-4247-b47e-4287950d210f", "indicator--5df0b087-6850-4d8d-8632-4862950d210f", "indicator--5df0b087-bc28-4d18-ae8d-4f1b950d210f", "indicator--5df0b087-5d68-495f-a27f-4fad950d210f", "indicator--5df0b087-bab0-4007-9441-4d12950d210f", "indicator--5df0b087-8ad0-405c-b122-4971950d210f", "indicator--5df0b087-4d44-4dde-abc8-4f98950d210f", "indicator--5df0b087-7d7c-4a70-a417-44a5950d210f", "indicator--5df0b087-e8b0-489a-8dfa-4c9c950d210f", "indicator--5df0b087-eb34-483a-8bb4-4b8b950d210f", "indicator--5df0b087-67fc-4df6-958f-46c0950d210f", "indicator--5df0b087-f0a0-4e4f-a462-426c950d210f", "indicator--5df0b087-d42c-4a1d-9608-4995950d210f", "indicator--5df0b087-8e08-4618-b1cc-4994950d210f", "indicator--5df0b087-13cc-469a-b646-436c950d210f", "indicator--5df0b087-7518-4bd8-843d-4bac950d210f", "indicator--5df0b087-380c-4c6f-be3d-4cbd950d210f", "indicator--5df0b088-64a8-4a4e-84c7-45f7950d210f", "indicator--5df0b088-ffa0-4e67-a000-499e950d210f", "indicator--5df0b088-2fec-4a95-9a6a-4256950d210f", "indicator--5df0b088-948c-49e7-b821-4e6f950d210f", "indicator--5df0b088-eb28-4975-bb16-4bf9950d210f", "indicator--5df0b088-82cc-4da0-bf89-42da950d210f", "indicator--5df0b088-8d88-4c48-bc6f-443b950d210f", "indicator--5df0b088-1b1c-4708-bbbb-4581950d210f", "indicator--5df0b088-d72c-4527-86ad-403c950d210f", "indicator--5df0b088-7290-43e2-934e-4737950d210f", "indicator--5df0b088-c484-49f5-b8e4-40a6950d210f", "indicator--5df0b088-bda8-4981-963b-49f7950d210f", "indicator--5df0b088-86c0-4298-804e-40bd950d210f", "indicator--5df0b088-b490-45f3-8310-40a4950d210f", "indicator--5df0b088-f830-49b5-8fde-4894950d210f", "indicator--5df0b088-a3d8-45a0-8b97-4d40950d210f", "indicator--5df0b088-b3dc-47a2-b7d7-48fd950d210f", "indicator--5df0b088-6520-47a3-93b0-4490950d210f", "indicator--5df0b088-e03c-461f-9d88-4028950d210f", "indicator--5df0b088-2bb0-40bb-8dc5-42d4950d210f", "indicator--5df0b088-a450-4235-aa48-4ec9950d210f", "indicator--5df0b088-04b8-428f-a0bf-41f1950d210f", "indicator--5df0b088-4238-4d2b-91da-427c950d210f", "indicator--5df0b088-9300-4067-a8d4-4b59950d210f", "indicator--5df0b088-d76c-4232-806e-4138950d210f", "indicator--5df0b088-33ac-496c-8d46-4b92950d210f", "indicator--5df0b088-2a04-4ab0-b6d7-458a950d210f", "indicator--5df0b088-102c-4b37-9ec0-41d4950d210f", "indicator--5df0b088-4ef4-44f1-8824-4c6c950d210f", "indicator--5df0b088-4ae8-4b30-90c6-4065950d210f", "indicator--5df0b088-8320-45b8-942d-4abf950d210f", "indicator--5df0b088-caa4-430b-b290-45a9950d210f", "indicator--5df0b088-11c4-4b72-9623-453d950d210f", "indicator--5df0b088-7ba0-4ec4-8cc0-4f55950d210f", "indicator--5df0b088-7950-4be0-9c09-4c5b950d210f", "indicator--5df0b088-25c0-4af0-ad1e-4b82950d210f", "indicator--5df0b088-7c80-46d5-95be-45ed950d210f", "indicator--5df0b088-a654-4a16-9408-4191950d210f", "indicator--5df0b088-35e8-4036-849e-4bdc950d210f", "indicator--5df0b088-f3ac-4ce5-99b7-4116950d210f", "indicator--5df0b088-f310-4673-8b92-4177950d210f", "indicator--5df0b088-078c-47ab-96fe-401d950d210f", "indicator--5df0b088-851c-485f-a81e-4888950d210f", "indicator--5df0b088-152c-4429-9c0d-4d5b950d210f", "indicator--5df0b088-78f4-4186-83ad-47a9950d210f", "indicator--5df0b088-d634-43be-8598-48e8950d210f", "indicator--5df0b088-0c48-439d-abb1-42bd950d210f", "indicator--5df0b088-6300-4524-b7a0-4a29950d210f", "indicator--5df0b088-0160-4cd9-8092-43cf950d210f", "indicator--5df0b088-1af0-4d50-8260-43b1950d210f", "indicator--5df0b088-acd0-4ce8-9330-4154950d210f", "indicator--5df0b088-60ac-4360-9d35-41ec950d210f", "indicator--5df0b088-29e0-4626-bdc1-48ce950d210f", "indicator--5df0b088-a300-4d21-be73-44c7950d210f", "indicator--5df0b088-55f0-4efa-8048-4e28950d210f", "indicator--5df0b088-badc-49d8-b964-4a0e950d210f", "indicator--5df0b089-b590-4c4e-9d52-4bc9950d210f", "indicator--5df0b089-12f4-4611-823d-4d1d950d210f", "indicator--5df0b089-adc8-498f-99b4-4e24950d210f", "indicator--5df0b089-13ac-446f-bf3f-411e950d210f", "indicator--5df0b089-22e8-4265-a283-4f96950d210f", "indicator--5df0b089-f4f4-4351-90c8-4b9c950d210f", "indicator--5df0b089-ed18-4943-af3a-4b9e950d210f", "indicator--5df0b089-eb18-412a-91e7-4fff950d210f", "indicator--5df0b089-c71c-43fa-bee1-4255950d210f", "indicator--5df0b089-840c-4a13-8f31-4bde950d210f", "indicator--5df0b089-c610-4a8a-a441-45f2950d210f", "indicator--5df0b089-55f4-491a-8747-48bc950d210f", "indicator--5df0b089-1b20-4f58-b9c5-407f950d210f", "indicator--5df0b089-1410-429f-a340-43bf950d210f", "indicator--5df0b089-825c-4423-9dd5-4812950d210f", "indicator--5df0b089-bf14-4f7d-970a-4267950d210f", "indicator--5df0b089-d070-4bb7-a56f-4059950d210f", "indicator--5df0b089-26cc-4b80-96a4-4905950d210f", "indicator--5df0b089-3ac0-4ace-9ba9-4d2a950d210f", "indicator--5df0b089-8c74-464c-ab2a-42b4950d210f", "indicator--5df0b089-7e2c-435a-bf14-44ea950d210f", "indicator--5df0b089-7640-430b-9553-4080950d210f", "indicator--5df0b089-f6e8-4991-be76-4ee7950d210f", "indicator--5df0b089-c44c-48f8-88ca-4787950d210f", "indicator--5df0b089-2f38-4e9d-ad65-4f21950d210f", "indicator--5df0b089-af60-48f7-86bd-4a05950d210f", "indicator--5df0b089-09e0-40fa-be5c-4882950d210f", "indicator--5df0b089-1c20-4771-bff0-446b950d210f", "indicator--5df0b089-240c-4b6b-ba05-4016950d210f", "indicator--5df0b089-2398-4cdb-b184-4c52950d210f", "indicator--5df0b089-2a2c-473b-ba2a-4208950d210f", "indicator--5df0b089-b4c8-4e6f-90db-4b38950d210f", "indicator--5df0b089-8fd8-4e3d-8e90-4fb1950d210f", "indicator--5df0b089-7dbc-46d9-8998-4540950d210f", "indicator--5df0b089-d070-483a-b689-4930950d210f", "indicator--5df0b089-c540-47a5-9ec1-4d7b950d210f", "indicator--5df0b089-2b20-4679-963c-47ab950d210f", "indicator--5df0b089-f944-4d5b-ad5a-4890950d210f", "indicator--5df0b089-d96c-46a3-aa59-43f8950d210f", "indicator--5df0b089-81d0-4073-90e3-4f2d950d210f", "indicator--5df0b089-cdf4-4c78-8708-434f950d210f", "indicator--5df0b089-c258-4808-9d78-48af950d210f", "indicator--5df0b089-7b00-4985-a13d-48aa950d210f", "indicator--5df0b089-c1a0-485c-8959-49dc950d210f", "indicator--5df0b089-4ec0-4527-9f0f-4317950d210f", "indicator--5df0b089-efd4-4776-bf0a-433f950d210f", "indicator--5df0b089-82a0-4584-bb49-446e950d210f", "indicator--5df0b089-b6c8-4031-a282-4db8950d210f", "indicator--5df0b089-3ea4-48e1-85e2-4938950d210f", "indicator--5df0b089-1208-4179-b2b2-4fda950d210f", "indicator--5df0b089-b9ac-486c-9b63-4a4d950d210f", "indicator--5df0b089-6dd0-4e7b-91e4-4767950d210f", "indicator--5df0b089-cab4-4409-ae4a-402f950d210f", "indicator--5df0b089-8770-44bb-9216-426d950d210f", "indicator--5df0b089-7f8c-4fd3-ad63-4464950d210f", "indicator--5df0b089-e9dc-4a76-861a-493b950d210f", "indicator--5df0b089-4748-44cb-8956-4f82950d210f", "indicator--5df0b089-7de4-4940-9431-4390950d210f", "indicator--5df0b089-a224-474d-baa6-4311950d210f", "indicator--5df0b08a-1788-4f8a-8018-407d950d210f", "indicator--5df0b08a-69e8-4085-97b3-401e950d210f", "indicator--5df0b08a-97b0-4904-b78e-47a7950d210f", "indicator--5df0b08a-6a04-428d-a46b-45d5950d210f", "indicator--5df0b08a-1a94-45f9-b5fc-4c12950d210f", "indicator--5df0b08a-4798-4594-bfb8-4812950d210f", "indicator--5df0b08a-dff0-4772-a23e-45cd950d210f", "indicator--5df0b08a-7e48-41ed-ae75-4956950d210f", "indicator--5df0b08a-b4e4-4964-a9d0-4523950d210f", "indicator--5df0b08a-aeec-40a2-b69c-4eb9950d210f", "indicator--5df0b08a-62a4-48c0-a05f-4439950d210f", "indicator--5df0b08a-d4e4-4192-a23c-4071950d210f", "indicator--5df0b08a-cf74-49d2-8539-4c1e950d210f", "indicator--5df0b08a-ac9c-4f58-b9b4-4194950d210f", "indicator--5df0b08a-41b8-41aa-8d26-4603950d210f", "indicator--5df0b08a-b800-4357-b724-4091950d210f", "indicator--5df0b08a-c278-4271-9385-4001950d210f", "indicator--5df0b08a-b134-447e-a310-4c71950d210f", "indicator--5df0b08a-2970-4243-be2c-4f39950d210f", "indicator--5df0b08a-9050-4575-9d43-4712950d210f", "indicator--5df0b08a-457c-43ee-90d4-46a8950d210f", "indicator--5df0b08a-7994-4fd9-abf5-4f74950d210f", "indicator--5df0b08a-5adc-4387-a2e1-4d2d950d210f", "indicator--5df0b08a-37bc-4256-8415-4d12950d210f", "indicator--5df0b08a-d6c8-4265-971e-49eb950d210f", "indicator--5df0b08a-4cec-414d-933c-4fe6950d210f", "indicator--5df0b08a-2f84-4835-b5b9-4ef4950d210f", "indicator--5df0b08a-0478-4b61-baa0-4fc0950d210f", "indicator--5df0b08a-c5cc-40d9-8be0-4b2f950d210f", "indicator--5df0b08a-f4d8-4f33-8801-42e8950d210f", "indicator--5df0b08a-1274-4f9b-80cf-4193950d210f", "indicator--5df0b08a-161c-4c21-b1ec-4b85950d210f", "indicator--5df0b08a-9030-4374-bdc4-4c1e950d210f", "indicator--5df0b08a-6e74-41b2-86ba-4ed8950d210f", "indicator--5df0b08a-78f0-4aa1-9150-4cf6950d210f", "indicator--5df0b08a-5328-466f-982e-4a50950d210f", "indicator--5df0b08a-d1a0-457b-8440-40cf950d210f", "indicator--5df0b08a-c9ec-4746-9449-4438950d210f", "indicator--5df0b08a-32e4-4adb-bff6-4f50950d210f", "indicator--5df0b08a-760c-4c20-a55d-45e2950d210f", "indicator--5df0b08a-ecb8-4b99-a5f3-4877950d210f", "indicator--5df0b08a-feb8-4df9-8a0a-41f8950d210f", "indicator--5df0b08a-a7d4-4ffc-a6f0-4d93950d210f", "indicator--5df0b08a-b570-49c1-b836-43a5950d210f", "indicator--5df0b08a-374c-44aa-baea-40b6950d210f", "indicator--5df0b08a-1ea8-492e-ad4a-4f4c950d210f", "indicator--5df0b08a-22a0-4b81-8893-4793950d210f", "indicator--5df0b08a-c554-4520-95b8-46cc950d210f", "indicator--5df0b08a-e9ac-446e-8513-4c6b950d210f", "indicator--5df0b08b-5cdc-4191-a12f-483b950d210f", "indicator--5df0b08c-bd54-4938-8403-49f8950d210f", "indicator--5df0b08c-fd74-466a-a568-4f21950d210f", "indicator--5df0b08c-8cd0-4e66-b94c-4ec9950d210f", "indicator--5df0b08c-cff4-4486-8d33-476e950d210f", "indicator--5df0b08c-8a8c-4d47-96c4-4cd3950d210f", "indicator--5df0b08c-660c-4a42-a94f-4853950d210f", "indicator--5df0b08c-fc58-4a65-a8a0-4ffd950d210f", "indicator--5df0b08c-ace4-45c8-a481-485d950d210f", "indicator--5df0b08c-676c-4147-9352-4ef1950d210f", "indicator--5df0b08c-132c-4d52-8044-47e3950d210f", "indicator--5df0b08c-a744-4d7b-8d72-4da6950d210f", "indicator--5df0b08c-ac60-458d-885a-4f1b950d210f", "indicator--5df0b08c-9a84-4962-b689-4f7c950d210f", "indicator--5df0b098-cb14-49c0-8fcc-4734950d210f", "indicator--5df0b098-a2e4-4765-ba59-4529950d210f", "indicator--5df0b098-e4f0-4359-afe8-4d99950d210f", "indicator--5df0b098-d73c-49e2-96d4-4387950d210f", "indicator--5df0b098-1ff8-4109-9588-4a30950d210f", "indicator--5df0b098-5cbc-41a0-b4cb-4c67950d210f", "indicator--5df0b098-5dbc-4369-bc68-4a2b950d210f", "indicator--5df0b098-26f0-423b-8190-4db6950d210f", "indicator--5df0b098-9168-422b-9f5f-4af4950d210f", "indicator--5df0b098-8f7c-463a-9111-4370950d210f", "indicator--5df0b098-8af8-4916-9075-423f950d210f", "indicator--5df0b098-35bc-4748-b23d-4bf7950d210f", "indicator--5df0b098-ce88-4850-8de7-46bf950d210f", "indicator--5df0b098-8c94-430d-b46e-48b8950d210f", "indicator--5df0b098-c508-4848-ac0f-409c950d210f", "indicator--5df0b098-ff70-479e-9617-4e77950d210f", "indicator--5df0b098-8d30-485d-a965-4f7e950d210f", "indicator--5df0b098-d4b4-4877-bce1-41cf950d210f", "indicator--5df0b098-6414-44c4-a73b-4484950d210f", "indicator--5df0b099-e654-46c7-86fa-4e46950d210f", "indicator--5df0b099-c96c-4a8c-925b-49ab950d210f", "indicator--5df0b099-cc94-43ae-a490-41d7950d210f", "indicator--5df0b099-06fc-450e-bb94-4188950d210f", "indicator--5df0b099-fd74-4a77-b749-4ff2950d210f", "indicator--5df0b099-a0d8-4ac2-9941-4605950d210f", "indicator--5df0b099-0a08-40b8-bbe8-43c6950d210f", "indicator--5df0b099-0fdc-4143-8d41-418d950d210f", "indicator--5df0b099-4410-43e4-802c-4916950d210f", "indicator--5df0b099-64a0-456f-b401-48c1950d210f", "indicator--5df0b099-f080-4352-aeb5-489f950d210f", "indicator--5df0b099-b334-4dd6-8fae-4e6b950d210f", "indicator--5df0b099-2c14-4009-8dff-41f0950d210f", "indicator--5df0b099-82f8-4d5d-b473-4e0b950d210f", "indicator--5df0b099-a714-46b9-b85b-49d9950d210f", "indicator--5df0b099-798c-49c2-bfd0-4cac950d210f", "indicator--5df0b099-e24c-452b-b0aa-4d57950d210f", "indicator--5df0b099-22ec-4756-aebb-4ad9950d210f", "indicator--5df0b099-18d4-49e4-aac2-4958950d210f", "indicator--5df0b099-0834-4bb0-bcc1-481b950d210f", "indicator--5df0b099-6eb8-48fb-85d4-4c1d950d210f", "indicator--5df0b099-19bc-4d8c-9a5d-4ddd950d210f", "indicator--5df0b099-12a0-4df3-a0e5-4d1e950d210f", "indicator--5df0b099-1d7c-4274-a177-4682950d210f", "indicator--5df0b099-91d0-4623-93c9-4b39950d210f", "indicator--5df0b099-d870-4924-91e0-4312950d210f", "indicator--5df0b099-3514-43af-95db-49d1950d210f", "indicator--5df0b099-b948-408c-b7e1-4da3950d210f", "indicator--5df0b099-9e80-428e-88e4-4655950d210f", "indicator--5df0b099-5434-4897-bd5f-4d0d950d210f", "indicator--5df0b099-eef4-48c5-9e3b-4aa2950d210f", "indicator--5df0b099-0dc8-41b6-a2a2-41dc950d210f", "indicator--5df0b099-8154-42c6-99d4-45e3950d210f", "indicator--5df0b099-0cd8-4516-9a36-4be3950d210f", "indicator--5df0b099-0718-4afb-951b-40f2950d210f", "indicator--5df0b099-2e38-4c0d-8799-4930950d210f", "indicator--5df0b099-160c-4f4f-9e5e-4a2a950d210f", "indicator--5df0b099-0980-45ff-a721-45be950d210f", "indicator--5df0b099-1884-43ae-b171-461e950d210f", "indicator--5df0b099-585c-4ac3-a65e-4a3c950d210f", "indicator--5df0b099-20ec-4349-80b0-4ea3950d210f", "indicator--5df0b099-adb8-4535-a824-400b950d210f", "indicator--5df0b099-9b38-4e0e-8ab7-4447950d210f", "indicator--5df0b099-5c78-4703-834c-4807950d210f", "indicator--5df0b099-8d54-46a1-b2e6-44d8950d210f", "indicator--5df0b099-8a40-40f1-ae5e-4daa950d210f", "indicator--5df0b09a-7004-4ab6-9515-42e1950d210f", "indicator--5df0b09a-80d8-432a-8c8a-4766950d210f", "indicator--5df0b09a-19c0-4371-b268-4ec9950d210f", "indicator--5df0b09a-7428-4036-ac5d-42aa950d210f", "observed-data--5df0b4ab-fe28-468e-ac6a-98e1950d210f", "url--5df0b4ab-fe28-468e-ac6a-98e1950d210f", "indicator--53843aec-5e04-4543-94b0-bb3fa5395712", "x-misp-object--b406bf9c-4d7b-47b6-a576-ebdbb551bafc", "indicator--45873b32-efb8-4b5f-8a53-212212b36a39", "x-misp-object--c3b3b92e-5eb7-4d9f-8337-11db8eb78ea8", "indicator--6af81f2d-c191-482e-bdf9-3a203e914d02", "x-misp-object--e67a5294-4b42-4ae7-9990-7a8a00e63c15", "indicator--e3f8e0b1-5829-46ac-9a3b-b18e4bbab0c2", "x-misp-object--085b8738-a4b2-48d6-932f-9d31960d6f2e", "indicator--5f42c00b-7637-4194-ac20-42251320a11f", "x-misp-object--70aee2bb-57f7-4a3a-adfa-e0f9c7161010", "indicator--57218619-38a5-49ec-866b-28d99faec70f", "x-misp-object--464709b0-9fd5-4f9b-a968-04d1f3e133e5", "indicator--50f17323-e87a-471c-8d6e-de6e49ec3832", "x-misp-object--0bd39994-6fa8-42ab-8327-3ac615d55235", "indicator--ad04c4b6-3c89-40e1-8311-010c91a8dafb", "x-misp-object--760bc727-d819-47ad-a487-f06db213eec0", "indicator--5286af70-d331-4220-989d-b7ad41f09013", "x-misp-object--93bac262-1ef6-43de-99a7-a78933bb4cde", "indicator--027e0da7-33d3-4dd0-8368-8f321e6b1172", "x-misp-object--067e4870-d444-4651-b5df-a2b914aa08d4", "indicator--155337eb-25c5-4eac-b29f-97bac3db5c2b", "x-misp-object--cc9f22a2-f853-4d5f-947c-d4942c4eff15", "indicator--c874f5bb-748d-4b33-961f-21eb9c2d12fb", "x-misp-object--315bbda1-95cb-4da9-9452-f9cc93338e8e", "indicator--01a37991-491c-4dac-ac7f-f843b2467e3a", "x-misp-object--163a4d7b-ba77-4981-980e-8223237f08b4", "indicator--70891908-cfa1-41b1-b79e-44d3aa835e33", "x-misp-object--49c2af30-879b-40e0-bb29-8c7c4f36a98a", "indicator--1ff7bd52-ba3a-4e0d-98d8-1d1fad5c169c", "x-misp-object--8e6ae9bb-6a42-45ac-8a6c-463adb7b41ca", "indicator--02ca4e6e-8ca4-4d3e-a582-9f0c30fcacba", "x-misp-object--8e2cbb96-0ef2-4953-a62e-2b6348c450f7", "indicator--6492648f-3b49-431a-b533-f9672d741ebf", "x-misp-object--ea818a51-b19b-48eb-b3ef-3e7471105ffe", "indicator--c656aef6-991d-45da-821d-0e7a06b83a6f", "x-misp-object--061414cf-10d9-4cc7-a728-49ae97e09078", "indicator--c8200800-2b59-457b-9fcc-51aa49b1140f", "x-misp-object--8f90af4f-a996-4a90-b933-4f22270b2ee9", "indicator--d48c1dad-ab04-4faa-8840-925beae7eabd", "x-misp-object--242c1ceb-f1ec-419a-8003-5c4d20c7a000", "indicator--89372313-0fe3-43a5-8330-72763405d433", "x-misp-object--56af0e8a-886b-4f36-9fad-f8ea6169b387", "indicator--2d361394-c14b-40be-b1a4-1dce3e6fc98a", "x-misp-object--ceeffab8-c4fd-4b76-a34a-6c1cb8f713dc", "indicator--d462d433-a3a5-4699-bb8d-843a484d999a", "x-misp-object--38ac9306-a074-4133-bb49-8d893dec7e1d", "indicator--9f3fb18a-fb74-4e6b-ad53-544f17fd557c", "x-misp-object--9e2f72ad-7487-4fb2-86fa-3e9e22d31800", "indicator--d8262582-33c8-4944-93fa-479041980c74", "x-misp-object--ce967ff0-32cf-48aa-9880-d6e42b44c466", "indicator--28d13118-1a57-4449-be04-397881739a86", "x-misp-object--c037b8c4-36c0-468d-8a99-21a5b6619a15", "indicator--c8f76e09-c13b-4ea3-86f0-2335a83af33e", "x-misp-object--ced1cdcc-ab25-4e5a-bfc3-18e04ed4e89a", "indicator--cc2a2628-8010-4d98-bad0-f6925aca44c8", "x-misp-object--d719e1e7-4515-470d-a2ce-ab8acad3e7c4", "indicator--1dbb3a84-2b1a-4a57-9b17-8f0b7ca1c525", "x-misp-object--341993c1-a49f-475a-ab50-aa56dc25d7df", "indicator--ef192623-cc91-4453-885c-8ed4cfc7baa7", "x-misp-object--258e9e08-24e6-4022-8dff-046060944c15", "indicator--41478f83-05cf-49ec-a1c8-1cacbbc09e33", "x-misp-object--608a6e2a-f326-4619-b78f-aeb942b24638", "indicator--ed93e93f-413b-43b4-96a6-7abbf8040d75", "x-misp-object--1b36bb45-fff1-497d-90b6-44c336c6348e", "indicator--fcf29ec0-d5b2-474f-9b47-a009302fffd7", "x-misp-object--9acdff64-6582-442b-b72e-400c5de70d40", "indicator--6aeb3879-bc39-4994-bc04-600eb8dd6fe3", "x-misp-object--9ca20ea2-6e65-445b-9676-3f62af9b5df3", "indicator--9e18c6e2-bebf-4581-a657-dcb4782bcd69", "x-misp-object--2eeba3bb-9a78-4ebd-bf31-387ae7ec7c35", "indicator--ae856592-4152-4ad8-8d72-3af1f275d7b9", "x-misp-object--13f496f0-29b7-4a37-896f-1ce2ec1e7286", "indicator--680d2e52-6fb4-456a-b196-07825f047910", "x-misp-object--0cee6148-5413-41c1-809e-5906a5637c40", "indicator--3b29f7eb-dbaa-416c-a4df-cff9599465f5", "x-misp-object--f33804ac-e880-46d4-8e34-0f25bddc3a72", "indicator--f007ef4b-7c49-463b-8140-0e7833584ee0", "x-misp-object--2969123a-0982-4b37-b0ce-d619dab67a7d", "indicator--733a51f4-bfaf-445e-b9d1-6f2aeb3e9e13", "x-misp-object--a2d4eae7-25dd-48d5-a73c-17b0e3be9fd5", "indicator--dc339a82-4290-4b72-825b-86c8e2ad63cd", "x-misp-object--566796ba-2887-481f-883e-5b87f2c294f0", "indicator--94d47416-8a94-46a9-b15b-072940dad7d0", "x-misp-object--6694a7e6-ac32-4aa8-b716-1e85b713d64e", "indicator--ed520552-6513-4917-95ca-c0d15f0d74cf", "x-misp-object--1f2f93a1-eb02-4b87-a2d0-c8caeca58406", "indicator--5ad6514f-d7af-47f6-87b0-372df8ea3b16", "x-misp-object--2bba21b9-106d-4208-a5d6-0bb9ac801ca1", "indicator--c1d78a4c-9ab4-42df-93d0-24cc1963f3e8", "x-misp-object--9f576870-69ac-47d0-be4f-e77b9436dc99", "indicator--3d5d7a8c-c996-4571-b8f9-f03d18a95bd9", "x-misp-object--0e5a61b8-b5b2-4a86-8ed3-eebb7e258896", "indicator--eb13fb99-e9ea-45e5-992e-595fa5379eb7", "x-misp-object--827ce421-4c33-4102-a38c-9a82d7ad034c", "indicator--39a79b60-8c0c-4d11-bca2-38537491f6b6", "x-misp-object--af12b4c0-e8d4-488d-876f-2d49989eca09", "indicator--096eb58c-0bbb-4b98-8f29-f478d1aaae37", "x-misp-object--fccc7090-fbf3-4298-a67d-83a1c81e2dfd", "indicator--91d86c14-5d8d-49d8-85a6-62eb1f6660ac", "x-misp-object--28d1f5cd-035b-41ab-8939-160f3e815c0f", "indicator--75f113a1-ef9f-4310-bb5b-989dee8f489c", "x-misp-object--1b05cb70-d19a-4aad-aac6-551661f56eb2", "indicator--fc8fd229-2908-4983-a730-d85c9e352575", "x-misp-object--dad20706-fc2f-4dd4-8d9c-f5796f819c6e", "indicator--7b8383e3-acd4-4fcb-845b-5cb36e10a7b3", "x-misp-object--a1937f9b-ec9e-409a-bef0-adfea851fdee", "indicator--0eb9d16a-03f0-44e8-843c-b8df2c4c083b", "x-misp-object--9e66898e-3b53-4951-a5de-b420a21476ff", "indicator--58bef497-df6f-43a2-a37c-3739ec6982a1", "x-misp-object--9fd11823-de41-477c-a350-c3e601be0c4b", "indicator--454ad45c-85a9-460c-a56b-9ddb03bad44d", "x-misp-object--f2bc0b22-e168-4e10-8055-c642cdbad347", "indicator--bb3ec885-0bcb-47f2-aacc-6cc62f5df396", "x-misp-object--7b9da427-bab9-46cc-b53b-cb15e0e7670e", "indicator--1d70047d-25af-4bab-893c-1819ce2ee2b9", "x-misp-object--728bb84e-4c46-4cbb-b5b9-d61e905d206d", "indicator--d2f19e2c-8d0c-4282-8dd4-8717b98dab76", "x-misp-object--583eed35-20a2-4f3a-9c33-e2c329a021b6", "indicator--18f0a394-59e8-44f7-bef4-e629c8e2d48c", "x-misp-object--5f4bcd14-cb63-4b73-9f04-0cd48d621451", "indicator--844f9804-c3f3-4cd2-95a7-cd42db3561a4", "x-misp-object--11e37e76-d0b7-4f98-a663-7e1deaad4dde", "indicator--505c4912-ec7c-4bd3-800b-f96b928d60a3", "x-misp-object--37a3479c-7016-4207-a0b5-e1871d62918e", "indicator--19df27ac-fb3a-4564-a333-92b694f65766", "x-misp-object--f42a3419-4657-42b3-b6e5-e947e0c25827", "indicator--ba3c7e43-259b-4b53-86bb-637a52cc5504", "x-misp-object--6a6d30d5-8af3-4c31-9b47-26cc1384e2a0", "indicator--801dda52-f305-4225-81ae-63a537e2d416", "x-misp-object--ceda2ab2-2d4e-4f23-ad1a-88370c893d41", "indicator--738b07c1-e0e9-44e9-9fcc-7724e09a8534", "x-misp-object--0053d5cb-a02d-43a3-ba7f-5e5f5a645c5f", "indicator--7c78d4ad-76b5-410f-b769-8ac2de68cc29", "x-misp-object--fe7b8b9b-6817-4f6a-8161-df3ec4b0a993", "indicator--4a07ccfc-b2f0-4a9e-8fe3-f56da0287be3", "x-misp-object--aa2fa223-8f0c-4b45-91fc-a10098460bdd", "indicator--30ad66a5-06a2-4526-984f-dc929f8e78e8", "x-misp-object--18ffb939-9527-4c34-95f4-6863b04bbaf4", "indicator--68ddc97e-64a7-4d39-8f72-ecb926dc6263", "x-misp-object--8cc13a6a-0de2-4a47-8a0d-0884a02779ad", "indicator--31e0b85f-066e-4c0c-bba6-5c67b4ef5cb9", "x-misp-object--a8e16593-8a35-4cbe-9a7d-27a011ab0aaf", "indicator--88c85dbb-b9e8-4798-aa8c-afd1bb83ee3a", "x-misp-object--dc6d7328-3b68-4028-8355-b1e4af009420", "indicator--4ddfa380-3b6c-40d6-b390-266f76f1ebac", "x-misp-object--871c3fde-844e-44b7-a6d6-5e987c48076c", "indicator--04e865d4-f9ab-4eb3-bb87-ec890c68e194", "x-misp-object--483975a4-7d98-4a54-95a2-8cca2a3e727e", "indicator--a7033e3d-da01-4bbb-9f21-4c5a7d34da3c", "x-misp-object--18688fc5-95c7-40d9-b6bb-f6ac2ffad357", "indicator--02663258-e7f5-4809-98ab-835c3dff4272", "x-misp-object--8f2a5a0a-2756-4cd4-bc4f-22a7245eac25", "indicator--a2e8a416-c2cb-4015-968c-0984172383f5", "x-misp-object--cfcdd3dd-5638-43f1-aee0-3bc1577d74d5", "indicator--f9604190-10c4-41ee-b981-2871bf53e73a", "x-misp-object--9e983312-376f-4ab8-9881-e110e5c4fa30", "indicator--9eeda890-927c-464e-b272-333ccb1d3058", "x-misp-object--6e50a755-b8dd-414c-b623-07ff6a2ac065", "indicator--b984b421-3546-43ec-8344-db330fd09d51", "x-misp-object--79699cf2-b8f5-47d8-befa-6b82e9355fe7", "indicator--1fdac306-8c84-465b-8b79-04b0d475093a", "x-misp-object--ffdb3b2a-3c94-486f-a65c-987a2be986ee", "indicator--e2312244-516e-468a-8cdf-97d0ada59a51", "x-misp-object--a639c694-9dd7-434a-bf7a-f51ad0e469d9", "indicator--e47e2828-2a48-4ee3-b3bc-de782c7ef605", "x-misp-object--c768ca64-4061-4565-8b5d-f720aa735f96", "indicator--5d137df9-f16c-44a3-82d8-f2f77bc2fe37", "x-misp-object--4cef0992-a69b-4bc0-8e3a-608234f1d26e", "indicator--b2f0df78-42f7-440f-8a3e-d0578ff2c69c", "x-misp-object--9e0d7701-e758-4b09-a953-2ea4a67743a6", "indicator--8cd6651b-a7bc-4da8-aa76-4698e77aaac1", "x-misp-object--14d365b0-f7a8-4e2e-a026-e564567fb451", "indicator--52b2c640-0b6c-411f-8a0d-b194db9d6378", "x-misp-object--2e9e748d-071a-46ba-b209-0fcf55b57f0f", "indicator--7df70663-58fe-4509-b0dc-d5d6315c08ff", "x-misp-object--95da7e68-522b-4946-a596-37288c33b6c6", "indicator--d6289f73-5f31-4dc4-86dc-fc9c8a4e4d2f", "x-misp-object--747ff1d3-f9a9-4d54-8653-269224f4abe0", "indicator--73b0dd1f-f6ee-4dc0-b174-30a1d7645102", "x-misp-object--88f5e0ca-db40-49c6-ab76-631672d838e9", "indicator--834968d5-1a82-47c6-b38d-1d07cc666f1a", "x-misp-object--ad9a99cc-55a2-4be5-aa2f-57485a1c382c", "indicator--af18f7b6-3eaa-4a20-8b94-16ff1fea68c6", "x-misp-object--855313e6-0a4d-48c3-8c9a-651443069d81", "indicator--f621cf4e-e2fe-4191-baa7-bd7976d7e961", "x-misp-object--6cce9811-cfdf-4980-9ebd-ac168212f216", "indicator--6ef008fa-8022-452b-bbd4-5e069fb5d1ef", "x-misp-object--d4162df1-da6f-4448-b4b5-d6c6b8bf313b", "indicator--debf20d3-7b2e-4364-80bc-ce7d116f0901", "x-misp-object--ac2df624-1ecb-4b0c-ba28-8948b4203c6b", "indicator--1d2b033b-9412-4234-ba79-ecc2b81ee7c8", "x-misp-object--32b4bfb7-fa21-471f-ab73-c2107993457e", "indicator--19cc2434-e10e-41ab-8507-f4fdafb4d98f", "x-misp-object--ba0df8a7-c288-43c1-9721-e9471d8d902b", "indicator--990911cd-1546-4834-8afe-22d4f992f8f2", "x-misp-object--f9578ad9-21bb-40bc-8fd9-a0c401d70399", "indicator--61649bc8-85ea-4a00-a42a-ab2733d534ff", "x-misp-object--03f94760-3040-4661-97dc-901931fcdba8", "indicator--4f14f254-78de-4214-bc39-c0df5a560d29", "x-misp-object--93e1d54f-78bb-4456-9ad9-20a0684a8c5a", "indicator--1cc552f1-b224-4112-a745-d38d157a1970", "x-misp-object--011facc9-5dcd-4acb-9b28-35f8abb33b32", "indicator--6451bdc5-05f7-46ac-bb4a-2ebbe7779aa7", "x-misp-object--1c344cfb-d472-444d-8ac4-89d0a9fe796f", "indicator--7c830d89-4fd2-444c-b4e9-dee3d0c4c995", "x-misp-object--993b393f-8537-40ce-98a2-0b9c885656ea", "indicator--7b69acd0-5b57-43b4-bb0e-8533ec34f7eb", "x-misp-object--4a5a3841-ab89-40a4-bd73-520e5c71800f", "indicator--015ec164-a274-4459-a93d-7f10c3d98b92", "x-misp-object--8bc83cd6-5f03-42df-ba44-f321406ab01f", "indicator--aa2a4eab-c640-495d-88e4-0c396fde1f7a", "x-misp-object--1423a5bf-6b87-40a1-ba85-90cb015c11bc", "indicator--ace7defc-9735-4613-b3fb-9e31125f1eda", "x-misp-object--577481d1-9d6f-4c45-aa66-1db3601b5411", "indicator--675f1102-34a2-470f-9f12-3fcb2530b2da", "x-misp-object--81363ce4-7dce-4ffd-bd43-7f1056a446fa", "indicator--6db377f7-be37-4153-be95-4aa62e6fcd17", "x-misp-object--e05a9b63-89b4-45cf-b76b-cbde69e1641c", "indicator--a3b2ddaa-5eb1-4e4e-9679-718ef9d63591", "x-misp-object--b38f14f9-08fd-4d10-88a0-a050bbb3de6f", "indicator--91cb5c59-36ac-407f-9255-7fbbd82f25a6", "x-misp-object--59db51e8-4f1a-449c-94fe-e24d0a282761", "indicator--c706bcc7-088f-4f88-a120-ffc65a6a06e6", "x-misp-object--c6d0459f-086d-497c-9855-c5447d1825d3", "indicator--1c7b7be9-c366-49d8-b8a9-754aa1b93f55", "x-misp-object--e287d0a2-e783-49d0-8410-7f42e413f841", "indicator--3f6d211a-d796-40ed-bc41-c369ed217261", "x-misp-object--2aad3842-22c4-4221-b87d-12265d43a1b4", "indicator--0ea2d283-1a5d-4367-8812-0fa934532135", "x-misp-object--e0e2a5a5-ef08-4488-8570-06d814722566", "indicator--8da2265b-d8b2-4191-9bf2-c7267078f161", "x-misp-object--c3af7af2-ddde-4ee9-8d96-17be802ef8b2", "indicator--0a5b77d6-e8ee-44e7-b9c6-4d6a1344883d", "x-misp-object--a5e5117c-32e1-431a-80af-f302be915453", "indicator--e8c1cd66-8313-44dd-baa4-e5d56c6cb036", "x-misp-object--369fc7e4-6cec-4030-81a2-6ddab8cad305", "indicator--c7bfd5e1-211d-4900-8e62-017d2241fa53", "x-misp-object--bf234a47-3939-440d-a2b0-977f4ddc4990", "indicator--47d1ccaf-3093-43cd-8a5f-abb12fef0733", "x-misp-object--dadd1af2-cc8a-4206-bbfd-4b710a5a569f", "indicator--e636c9f8-0933-4361-8337-e8098023cb5e", "x-misp-object--16aaef18-7758-4ba3-9812-1ae52cdd54a3", "indicator--155289df-5fee-414c-aae6-246a6d8d67af", "x-misp-object--2498acd6-03c0-4697-8313-4dc82677d7af", "indicator--a453afe2-b3af-428c-8bc2-7556df970d28", "x-misp-object--40ee550c-f33f-416f-8062-f598e5df8cea", "indicator--d92a99d2-502b-4f2f-97a0-c29bb9d7700c", "x-misp-object--ae563ce4-619c-4135-834f-765f58f1f407", "indicator--8aedd19c-eb4c-4633-9ca0-0aeddb3f9b25", "x-misp-object--120de50a-2248-4f0f-815c-514de8b09acb", "indicator--ba5ab5ce-0a33-4542-a2c6-acf788063952", "x-misp-object--3f175ab2-692a-475c-866b-75cdea27be4e", "indicator--9fdd4876-a0f2-41c1-8920-8c5639670d0f", "x-misp-object--e1e38f60-2397-432a-a393-b1b28a3ba0ce", "indicator--02377d96-8f68-42a4-aafe-e7c43db64444", "x-misp-object--455b6ebe-18f0-4ac4-ac15-e7f2af8eb699", "indicator--beb1e4fd-15b4-4f26-a4ce-4e4b33b11e04", "x-misp-object--30c54480-288a-4424-ac2d-0072ec9b2fba", "indicator--f59feeaa-3635-48d2-8271-a8ba1ad32842", "x-misp-object--761365d3-43d7-4c24-a9a2-5f7f6c437746", "indicator--4c380efd-b92e-4540-8b0f-cd6758f8b8d7", "x-misp-object--50513047-46b2-4b1a-9072-a647b4e3c329", "indicator--1505983b-85d8-4be4-ae57-08b47195939b", "x-misp-object--69b4d08e-f41a-4e06-8e1e-ffe262cae494", "indicator--524b27f3-92b9-471e-a88e-06274ac0bcdd", "x-misp-object--2761f328-46ae-4324-8cf3-e9aee76859af", "indicator--e014ea4e-91c1-47f0-8716-dd67fc7e1091", "x-misp-object--18b8939c-3f03-4037-bb05-bfa7cfa7b3aa", "indicator--f9985ce2-8055-475e-a517-a1a61e519d7c", "x-misp-object--a709d916-083e-40b8-84ae-e72053d94392", "indicator--c9a0bfbc-49ed-4f12-95da-d2e7edfd20c6", "x-misp-object--ae2c2a2d-efb9-4a40-a0e7-01e923a24d31", "indicator--7bea7e57-e22f-40c7-974b-33d10278a526", "x-misp-object--7c0200be-0e96-40f3-b1f4-fd77050ea522", "indicator--6288f9a7-f50b-4de6-ad89-3a208e06ff99", "x-misp-object--a801038a-da64-40d9-98ad-4a679fea56be", "indicator--c134528e-87e8-4503-9697-134891ede3f4", "x-misp-object--b4b2203f-cecd-407e-ae29-2748c97aa26b", "indicator--22b3dace-f93e-4359-a836-03a21ca924d0", "x-misp-object--d2dd428d-ad1f-4676-b67f-8de340cb58c0", "indicator--f780104a-9c5a-4335-930c-7d273716381b", "x-misp-object--4fdd419d-ea30-4669-8e1a-94000db3f917", "indicator--f139ab3e-03f5-42e8-a2ff-a83a60d04010", "x-misp-object--68d7863d-3c4a-49af-afde-b71d15fe2078", "indicator--83ac84b2-0bc6-4376-8c04-ac09e8e07d57", "x-misp-object--e7340379-0531-4697-bc6d-7d79e0c2185b", "indicator--5a5b32bf-40e0-46d3-b152-78769ce84014", "x-misp-object--40d0eb49-b028-43e6-9060-8ab02e096e7f", "indicator--b3c43005-5e8b-4a20-a478-2ab60bb3a0b5", "x-misp-object--f1f0f739-5357-4e7f-95bf-487cc2e7e6dd", "indicator--f9c1c6c0-12fb-4f2e-bf0f-bc2bf5a23885", "x-misp-object--87c726c0-e744-44bc-9aca-2fb279195878", "indicator--e49b9428-97fa-4838-a129-b688d3c83d4e", "x-misp-object--5b535b86-7c4f-46aa-822c-2a6308169766", "indicator--5e6120dd-95d3-4678-861e-06421dd709e6", "x-misp-object--4a0916df-a51e-4f95-9090-8237d80b625d", "indicator--640f6907-c758-4746-9a05-b0e07c7d89c6", "x-misp-object--203c3941-4c2a-41d6-be23-fea6313f70f1", "indicator--26b40d0e-f672-4efe-b54c-e6dbc07452e0", "x-misp-object--131dfefb-6bc2-4c4b-a51c-13eb4b59ad44", "indicator--c9350a97-54b8-4b16-96d5-08b6546d09b6", "x-misp-object--f253f18a-314d-41f9-91ce-7267ac60bcb5", "indicator--1679843b-577b-4504-adf2-dee263fdf152", "x-misp-object--935eebfe-1960-444e-a06c-15246c5cb4dc", "indicator--1cd2d9a6-7b0c-400d-8832-b0a99caaf9ae", "x-misp-object--74100cda-75a4-4cdb-87e7-f04b7faeb90f", "indicator--b2aaba6d-0711-459d-9744-3e7289111728", "x-misp-object--86d7fe43-b9c8-4f18-809e-389a95f58132", "indicator--579b5a05-074e-4bbb-be13-b63f6858e7a2", "x-misp-object--a91f6684-8fc2-4f39-b683-9cd4e2b9a770", "indicator--a7e94977-9343-4e7d-a6e8-158e386489db", "x-misp-object--093e6e02-6a8c-4617-b8d0-3c6b539ec3af", "indicator--77089a38-652a-4032-8377-5951c6749eb1", "x-misp-object--26598531-087e-456f-acb0-81740dc24465", "indicator--7c72eee4-3ece-4ef1-8970-8421b8b49fd6", "x-misp-object--a50a31d7-dd93-4e57-82f6-8c2d86f02eeb", "indicator--8d4316ec-22b2-419f-b8d0-2ad091d8fe3d", "x-misp-object--a3cef8c0-e867-4fcc-90ad-4560b0b862b8", "indicator--092a4d19-c82d-4c39-9d3d-4c8a59684860", "x-misp-object--ef9876f0-2be5-48b4-b385-34c6e1a8b5bb", "indicator--c83b4e3e-8a89-4a7d-83e9-e90305c8b85c", "x-misp-object--9e3681ba-3155-49d2-b043-dc95c8156bd6", "indicator--32d80030-0d4e-482b-a898-803cf9bc334c", "x-misp-object--ffe6a7bf-bd47-4cd4-b4da-eaf078136bf5", "indicator--554f48fe-4bf6-45ac-97de-d340b97dff19", "x-misp-object--30c7946f-9ae0-4d5f-80aa-8d898cfb3804", "indicator--778ae72a-499b-4228-b976-7206cf015fed", "x-misp-object--4a008bfa-f123-4fe9-b7c1-512c3dab17db", "indicator--11fa24c7-61a0-4ca7-8b53-c47d33ec8457", "x-misp-object--4b2305c1-09ba-4219-bac1-7c7aac4c423e", "indicator--fc263859-499a-4ba8-a1ca-4b3065114f5e", "x-misp-object--24e00e33-40a9-4a20-bc4a-f40c105d5616", "indicator--f41b5936-5091-43d5-b8c8-10b828a44ce3", "x-misp-object--afefc42d-7075-460f-9942-056893327173", "indicator--790661b9-5abc-41a4-b941-490796a36e39", "x-misp-object--f54ecbf1-94d8-48d7-918b-25db40ef69f9", "indicator--9248c2fb-b379-4e16-8dfc-a1f50b2f7635", "x-misp-object--db05e4ed-64be-44c8-b71f-19fcc1b090dc", "indicator--97826163-af4a-4b54-bc10-c2a879c26bc4", "x-misp-object--72dd2f88-9263-4b6a-be00-9255dd1d602c", "indicator--be252845-2208-462d-9c4c-db7003378a71", "x-misp-object--7c90a156-0032-4733-8e34-241a4cc01652", "indicator--d10d07d8-f413-4f92-9afc-b1f9c5a932f3", "x-misp-object--5625b2c9-c4df-45ed-879a-2b27bd0ea47c", "indicator--c2c3a5ab-3fca-45df-a938-1945f6a88540", "x-misp-object--6752c41a-88ce-409e-aa3b-147affa33d30", "indicator--4c379350-7ab8-4d9a-ac2e-fd6e22d67175", "x-misp-object--75bf21eb-4910-45b9-aca5-140ebdd73228", "indicator--b9a392ec-a68b-43a6-bb0a-8190b3e61a82", "x-misp-object--54bee58a-c009-4395-a517-3e4eb31920b8", "indicator--704d9b2b-ba91-4907-8141-20c2ef96d4d4", "x-misp-object--595a372e-8d2e-46a7-af22-f9951cdaac88", "indicator--6d2d9af8-e198-4722-bdf9-8af7c3c95ddc", "x-misp-object--f205d829-81be-4736-af7c-14d5e42515a8", "indicator--be5860a9-26a7-4525-a2fa-d595d89447b6", "x-misp-object--ae75e2b7-9bfd-4189-8aed-4fe5ed12ad92", "indicator--9e1259cb-bc1e-4c7f-8edb-a09e082ff79a", "x-misp-object--8fcf3f77-2a48-48a9-ae78-16bce9c47cac", "indicator--03665592-a692-43b3-ae7c-5c44042a9611", "x-misp-object--af5c999b-6767-40bb-8949-ce6fdb0e348e", "indicator--7f985195-63be-4130-8570-2eb74d1c65d2", "x-misp-object--ad0c7ee7-17b3-4d04-87a6-a56cb3b0d0a3", "indicator--af868be2-d87f-4f4c-8ae7-aa156542e19f", "x-misp-object--7ce83015-b2e2-4464-9236-d9fa1aba1fe4", "indicator--1a3e8cbd-32d7-4fa3-9e02-142d5e212517", "x-misp-object--c5bc33a7-1263-4c90-81ee-0c21da76e67f", "indicator--7b4b65fc-7250-47ed-a17b-7ea0880f45e0", "x-misp-object--3f48ed89-af7e-40ba-938b-e74dd9c91e55", "indicator--a0058eb1-5f03-47ed-afab-2efd3e995eea", "x-misp-object--07576deb-5352-41b5-a479-2c5317d0c86b", "indicator--80d35444-5e69-489e-90cb-5042335a6fbc", "x-misp-object--1b4c7c89-9561-4419-b2f9-1c274ee62854", "indicator--48c053b3-3044-44cb-a28f-a7d52591daf4", "x-misp-object--4cb3c70c-abc8-41b8-be9e-a03b38671347", "indicator--e16742e5-9cde-41ba-af1d-091d8bedf4b0", "x-misp-object--3b5f9f6d-5343-4f06-a8b5-31861c2e1de6", "indicator--1acdcdf2-193d-4bdd-8360-a26ed49a0793", "x-misp-object--d5e4bd27-6691-4b2d-8eec-2fbf4e24baa7", "indicator--b401a8db-a6fc-4176-b07d-10973bd9bcf4", "x-misp-object--6a8e60ae-a643-4b5e-b5e6-57405a6c8597", "indicator--4d42dfa2-8146-4ce4-9bb2-ff4cc7aed489", "x-misp-object--1bfd9b32-6528-405b-9df5-1bc170d35ab9", "indicator--675e1716-6a26-42ea-a062-e6da3b6ad681", "x-misp-object--c18b282e-e307-422e-bb53-905e3acaba81", "indicator--334a5d8d-d499-44cb-a4bf-a1b09f5c957c", "x-misp-object--34d09d98-c515-4fd3-a13c-cbfb8f173195", "indicator--7376a665-9c9c-4711-8f68-1f45047546f5", "x-misp-object--ebf1c6f5-884c-4017-b8a7-6420e0f653f8", "indicator--b4de5a4e-2a19-43d8-9da1-57730d22dab3", "x-misp-object--b156f377-075c-41ec-a520-dd934705382e", "indicator--56cc4fcc-15c0-489d-8bf0-7f683885a03e", "x-misp-object--622a2879-7329-4bfd-a8a6-58f0523d1ebb", "indicator--d10942f1-7e0b-4700-932c-37a24ca2a7b9", "x-misp-object--8d74ec39-ab53-4434-a82a-4cad16a3a23a", "indicator--7aaf28e3-f95e-4803-ac53-ee1c1c50272b", "x-misp-object--1b0fff68-525f-40d9-88dd-df82f4ef0a94", "indicator--aee07c40-25ea-4b3c-b4ef-b37feb1ea25f", "x-misp-object--fb6f45ed-fd7b-4bb4-92ca-05b6fe37d18b", "indicator--7f4b6869-ebf6-46d7-82c8-947888af0c08", "x-misp-object--ffb7dc9b-afec-47cc-884f-4e1dc971a3ac", "indicator--190115c7-882d-4856-9092-b742108a2eab", "x-misp-object--15b205a8-cb6e-45d7-9aad-da527c8ff5de", "indicator--6e916952-29d1-4de6-bba2-d3fc796e53d4", "x-misp-object--95526d28-ceb8-4f8e-aa22-f14c264d5a47", "indicator--68313563-5349-4294-9eee-4a4b6930b3ee", "x-misp-object--491197e9-5698-4c91-85a8-0f83e94954e8", "indicator--64dd15b3-2453-408f-b6f5-699ea53bf1b0", "x-misp-object--e253786c-c98c-4560-9b8b-7646ef35d4c6", "indicator--ee0adf9c-a186-4916-9c43-bbc20ddf6742", "x-misp-object--6c819924-59ed-4ba8-9075-9b44378c194b", "indicator--32858727-1f3f-46c2-835b-d92df8fbbe42", "x-misp-object--03b98b00-c2d4-4bab-8c3b-994435c9d01f", "indicator--af710a53-521f-4c89-bc1e-e0009e897980", "x-misp-object--a7ff9f45-3a50-4e9a-8f65-66403d663a62", "indicator--5e0029f8-d3d4-4f3b-b46b-f1338edec78a", "x-misp-object--cfd88dae-dc3a-4c99-9f6e-95c373ebd3e9", "indicator--9abf1fc2-6b35-4683-ba31-9f6e137d9c08", "x-misp-object--a64a8a55-a61b-4d0d-8b08-54ee89ee7ea6", "indicator--e79989fd-61f9-4ddf-8828-2d65e697945e", "x-misp-object--fd5f1ceb-997e-441b-b218-5304fd5ab648", "indicator--076ec3fc-a672-44ff-a43b-f6931a75b962", "x-misp-object--4ebc765f-3147-4a56-b87d-d57279baaa14", "indicator--9197aad4-39a3-45a4-9ccd-7d919989468e", "x-misp-object--6b7d265f-5cac-413c-8cd9-95c902b73228", "indicator--508c47de-d7b2-405d-87a1-47752784e5bd", "x-misp-object--c8f8cb6d-5af5-43ea-bbb0-06f60165a41d", "indicator--e38e5407-e670-42ef-93cf-b00573c36cd6", "x-misp-object--69360a5b-7dcd-4424-b1f7-edc91902d8fd", "indicator--0b989039-6f0c-462d-9b45-cf9cb3f1b3c5", "x-misp-object--a8607e7c-7ff2-4432-8535-b79232cff49e", "indicator--7ae255ca-988f-4503-974a-d7f3176d71ce", "x-misp-object--722c1268-12a8-4655-b6d2-92d8e2067996", "indicator--3daaa8a6-a836-4877-8f62-d16e6a99cd89", "x-misp-object--31a94059-6a6d-4b60-9d34-ffaec33d6bbb", "indicator--7d0baec0-5a8c-479c-b612-010d1cfc2de1", "x-misp-object--9c2f4bf4-446d-4a13-a18c-e0e3a5c904a0", "indicator--600fa261-6de5-4436-9730-3ccf84bb3bec", "x-misp-object--2d1cd09f-2c06-4db7-8079-15d878241205", "indicator--0e29bb53-4317-42ed-8b7d-4919f4b831b5", "x-misp-object--7e548b9b-5d25-4628-856a-0d559a6b67a5", "indicator--11df11e9-c64d-45d9-9474-b234b06cdb98", "x-misp-object--52beb6bd-475a-4dd5-9d70-fbd1aa29c3d5", "indicator--321ff7b0-34b7-479f-8dd0-41c259ebbe25", "x-misp-object--64d45127-0af1-44cf-9934-4f1d4d4a9840", "indicator--64429339-5b9d-4b6a-9614-167fa0e883cb", "x-misp-object--5ccd21bd-6cca-4733-8961-9b0e4906afe1", "indicator--62ba4a06-02e3-4eaa-9f23-156bd0911684", "x-misp-object--4cca88bb-70ad-4884-b433-e3803ea0a1f3", "indicator--bc9f7c61-9813-410d-8947-bd622d3428f5", "x-misp-object--22676db9-d003-43e6-8e61-bb9751963fb7", "indicator--d9749493-6aa2-49b2-aefe-f207ff3a8aba", "x-misp-object--e25bb58d-f313-41ce-ae1f-fdc088624f99", "indicator--cedddf8b-6830-4953-8a90-eac2e56849fa", "x-misp-object--c3319757-81fd-449d-9452-0034f18e4e50", "indicator--c2d8cb4c-350a-4881-b1ed-ab623c674f91", "x-misp-object--7af9923b-7777-4df1-9ecf-86d8db86dae1", "indicator--16144424-d01f-4a4e-b9db-53fdcfc431be", "x-misp-object--58833fab-1a5c-4762-99b5-55e98ce88973", "indicator--4bd10b1a-3756-4b4b-8767-0d9a3c9259e3", "x-misp-object--cc5656d8-39da-44e3-ba60-194af764034c", "indicator--2e87724f-2380-4b47-8c65-e7972a25ca50", "x-misp-object--5adfe6db-846d-4c5a-819c-8c457b28f2cf", "indicator--8f0a49e1-0ce9-4944-9200-1e2db8abfcb7", "x-misp-object--492231b5-8f97-406b-9e0c-41ea31df35b8", "indicator--e09181c3-54f6-426f-836d-630195f98612", "x-misp-object--0815fd32-3f74-418b-b2c5-bffb1186f647", "indicator--376494e4-19fe-4182-abfa-864ac7c9c6d2", "x-misp-object--19270c9a-bdf2-4e27-911e-b793dc82e57a", "indicator--d35e9b13-b591-4c3b-ba81-7d6ebcdf1ee9", "x-misp-object--dc362422-092c-4b92-b4c1-ad3c5a322fb4", "indicator--4db3dcc5-b9ea-4f99-949c-1373ba9efcf3", "x-misp-object--7bc644f5-5b56-4fc1-99da-77653550379d", "indicator--76057e00-e1a3-4d4d-9234-8491d141c504", "x-misp-object--d38800a2-86e8-4e1b-ae74-91b94534efe8", "indicator--3297203a-bd22-4cd1-921c-c9b13bca5da5", "x-misp-object--aa505ab9-f601-4648-a1b6-4da40901ae55", "indicator--2df84a4d-abea-4e71-8580-bda849f4db82", "x-misp-object--0a24cc34-7c45-46a6-9f16-0ff607c41ee3", "indicator--2dc85285-8460-49c6-959e-6766a6124fdd", "x-misp-object--48201af7-1b01-48b8-a9b0-18b859fe71e9", "indicator--93e653fd-f737-4eec-91f9-ccea68f69d57", "x-misp-object--06dd20c3-b244-4c18-bc92-a85103e4c889", "indicator--fb75d84e-2cfd-49e2-9227-a78141eb1d28", "x-misp-object--05ba90e1-fe79-490c-830e-e2e3127e4bd1", "indicator--f3fb5ee8-ed83-41a0-94ad-8ea9fb6daf99", "x-misp-object--7f9ff2ed-5ec2-4c8c-b849-4703420ccd75", "indicator--2c8d7a6f-dd71-4981-931f-da97c781a7db", "x-misp-object--3850e17f-7108-401a-8f24-ae76491b291e", "indicator--a330fbbc-71ff-4351-ae7d-6778300ecade", "x-misp-object--2d60e889-6d1e-4213-9dd1-26cad6266082", "indicator--e42db255-fa7a-4fe5-888b-bf13513a1e95", "x-misp-object--d60cbc76-f3aa-4e86-b35a-3c42054618bf", "indicator--e4e7f5b0-cb82-4bec-9022-8acb50bde3a2", "x-misp-object--e4818923-cb6d-4bb8-aaf6-dd22ae551267", "indicator--c10d988c-86e1-429c-acfe-62eba6fcdc3f", "x-misp-object--694e010b-ef72-4745-8003-038028ec9c82", "indicator--3f0a0ea4-7de2-4468-82b0-05957a73095c", "x-misp-object--ccd798a2-85b9-494a-96ca-92ff60d480e6", "indicator--45848e9c-e246-4efe-ae50-99e816a1fa44", "x-misp-object--87726c1e-2cbc-4272-b3e6-4a72c3639ad8", "indicator--6f6ce68e-1adf-467c-b9bd-3706a9f28e58", "x-misp-object--94b20788-3705-46e4-9ab2-166139b97539", "indicator--12ba9b4e-ef1d-4b74-a1f1-7755d6f100d7", "x-misp-object--f052f615-c2e5-45f0-9e0f-fa089034617a", "indicator--b96a2951-99bd-49a6-b34e-059d4af7a1eb", "x-misp-object--69dd4883-4cc8-4c53-92d8-ac366fb4e9b1", "indicator--e6bc0b01-e272-4a47-a5ec-0fca029e1d9b", "x-misp-object--e524cc07-e321-4478-b1a7-155c1045b2b8", "indicator--abc5a718-9535-48bd-868a-54740ddc4773", "x-misp-object--70f154df-8874-4f39-a4f8-1078e3df16bf", "indicator--398657cd-cb88-41ce-b9ac-90ef2f426d6f", "x-misp-object--ebfe3901-8768-4d85-8970-fbb9efbd2d21", "indicator--6413791e-00b5-4ffb-83d4-ffee0cd2ca0b", "x-misp-object--da879160-458a-4dab-a126-245cf0f7a285", "indicator--07fc0794-5e29-44e0-9cee-faf0ee755c32", "x-misp-object--b17d7848-e8ad-496f-96de-51da10e952f3", "indicator--005be038-8a2e-4cc5-a0f0-57f5df4df5f6", "x-misp-object--ab5ce77c-edac-43f9-8955-f9b70ca25c78", "indicator--bea1130e-4cb9-42ba-be62-dc58d29271fe", "x-misp-object--fb0d63a5-2ef7-41ec-891e-318ad1af405d", "indicator--7c06d918-976c-4d51-9e99-8d3e37432ebf", "x-misp-object--ae92dd95-4a6a-4791-b9a2-859713516919", "indicator--0970bf3c-d0ae-495d-a9bb-8f0850d31d02", "x-misp-object--6faf13be-b871-4263-8384-a4ea165c6dbe", "indicator--805c7a97-f0b2-4be5-a3a7-3d5ed004fe8a", "x-misp-object--c33d8677-d9e8-42aa-a109-9c077c74fa7b", "indicator--6d4d528c-aa9a-4678-acc9-706dc617b813", "x-misp-object--13daa6ca-eeb6-4793-b7f4-b240a5694a49", "indicator--c52e2698-5238-4c6a-acd7-878cfeeb08bb", "x-misp-object--77daaa86-1ca8-4829-848a-2ab124fbde2a", "indicator--53be0e4b-423b-498e-a3d4-7b7835134977", "x-misp-object--368db7b2-fd52-4253-bfd3-0e8d6b1128c0", "indicator--5f78f768-d3e3-4c57-b99e-c9ca1afc0719", "x-misp-object--3bf6bec5-5936-463d-b7eb-72f996f0b0dc", "indicator--72f0eb8b-cd3f-4b91-865d-29034d6fa578", "x-misp-object--c990f842-45cc-4c91-9362-7e36d9ea686d", "indicator--b85e20d8-4cb7-4223-ae59-3ad7b984a218", "x-misp-object--bd96673a-9739-4b1c-90a7-cf93e7983d65", "indicator--8853e5c5-1501-4b21-8b6f-908bb944d562", "x-misp-object--90821f3b-1e17-4f71-92cd-5d7575010e48", "indicator--765924d0-c38b-4999-aec1-9a458db95dab", "x-misp-object--8db06b60-3ee5-4c7e-abf4-89fc457b7ca9", "indicator--5acb8ec4-b43f-4dd4-a054-52c01028f440", "x-misp-object--509ca6ee-3003-4a6e-85a0-f088ee39013c", "indicator--eaf72681-d495-4bcc-ad7c-a28fae80cad6", "x-misp-object--a9fbf066-90b4-479a-b421-249d0eb7fb88", "indicator--1357b011-56bc-4256-9daa-e8e58a0bb2c7", "x-misp-object--b6d9408e-2eb1-4a92-b402-a87daf6b32c3", "indicator--63103b77-e89d-4f87-a9eb-4bc77fc2848d", "x-misp-object--05b819fd-e576-4d36-a984-73b763610cd3", "indicator--89debb59-6a70-4aba-97b5-f77df678a97b", "x-misp-object--ad5d9831-f2ea-48e5-a022-dab7337f9f49", "indicator--e20c0aa3-0cf4-419b-baef-4d2d30a38f23", "x-misp-object--1d4e08cd-ae5c-4f22-9f30-44f4fc820458", "indicator--68c04910-f986-4c23-9521-62f771f9ebe2", "x-misp-object--ecb65e70-f259-4ecd-9423-946c1b5648d7", "indicator--98c067a4-1ab0-4b27-8776-b278725b50be", "x-misp-object--a2680e73-6889-45e4-a65d-a298f11c2d17", "indicator--ec9966dc-77de-4518-8609-95eff444388d", "x-misp-object--795a1fdf-49e1-4e50-a85f-3a4176494389", "indicator--fa646c42-4280-46b4-9cf0-4aca39a04070", "x-misp-object--bfdc67ce-6583-447f-8e13-7569e81ea7e1", "indicator--e75026c9-90fc-4278-93b3-ec2f98892005", "x-misp-object--a7cde723-daa2-469b-9dec-4ab357ab0656", "indicator--7b1f82c4-364b-4993-b254-be89999295c3", "x-misp-object--b9e9b270-e201-48d8-959d-c53b47510fb5", "indicator--b58e3ceb-0d5c-436d-9d6e-98c592d75ee7", "x-misp-object--ae22c98a-7e4c-4576-bad3-daae1a313c19", "indicator--e4ab5c2a-0f29-49ed-8101-f53735fd9327", "x-misp-object--841a3d54-f045-4cd9-b58f-0bde95db27e1", "indicator--1d2c8766-dca7-489f-9550-73fe0f885d1e", "x-misp-object--2bc88896-973b-4215-8f4e-11ae835bfdf2", "indicator--c0b27747-705c-4d72-9e95-f231e6b93f53", "x-misp-object--628f43d4-9f52-4a66-84d2-6dbfdfe969c4", "indicator--8a376444-9c79-42d9-928a-25dd1a1afa29", "x-misp-object--d3c2b24c-f847-4414-85c2-e71fecb4d9af", "indicator--6195996f-6bdc-4e2b-bf9d-202df3c89f50", "x-misp-object--e1983e63-f280-4191-8fca-6fa561bc028e", "indicator--c9ab032a-2aaa-4363-8145-5daa9a819b0a", "x-misp-object--81933a57-b24d-4a30-817f-22ba642fd14c", "indicator--9218748e-8966-484b-aa99-5803ed53ec7c", "x-misp-object--3ad4d357-5277-4598-9d15-a362ab9519b3", "indicator--8eef2549-360b-4985-889d-209f5ca535d3", "x-misp-object--30ee7c44-f887-4b02-991c-a000534e6030", "indicator--1c4ea6dd-24d5-46bf-beef-7dd6bd35499f", "x-misp-object--2cdf5f0d-47bd-4ae2-9c5c-da56b2e77f58", "indicator--9ed61707-31ce-4559-a85b-f177c85d687a", "x-misp-object--c65bed31-f64f-47b3-ad8b-9a641ab6b7b1", "indicator--62f71c3d-8724-4888-b634-a7d3752695ba", "x-misp-object--a4fed9f6-2f64-4b0f-8511-3705a306a1ee", "indicator--c4070ec2-5078-4852-9dfa-e67a2649d36b", "x-misp-object--821c8d27-03d7-4cd9-a184-166decec2856", "indicator--d349a739-f27d-4dcf-bae7-d67012620f33", "x-misp-object--c1d50dcb-b695-48fe-a49a-7cff10f11589", "indicator--caee4aba-0102-48b5-ad8a-1287cb213030", "x-misp-object--abcc5d71-abb4-4dee-b1e8-ca6001c3758b", "indicator--9117ae19-7708-4000-9533-a0c6d3138ea1", "x-misp-object--35aa4f54-4b30-4128-8575-214523fc7d11", "indicator--3134b067-1d49-4a98-87b1-aa6e600338ca", "x-misp-object--3620e830-e0ff-40b4-94e7-92e149c6e981", "indicator--7d0241be-d6f3-4c08-85ed-ee43dac5847b", "x-misp-object--444a0e7b-76d5-4530-91c0-0dfc79237131", "indicator--7761bf51-5f5e-4aaa-be9d-bb35c740f714", "x-misp-object--e6f2bff0-8edc-40b2-97e0-1ee80576493e", "indicator--4457b0e9-bef0-48ad-aa21-f7ba7c652f75", "x-misp-object--a3d4fc30-7761-4e42-bc4f-b8e1acc63987", "indicator--1dd87091-752e-42f5-b428-f51736b257ee", "x-misp-object--3b199135-e920-4a9d-981f-54b70738f142", "indicator--6b6aab10-96a0-49e2-a255-acfded4a9373", "x-misp-object--5c3f6466-8b63-42db-a888-83e5094a5c96", "indicator--78b8ffef-e689-4c3b-b1d5-36ffc621736e", "x-misp-object--5953cb1f-a9a3-48f6-b7cb-b3c7b2085357", "indicator--4ab5c507-07a3-4754-ac60-f56a90a07a59", "x-misp-object--10ce3811-2d64-48d3-866e-21b2f38196fd", "indicator--565e58b9-37d3-42f9-981f-94b5a196ff67", "x-misp-object--ce46afa0-ea40-43bc-ac74-fe77697eb8b7", "indicator--53fbeb11-1c73-4a07-8ce3-4d100c4d9e06", "x-misp-object--b3a0d1e1-4d1f-4f6e-b160-f5ef4c73d24c", "indicator--892f24c1-e6e8-4898-b3d8-dd58f03d9aee", "x-misp-object--50404a55-6518-4320-b02f-277a8f95d517", "indicator--d7f7a218-00fa-47cb-9d48-8f41aed63824", "x-misp-object--29b2b7cb-981f-44b6-a0f1-b0ac00824eaf", "indicator--d2d6b87e-b30a-4bed-a8fa-690cd8dd7b34", "x-misp-object--ec2ed37a-6456-43db-b5e5-4a0e947d4e91", "indicator--540eccfd-055a-4638-8fe1-996e4bd798bc", "x-misp-object--5ed81b52-cb94-4d23-90ff-924997e5ee31", "indicator--fd9c1730-3934-4d96-9e4e-66d416fc1dee", "x-misp-object--20b3340c-2536-43ea-9a11-0d04b9cf9f60", "indicator--d6c1c49e-8a88-41e4-a935-b22abfac6779", "x-misp-object--6645ca7a-2953-4aea-99b7-979afff6c520", "indicator--7595266e-68ad-42d8-aea3-030fff8c2372", "x-misp-object--b6a9653a-1c3e-42a0-b663-200c20c29f72", "indicator--3be262ed-cbff-4863-9845-bbe8780e4060", "x-misp-object--55b81650-a1d1-4e38-ac8c-0cc8a57ba371", "indicator--7c3fbea3-3b94-4b4b-9658-58c0bda50729", "x-misp-object--daa9b3e2-e2ca-47a8-9e9f-deceb9f644fd", "indicator--6fdb0082-f213-435f-b8f0-07c9505e93c1", "x-misp-object--e8cd3aba-3100-4a3e-a2b3-2c722681f9f3", "indicator--f8975b3d-872f-4935-bb7f-206c5b43f28c", "x-misp-object--7cf62d8c-3de3-4b2d-a7b5-3032ce3438e3", "indicator--b79fac33-6789-4c6d-8203-86a543916337", "x-misp-object--c21a9315-97d1-4168-a9b7-12423024a3b6", "indicator--91905962-1e77-4f65-a1f1-d7245a4325d7", "x-misp-object--50e15cf6-cf9c-4922-93d8-e1241e97e39c", "indicator--182e3f1e-de06-492c-a4b4-81cbdb039aa6", "x-misp-object--d4e3e0a9-e92c-4ad2-aa0b-690729b25b92", "indicator--45f3d5b0-854a-4d2c-bf88-70cd8564f3af", "x-misp-object--1753520a-1660-432f-aff7-08385961ba2e", "indicator--241463c3-0626-4f97-b0db-f683cf972e7c", "x-misp-object--f81cf644-3724-4f5a-bede-b656e85c6c73", "indicator--6c895566-202b-4f6c-b7cf-798509971bff", "x-misp-object--2d8f6027-ce38-45c8-870c-a699fd9e9e3d", "indicator--7503be52-e147-48ea-98a4-d7be3ace45c6", "x-misp-object--eb2a85f6-01e2-4caa-8c9f-988318c26249", "indicator--a462fd7a-1c1d-44a5-a57f-c42386b0ff1e", "x-misp-object--9ab5b90d-5dcd-4745-9789-c4e1ac9000f4", "indicator--e73a6fe3-456f-401b-84c6-6e6dcaacdfc6", "x-misp-object--2165f1bf-99b0-4e68-9d2d-1ade377d8956", "indicator--dce883cd-5087-4904-a7b9-023d423dd1d1", "x-misp-object--737ec17e-d4f6-42d8-b4e3-390c2de98945", "indicator--227c4286-3b20-4b4d-9856-ea87c2d3bd80", "x-misp-object--f365c021-ac24-4d53-aaf0-e221b311837e", "indicator--4615e70b-359d-4f2f-96a4-ea418c5a6854", "x-misp-object--2fee9edd-029f-47fb-8cba-757099976138", "indicator--1c3c6593-79bd-4150-b1ba-146da9c4bce8", "x-misp-object--ddd88357-7732-4691-8a56-ceacf2bee532", "indicator--c9785371-03f8-4af6-9373-5909e49e5adb", "x-misp-object--1295c57e-bbc7-468b-bb20-8211f7c4072a", "indicator--c763fb0a-4e8c-4f68-b194-4d1b8f482e8e", "x-misp-object--8a81d792-e18b-4e84-9be9-962c67005bd4", "indicator--f3e51af5-e6e1-46d9-a62e-2f8e8b6fbe09", "x-misp-object--61c82fe5-d83e-431a-b959-73ef76e2b052", "indicator--91864f2e-a0af-4d1c-8196-7a5a3e13f097", "x-misp-object--1b3fea86-801e-4f54-abd1-4adc96fdc7c1", "indicator--f0fb588b-6cf2-4e37-b528-94ae24244747", "x-misp-object--e30f84c4-cf2f-43e7-a1c7-f4fd20ecb6a7", "indicator--0397a39e-c3a1-4b20-9b06-8da452770996", "x-misp-object--b242c8fd-73a4-4479-85c5-6cc76cdc4e15", "indicator--6fce01ae-2da9-4ca5-b217-3e6d8f09007b", "x-misp-object--b13126c2-6c1f-4311-ab60-d411f81690f2", "indicator--8cab29e2-5471-4e6f-8cba-03c645f0ad5a", "x-misp-object--41d9ccab-aa02-48aa-ab67-c8896f3361f9", "indicator--e7018491-83b6-48a1-aa51-93df57b590f3", "x-misp-object--5cb084df-c303-4674-8237-aa97afecf9a4", "indicator--68b9968f-45de-443b-8299-dc750d617381", "x-misp-object--b72f4f4b-d1a3-48f2-a061-670fde18a5f7", "indicator--9b4cbbf2-4357-4e8f-ae26-33269481bf84", "x-misp-object--45db8aea-a407-4e78-b0b9-ab2c702c6065", "indicator--d6b22457-eed6-4d5e-b732-90f99716391d", "x-misp-object--968e5b16-fffb-4839-8985-44ec199de187", "indicator--6a5e8842-f40b-4d5c-93fa-27aab8c66247", "x-misp-object--4252292f-16f1-418e-bc6f-4136e41d34c4", "indicator--fe7b840b-0746-4f15-b5e2-c2724a31afb0", "x-misp-object--c77341c1-5bdd-427f-bc06-695839e43ffe", "indicator--792ae878-47da-478e-910e-83ab193363f9", "x-misp-object--ea550ad0-34cf-487a-af08-c26076576a4b", "indicator--79c73e7e-d39e-4082-a90f-e28f84cf3aae", "x-misp-object--cc868828-7f2e-42b7-bd44-bf6720650d94", "indicator--f989944b-ad68-4918-8627-6c73f89ce3e7", "x-misp-object--b0bfc06d-a41c-4026-8a6a-73ec7789424e", "indicator--3c53c632-de7e-41cf-a444-246d60627cb5", "x-misp-object--fa188133-68e0-4fe1-b887-c29a3608077f", "indicator--811f3acc-01fc-4343-b0c8-0c88fee826cb", "x-misp-object--d77e9949-c73c-4884-8b13-e42b494681a6", "indicator--2048516b-a06e-4511-a074-769e60b4d1b9", "x-misp-object--e270fb81-2868-4e01-ae02-006bb56ab6bf", "indicator--2ea063d5-3da9-4c37-b761-32429100b994", "x-misp-object--76ffc2c7-5151-4fae-a2bd-64b87bf32ffb", "indicator--a59ea309-176e-4054-86e2-2b6cf6269370", "x-misp-object--826cbe2a-4f33-411b-98aa-d29ceadddba2", "indicator--a50d9267-5c10-438e-bd54-c9227c0a2fac", "x-misp-object--a73f542c-92e8-4f71-88af-aa96ac8aeb3c", "indicator--b5ee0663-e589-4f86-a285-ae5f253a4372", "x-misp-object--e4be0c7b-a75b-43ed-b9cb-fa765780eeaa", "indicator--703e20b5-a285-49e3-b875-f69c6bda2b2f", "x-misp-object--017e3262-94cb-4836-9d37-b898ec560f5a", "indicator--95607ff3-30bf-4d79-ab38-35bffcaae0e0", "x-misp-object--2befcedf-2a62-4201-996d-456460ef219d", "indicator--e5f853df-553d-40db-84e5-5d44443c0ac9", "x-misp-object--55ce3116-9eb7-42bf-b0b5-08a50c2f3e84", "indicator--c9e63164-4df3-4e70-b9df-d525f1c39b3e", "x-misp-object--f4053517-9fdc-43de-ad33-48cf4532a0ce", "indicator--11a82cb6-d88a-4b25-b8c3-ea78a7d2f0b3", "x-misp-object--031c14e0-1d94-429d-a43d-418379e2e106", "indicator--912985d7-e6d6-440f-81d4-8d6dda944e60", "x-misp-object--ec51409c-24be-4755-aecc-23767b6fb830", "indicator--92e64b60-b791-4af6-ae65-a768d7dd4b86", "x-misp-object--fee6a89b-8825-4d28-9495-546fb2d908b1", "indicator--1d00daf8-7db3-4c1c-8275-0adf44757068", "x-misp-object--a05cd184-793f-4944-afba-2d4324aa7bab", "indicator--dbe55622-c9b0-4ec8-884b-5ed210d004a9", "x-misp-object--01d3c818-a783-4f52-bc32-26bc2d9e26dc", "indicator--04b75cca-c00d-4806-87e3-3247296ea953", "x-misp-object--86eca76d-8be5-4d39-88af-7dc5d879477d", "indicator--cbe76aa3-6d36-4f5d-a686-c2298c1f4504", "x-misp-object--588d9160-539b-4771-bfc7-6aabe09bd0fc", "indicator--3a09bb37-eec3-4d1b-9e41-20762a731531", "x-misp-object--c01c4c9a-a410-49b4-bde5-52efb20221cf", "indicator--e504ff3e-46da-4aa7-a8bc-7f0464cd214f", "x-misp-object--4aea2bb2-1381-4acc-b920-c260e90ecc75", "indicator--fb0c4692-fa82-49a2-bc09-ecbc22668e9e", "x-misp-object--9146a4a8-cb4c-4b93-8c6a-f63fd451c46f", "indicator--cc0a500a-b0f7-4f79-ac43-727f41467b2d", "x-misp-object--793774c5-ce1d-4e06-a8d9-4d3795eb9e45", "indicator--21de6575-e36e-4e45-aa23-54c3da749d74", "x-misp-object--0ccefa28-3e07-41a8-9c33-f6790da24de0", "indicator--b5a4ca5c-d36b-46e8-9f2b-9122c2403840", "x-misp-object--e49f5e2f-84c8-411a-9531-2f810fc29476", "indicator--a5503207-cc23-4648-ac81-6faef28c9580", "x-misp-object--cebd7ad9-b557-44d1-9ee0-92cde95295f6", "indicator--9ab29f6c-8c90-420a-ab5a-54356a3489e0", "x-misp-object--e5617155-752e-4667-9122-5277e51bac47", "indicator--ce3923cf-7981-4adc-a3bf-0e8fd340dbe9", "x-misp-object--f417ecb1-4728-4ca3-84b1-e8d39801de4d", "indicator--51afc6c5-9417-458d-bac7-9bc3595baac2", "x-misp-object--b68cdb99-5f9e-46d3-9f51-2dc28f0fa4b8", "indicator--7cd4670f-d35b-4dcd-bd9b-3ad0f9656c67", "x-misp-object--2bb66712-a7a4-438c-ab0a-20a9f3add41b", "indicator--b8150ad7-0d87-46fe-a423-859cf8f3a3da", "x-misp-object--e61fb1a3-6d54-44cb-ae75-960669681b7e", "indicator--8658e4c3-d242-46fa-9e30-a377c972aa27", "x-misp-object--ed6a57ce-6012-47aa-83eb-1adf17a1cd48", "indicator--76d4ad83-bf9e-4a34-b0f3-face750649be", "x-misp-object--1af73b85-9b9e-48c3-87a8-a2f0ddd2d0c9", "indicator--5bd44dc0-9ce1-4c93-b808-9edd63a0562c", "x-misp-object--701928f2-a29f-459b-8a12-ea8780384c70", "indicator--5d636a4f-2779-44fc-9e5e-b771a0becc28", "x-misp-object--dff4ed7c-9449-4bd5-ac33-80c689df3ce3", "indicator--6d00f453-c339-4ce6-9d89-6a99535a78eb", "x-misp-object--118d0b85-97df-48d0-8dea-b2dc5350e6ad", "indicator--771a406c-48bf-42d3-8b02-aee08d35f04d", "x-misp-object--6e01b19f-072b-48f3-95ed-ee6ae14fcef2", "indicator--9588712e-97cf-429b-8ee5-0de0ec6cf2ac", "x-misp-object--d5d92559-46fc-4f99-9520-5bcf358132c1", "indicator--d56b00b8-8795-480c-87cc-4e229ebac191", "x-misp-object--67cdee52-5fbb-4ff5-a4f7-58aa082e62ce", "indicator--e9d72436-9ebf-41ed-ae1e-9029ecc2c48f", "x-misp-object--24b6e7d5-9323-4686-8c86-98456f98f499", "indicator--e1c0949f-3fdd-457c-a678-9a40c7ff23a1", "x-misp-object--40fe5ecd-bbf8-44ed-aa75-f300463ff28b", "indicator--92564276-0cea-45f2-aa41-b9e181a9eab0", "x-misp-object--835be3b9-e8ed-479c-8020-5eec9a3d77ef", "indicator--a71a4ca8-5de1-4c88-86a0-682e56066cea", "x-misp-object--803358ce-285c-408b-9e90-c914b7760d9b", "indicator--cdfadc4f-a9d8-431e-9fc7-9e5b4b98df81", "x-misp-object--83c5c1d0-4e7f-43a6-9c06-d0ed11674427", "indicator--66790000-1165-43e7-ae30-76adb333f2b4", "x-misp-object--4c6d8003-f746-4b01-af91-6279d3a9e511", "indicator--e124f8eb-d4d0-47cd-9734-d7b6c627f041", "x-misp-object--e1815cd8-7eac-44a5-b4e7-f10eadf09968", "indicator--6df16b19-c9ad-479f-bb73-98e47933b4b1", "x-misp-object--65ed45ea-d8a0-497e-be76-7b65ad16e7ae", "indicator--aae2070a-93bb-44d1-b5ca-d7cc8f8c15e1", "x-misp-object--5abeb690-e725-4e26-8208-787592f0f1b4", "indicator--49eeb9be-1ac5-4343-a6a1-981e07e76921", "x-misp-object--b24a4e92-c146-44ad-93c0-56ddc0bcd972", "indicator--a4d2e885-37a4-4cdb-b556-03fb55ffc38a", "x-misp-object--7f67077f-37ac-4bcb-b5d0-e39f3200aa4c", "indicator--cf5814e9-d3a7-4a6e-81ac-a4bc952b9598", "x-misp-object--30e6c4a2-b11f-4ebf-8f73-7c4b88e31fde", "indicator--60718162-7fb8-4b61-8e86-d67989c5a68f", "x-misp-object--d4eb6be7-83c4-423b-a48f-b4441352f138", "indicator--4e358fe3-3b73-456c-8de6-16ea58413da9", "x-misp-object--05703f1e-495f-468b-a6fc-270cf1f16f76", "indicator--b8e369fb-f4ee-4a34-bb02-3517f677f58b", "x-misp-object--40abe2ca-14db-47c3-be79-1cc5cadec350", "indicator--da8863b2-b371-4638-99d5-dba8ed6b7547", "x-misp-object--d48383bf-a7a8-49f2-a317-458f5135c42f", "indicator--6f5efc3c-a86a-4c53-90d2-f40b9b6e0561", "x-misp-object--b5497f51-98b9-4ab4-b1ba-829ff0a67a2f", "indicator--d7114461-2135-4f55-a0ac-839e7873665f", "x-misp-object--22699978-01ec-48a8-8388-6b6bc9793dfa", "indicator--87e201f2-9162-440e-a953-12c5daea9c25", "x-misp-object--204a06dc-125a-4ade-9673-6385e113c794", "indicator--0b6a50ab-f744-41c5-a7f7-300cec021f20", "x-misp-object--c970f396-119c-4222-b0cf-76fd8564f7a1", "indicator--5d6c1bfd-c5c0-48e2-844d-3fa7b1827af6", "x-misp-object--f228630c-9773-4179-adff-a48f7cec0f97", "indicator--ec79408a-e990-4718-bd7d-75a9f4fdb706", "x-misp-object--b963ea7e-e6ef-40f4-81b8-22568807c1c7", "indicator--92b2a253-ea2e-40e3-809e-92184164dc01", "x-misp-object--6c701979-b232-45ca-a78a-a23622e497e7", "indicator--853405ee-f996-4132-af00-959e61bfe8e9", "x-misp-object--b91dbdae-2b3b-401c-ba36-e8a9320fbed3", "indicator--dcda9e06-88e8-4217-a09f-dc647e46e65e", "x-misp-object--29edf574-988c-4686-aca5-a01b9f33ba91", "indicator--dcd28e92-8066-4ff4-b055-191ca78b8486", "x-misp-object--16df8b30-00a9-45c2-8223-6e76ed652385", "indicator--5f12e532-3625-439b-934f-80a21041e6c9", "x-misp-object--c91a948f-cbee-47f6-bb9c-628c67aa0532", "indicator--4edc7773-8cef-4ba9-b89a-9a78d66ab684", "x-misp-object--6829fbe4-2201-46da-a95b-da4a68e290bc", "indicator--995a7853-9b67-4488-9db9-f8eb3240c136", "x-misp-object--500e591d-65c4-4d06-8bb9-dd335e43fd56", "indicator--87be7c75-1120-4806-a175-4343f80793c4", "x-misp-object--bbd29299-8016-4ec7-b5d5-b7a13ef57670", "indicator--5b39cbaf-c11e-4c8a-8b8c-dc91948a4b2b", "x-misp-object--d599f193-3395-4fa5-9806-26bf4cea5c41", "indicator--5bfcdfc7-5c40-445e-b378-46929764eccd", "x-misp-object--341d4026-5090-4861-b225-d306d1177ea2", "indicator--ca84aa69-d149-46cf-bfdd-11623cbbc9a1", "x-misp-object--5c4f6358-07e1-41f6-b1eb-28882358c0a7", "indicator--ffc627d6-146a-4114-9309-4070796ebe8f", "x-misp-object--40f54b0d-7ae1-457b-8c11-454d858024f3", "indicator--bc3bffeb-184a-4e00-9879-3bf00bea009f", "x-misp-object--64672c5f-fe7f-4193-9af6-73aaed39d01a", "indicator--37e3db40-5907-47b5-839f-ec72520222e5", "x-misp-object--ff50118b-23b0-42f1-bb98-b3838dcac4b8", "indicator--4e1b4cbe-8bbb-4494-a91b-31e2bca2e0ec", "x-misp-object--543e7e9a-349b-4cf9-bdca-8a0e4e3aeb83", "indicator--f1544ebb-6bed-4e66-a981-54b89d137019", "x-misp-object--b4b1cc7a-2025-47f4-896c-4994f9415843", "indicator--66d3ebff-87c0-4e11-8e47-3b1728bd0a30", "x-misp-object--8770a5ba-82b8-43bb-bc0a-90265aadfad9", "indicator--347e854e-079b-4802-897e-d55cac01354c", "x-misp-object--ab50559b-977c-4921-85d3-be33babde326", "indicator--6742f631-878e-41a4-89b4-15eb2ee3ba79", "x-misp-object--1aec21d9-7e0d-4052-8d93-c9c7a1ca1b00", "indicator--0802a423-f23f-44a7-8a82-ca2642f437fa", "x-misp-object--fad90066-9bb1-47d6-bb1b-7a77784f2739", "indicator--c0f22fd8-caa5-44c6-aaf1-fa5814db7c29", "x-misp-object--fced3284-f0bc-4407-8b21-e26732cbae88", "indicator--f750cbf2-ce34-454f-98f4-f6fdde8fbec3", "x-misp-object--06cc4d37-a03c-4523-bfca-3b62b5ac3618", "indicator--f27ffa02-ca85-4ffc-9d0a-d8f10ee9f08f", "x-misp-object--4b509471-e9a1-4881-95a4-aef78539177b", "indicator--e7397a20-e912-4960-a191-ecfec70aff18", "x-misp-object--556043f5-281e-4848-91a2-9aa85e3a8c1d", "indicator--fc4dd3f6-2b8d-4b7a-b668-05be37166b6f", "x-misp-object--91742e2d-4b6c-4a6a-8572-1a33f5b66383", "indicator--0d635259-0a09-4cb9-9288-79215da8904c", "x-misp-object--c9e45bc9-c121-4773-8fa2-98776492baa5", "indicator--fbba8bfe-e2b5-4c49-9566-d663036dbfe5", "x-misp-object--511b7be9-e361-4374-b0ea-3f7e8fbd80c6", "indicator--390023c7-060e-4856-bee5-0e1e817eaeb3", "x-misp-object--dcf3ddf3-be51-4573-9d8f-22ff6e475120", "indicator--cf030cc3-9f11-41be-a3d5-5bb43972f2d7", "x-misp-object--28f8ef49-f459-47d8-844a-3ca98d72d604", "indicator--49ea3782-8d97-443b-b549-362ff8d11df8", "x-misp-object--29f28d31-ab8e-4eb8-bc0a-0bbcf7e9e078", "indicator--fd08e4b1-817b-46f6-b5b6-cef63cbd0916", "x-misp-object--44ff5482-47d1-49fe-8d7a-756fffe06448", "indicator--f59c0559-e449-49d5-b744-2ca87005ed03", "x-misp-object--8abbde30-d6a7-4f02-b021-3f759b76aaa3", "indicator--433edd6f-8b51-4930-a303-ef7182bdd062", "x-misp-object--a1af993d-3e48-4c1f-b0e2-a7662fbc2561", "indicator--e4358cca-2e7d-4887-b45a-95aafe27e443", "x-misp-object--9c81e46c-d140-4e77-9114-25e385fd3439", "indicator--e51053e7-eac0-4122-b4a1-4fb362590a52", "x-misp-object--253c787f-cccb-4b0b-8a9e-ac9986485b34", "indicator--b9b31733-b0b6-487a-9c37-e4ee40bae3a0", "x-misp-object--c965737b-60b6-4b4f-aee7-83508d341199", "indicator--73413171-74ab-4bc5-809a-b48278e48791", "x-misp-object--89d6b195-c0bc-44eb-b981-fa928e93c985", "indicator--833cf2de-3176-4bef-bfc5-e1957f91f345", "x-misp-object--bffca5a3-f581-4bfb-b887-0fa4ab93529d", "indicator--9ff168f6-cabc-4940-ac70-b6721693196d", "x-misp-object--dd6819bb-f333-4dc4-8444-46017b82edeb", "indicator--b58ce546-ad9b-4543-9cac-c40fed7ad12c", "x-misp-object--6b6be089-fb35-4a02-add1-6879c84503b3", "indicator--68ab1dc1-97d7-4324-a850-c61b41914184", "x-misp-object--0d7f48a7-9d64-4d2c-93f9-7783f3c712c2", "indicator--02f546b6-230b-46bd-9dd1-1f0796744045", "x-misp-object--c32e1e82-252e-420f-94d0-c018ff0ffaa2", "indicator--865a96d7-07a2-4448-b542-395de055c747", "x-misp-object--3b97f4eb-85ff-4981-b88a-62c62ca0e62b", "indicator--02eeba7f-705a-4125-88fa-8e4923d5a61f", "x-misp-object--18c7fd1f-7ed4-4efc-b3cd-70fdb06189d8", "indicator--e2c30a2a-c656-4741-9d56-e361a22c15da", "x-misp-object--179036f5-708c-48d8-8712-c87f2f35ce2d", "indicator--0e5bcca4-e030-410e-9c95-ef622e38167c", "x-misp-object--57fe645b-611b-4634-aaf5-9736d2f7512f", "indicator--ef9ea3c0-0b45-4e2c-88d3-b0c4afa71389", "x-misp-object--285921ca-386a-4821-bcdf-1ca48d14ab28", "indicator--f632ffbb-fe0f-4b7d-a6bd-9aba0218708d", "x-misp-object--7359d420-7e56-4c90-bd7a-97f8c96c3fc7", "indicator--52e1b715-63da-4894-9e90-a1ababb25d07", "x-misp-object--8910927f-2b82-4e20-9142-364070f878da", "indicator--fe89bbd5-e34f-49b3-8b68-ce51d82a0552", "x-misp-object--f9b41a2c-03bb-4fb6-b971-36b49f7dee14", "indicator--058bacec-120c-47b3-a012-988377948f34", "x-misp-object--36fac7a7-808b-46f8-95d6-b637bbe18361", "indicator--34c7f1cf-9c69-4a94-8048-eac6dbfa2fdf", "x-misp-object--a0c68808-b067-426b-8c86-bb17f86624d2", "indicator--20d8f135-5262-42fc-96e5-45d58f28e490", "x-misp-object--faed525e-6cae-465f-94b1-78ed5816b3eb", "indicator--d03f098b-2e04-4fa1-81dd-56b75b20b877", "x-misp-object--ba74af6a-6f09-4d21-8a4a-18b6704151aa", "indicator--30ffb310-60df-42df-b35e-80ddfc891d0d", "x-misp-object--33d540a4-2645-49b7-bdb2-ff74d2a68a12", "indicator--69ad7ddc-87fd-4aff-9f37-6590316bd742", "x-misp-object--ea1baf81-4893-4970-9437-75572e348717", "indicator--f8eb9b50-76ed-4eb8-9826-12f72a7c5260", "x-misp-object--c4fdf570-3629-4b1e-944a-155f5c54f20b", "indicator--59ef410d-f214-4619-84e5-a441cf642aad", "x-misp-object--efce9314-bc8d-4a28-9926-69401d823d6f", "indicator--7b18c4fa-c251-44c3-bbb0-16203a07ba72", "x-misp-object--dbfc2cb1-1ae2-476f-a72c-d7beb9e77ec6", "indicator--b582897d-0656-4ff5-bdda-eeed85d5818a", "x-misp-object--4b6862a9-0ab2-4c83-9386-aacd572ee6f3", "indicator--db1ed8f2-c742-4725-b847-d099864c4db0", "x-misp-object--b2177994-2d20-47f8-b480-8aded52942e1", "indicator--97847982-368c-4a03-a8c1-441ad84613c0", "x-misp-object--b0f3da7d-4277-44ee-9202-ffae44b71da5", "indicator--1f1622e3-4b08-4970-bf9b-8ab7a3e432c7", "x-misp-object--41c7d3c8-ded2-4c65-b002-60136f8eae1c", "indicator--f5a90394-db82-4471-8e8d-4db079f7e7b1", "x-misp-object--cae7ba7a-da53-4120-b59f-b7e8c4e47cd5", "indicator--53a1fb49-2212-4701-a6e6-3ca822352ab9", "x-misp-object--ee991046-2a8b-402f-a917-1f704f429029", "indicator--5512cc85-e982-4144-ace3-81b2e289fbc5", "x-misp-object--c461ecd4-af71-4fe6-b511-38f1f5e4e326", "indicator--b5733791-0a50-4f85-b0f9-c1c5e8e45ca6", "x-misp-object--fb6e6769-e229-4b35-b8dc-151e22070f2f", "indicator--843fee68-0293-4764-a937-af5de8e097f8", "x-misp-object--a0fd2f59-19d7-4303-b65c-8ab271666a8b", "indicator--ad9a1f53-356a-49f7-bdc2-a6fefab36e80", "x-misp-object--1a96e2ef-ba18-4a69-badf-760a9efd9a94", "indicator--77f1a4c9-2809-4734-a95c-d1da6258502d", "x-misp-object--ebfdd4d7-ce07-4499-a795-358cb4c8304f", "indicator--58242813-9dcb-4652-8f0c-89a3f8f0fa5a", "x-misp-object--0f9fb0de-2c25-4ae2-90f6-9860a8755eed", "indicator--5eb4789a-68b2-4326-9701-beea94a87318", "x-misp-object--d08edf4c-4105-4c8b-9ff2-2a86ca3e55b7", "indicator--81313716-2908-40cc-afc1-69a373c5f08b", "x-misp-object--8212d8ac-4cca-4eac-b678-6346fbb79895", "indicator--52f91f3a-83ab-4a57-bb43-4dce436633eb", "x-misp-object--d1d5d919-bf56-4eeb-947a-904985b078f5", "indicator--453546c0-85f6-4be9-8dcc-d1bce32a66fd", "x-misp-object--d73824bf-8527-42ba-85e2-0cecef9a56f7", "indicator--ec35b74e-09b2-4023-a42c-cd4c03ce65f1", "x-misp-object--7657c0bf-49ee-419b-8f48-91a7baca55e4", "indicator--6bef3e87-fc5f-4cd9-8e13-630858d8c597", "x-misp-object--9582f930-237f-4d6a-95cd-f02170e86da9", "indicator--9b1f60bf-71c6-437b-8d6d-1a6b8d1a12ea", "x-misp-object--407be71e-132a-4b52-b977-c571e1dc13d6", "indicator--dcb1f7ef-4e2b-4be7-8211-1547ed9305cc", "x-misp-object--bf704e96-c15e-4eea-9d24-8085c659cc6f", "indicator--86c58388-e9f8-492d-97c0-18c8b31b9793", "x-misp-object--c11a9cfa-5986-4160-8fd2-de980114fcad", "indicator--c998b408-f43c-41cb-95c0-2a783c244a17", "x-misp-object--906613a8-9ba7-4e57-bcfe-dbd2e48705d7", "indicator--e62278a5-9c99-4067-9c30-d19dea8912a5", "x-misp-object--7f4685e6-11ff-44da-83ee-18d216c61e85", "indicator--ae7a8ab0-c3c2-4429-8b07-f035b3b56f0f", "x-misp-object--04cae305-5c94-4f59-a0c6-8ed1a49accbb", "indicator--d807e00a-0236-4b9a-b492-46fe9ac63458", "x-misp-object--261076b1-5676-4375-acad-1842a29b5769", "indicator--43cb2dd3-323a-4782-819d-1eaf7c480862", "x-misp-object--3c4821d7-a588-4682-a5d7-5e36c8f0f783", "indicator--ff194367-6c13-4a6c-a833-2db3884542ca", "x-misp-object--f4909c2b-72e3-4ccf-88c9-a681b1d7bd5d", "indicator--8a0e84d4-35bf-4663-a96c-b7a0b8d738f5", "x-misp-object--1a713b5f-e818-45a3-a0bb-38b0051e7cb8", "indicator--b048e551-b041-42c5-89ba-6b693421ed49", "x-misp-object--0a043ed1-ce60-4bae-bb7a-231dd60e2888", "indicator--932f5a4f-3614-4a5f-b91a-bbee7c97a5d6", "x-misp-object--c3077bf7-1383-46e6-92a1-e41279097a1c", "indicator--a1941e2e-0bf4-450f-94c5-75a6f82f374d", "x-misp-object--8cc36cd5-a417-45d1-a01d-964e17af8489", "indicator--00ba63be-8575-4111-986d-c44f0481c130", "x-misp-object--cfc64d8b-9351-44f9-9a0a-fd4961e5beee", "indicator--831fedf3-d85b-4369-a431-f06b3e36836e", "x-misp-object--faed2832-7661-4f42-856a-d42dc47c0fbf", "indicator--b65c3e8f-b07e-4fa3-b209-3185df28dd88", "x-misp-object--d5ed534d-2134-4104-9308-430c61cd2074", "indicator--7a706a8e-eb20-4d6a-8613-87f5824e2c6f", "x-misp-object--c73ef637-3ed5-4a0d-8614-0b16c828b411", "indicator--77f1a696-029f-45b8-b1b3-1c0ce9e75559", "x-misp-object--1e0e74b7-0b03-40ee-b237-7c6652d65438", "indicator--008b727f-237a-4e1a-a0ab-ed4b02d30df9", "x-misp-object--c6a480b1-ff07-4d8d-9ee0-e3df961ca4e8", "indicator--36adc039-a5ab-49c3-b37b-eab8cdb4fb20", "x-misp-object--d1602636-27b9-4ccf-8005-c67b24c76d5c", "indicator--5168c613-2cc9-4859-bc2f-d5d1377e98e5", "x-misp-object--3504dd66-01cb-4f36-a5ee-ff65bfee9302", "indicator--f56a8d7a-95cc-4718-849e-8b33a6b96dbc", "x-misp-object--d0b9f398-6696-4921-a66e-b12a8f295db1", "indicator--d6c96963-fe0b-4238-b04c-5d4d044a9ab6", "x-misp-object--a16c85bb-640b-4908-bb5e-12b09c2049f3", "indicator--c642837b-e171-4b1e-84b1-e1bfe9234bfb", "x-misp-object--ed70f2af-596b-4afa-b2c7-93e22671eaf5", "indicator--b6e3ab22-b8a4-42fe-ad55-6c4f84bab692", "x-misp-object--00f54809-a40c-472e-957c-ad15462306ad", "indicator--dc085cfa-a323-4109-9723-2856e2449668", "x-misp-object--f9c8f4ad-22b2-450c-8d06-7c4894196c2e", "indicator--6b2a9860-0ea0-4e21-b39e-5b1329c1e165", "x-misp-object--b260df0f-3c44-446a-8498-c28ac402bc01", "indicator--c0873cbd-8da2-4175-9b01-88eed9046eb2", "x-misp-object--6989c742-4270-4198-aa06-694b87a09813", "indicator--70235016-7a6d-437e-8007-cd94349b2bc8", "x-misp-object--e1eec834-f129-46e4-a494-49343a144561", "indicator--ba57e38f-7f2f-4163-ad57-a9a005307876", "x-misp-object--205e85cc-875c-4b50-a5b4-0bf576867dbd", "indicator--bca2087d-843c-461d-bdf8-43a463b026ec", "x-misp-object--1cdfef9d-352d-411d-9ba2-053c1034a71d", "indicator--1c1f7716-5cc5-43bf-8e10-fdc7ab9176c7", "x-misp-object--f6d96fde-762e-49b1-b35d-41ab311856ab", "indicator--654af31c-3b70-492e-9fd4-3c392cd1b3a2", "x-misp-object--696418c6-786d-4db4-a076-f8afa5b4e9fe", "indicator--3ca33392-186c-402b-9a1c-24980c78cbae", "x-misp-object--1fd1d2cd-4aae-4483-b0b9-4d398e35e257", "indicator--7f335ec2-b6e3-4001-ad79-be53421c0dd9", "x-misp-object--e3bc4c3e-33e9-463b-858b-d26d2f608ed5", "indicator--c1bcc19c-685d-4c4d-98a8-66df5a4e5458", "x-misp-object--a35d6b3c-56bf-4d96-976e-a9923a94b8e2", "indicator--71247c37-a80a-43c9-91c3-11f4eeca4487", "x-misp-object--112dff7a-2e72-4795-b911-2f4686040178", "indicator--856835b4-8600-4040-a650-befc7b4a0bd0", "x-misp-object--d105ccb8-9e5c-494e-aafd-c43f57ceff82", "indicator--57bc967e-3d44-4753-a154-4023da3698aa", "x-misp-object--affae7c8-303d-4636-97be-295bf6d84136", "indicator--1041116d-b2f5-4a15-9af5-70780985d5bf", "x-misp-object--0063f070-f011-44b3-9b1c-5090f08fbbd0", "indicator--61d882b8-8aaf-4725-8a98-000b110bd374", "x-misp-object--7fecf5c4-77ba-4c00-8600-54d5cc570987", "indicator--74b7eac6-edc1-4719-aae0-30242c74d51b", "x-misp-object--febdffe9-4e17-425d-a8d6-4c51cf33224e", "indicator--026b2ae0-605a-41db-9cd6-dacc072e20d9", "x-misp-object--cd56979c-e304-44fe-a86c-d0f0a77458f0", "indicator--8dfc28af-b55c-4152-a857-ab4522899cc2", "x-misp-object--4bb02d38-1f1e-48d8-8898-c7f2da8af6e9", "indicator--3f2e12db-da2d-443b-b757-4e9e6c122ea4", "x-misp-object--82cce140-33ee-4095-921e-fa0543e21649", "indicator--088e3039-07ee-459d-bd4f-bf7bad58d503", "x-misp-object--9f601c7c-affa-4785-afc2-07685120de1d", "indicator--83763372-bfd9-44aa-aef3-8d6a920e5a19", "x-misp-object--f5219ac5-1d9f-44f0-8bf8-99d584556215", "indicator--ae3f4f6d-16c6-4318-b5f7-3a6c402a4a2c", "x-misp-object--ed048d52-bf53-4d0a-9478-efca6df1480c", "indicator--041cac35-8f8a-4d5d-8c22-26d97e5cd563", "x-misp-object--ce1ec435-a136-4044-b63d-e54d61f51cc0", "indicator--b6f8a3fd-f37a-4e40-8387-00794b62d42a", "x-misp-object--da743998-d540-4881-84fc-a6a575f5db2e", "indicator--da8034b7-1e05-4bde-b6f3-50cb76cc4265", "x-misp-object--4449d6fd-d5c4-4293-8428-63cb879251a7", "indicator--fe376ddc-500e-4ea3-8c7e-167ec34ee510", "x-misp-object--4d31d75b-99ce-4d4b-a809-d8d388cd62ba", "indicator--aee0911f-f964-403c-a401-916850604e44", "x-misp-object--2fe8ce5e-b959-4d89-a2be-c0b3fcba2c8b", "indicator--d36921ed-1ed3-4be6-a86c-cecd0f8c20ce", "x-misp-object--4503ece2-4b78-46d2-9eea-01163efdb49a", "indicator--2309d986-99cb-47bf-b20d-d68ecef7b21a", "x-misp-object--162a8c04-99b5-4545-9711-75dee6b7a5fa", "indicator--f48ba5ba-6b66-4b53-bb02-44c685a0e83d", "x-misp-object--397bc61c-fafc-4997-b517-4c6c32db23fb", "indicator--d36b9aa9-8f5e-4981-a5d4-a8f05b1ecc84", "x-misp-object--3d521726-abcb-4392-a9b8-11d0e3884bb3", "indicator--22e4556d-5608-4560-bf28-36060ff2edc0", "x-misp-object--5a15eeb3-361a-413e-b051-91b58cb68103", "indicator--f11e6631-7709-404e-b900-572959618c82", "x-misp-object--8f1a827e-b18b-4d8e-9134-6058145c404a", "indicator--94b3ec54-66ff-4928-8aa3-8d71e60d7294", "x-misp-object--3a5352db-c166-4258-b701-3e74d5b2efac", "indicator--00320e5d-b65b-4de3-8ee1-d79494067bc3", "x-misp-object--af04a185-715a-430b-9c62-200310c56a29", "indicator--497d2ef0-1192-4ab6-a18b-7b7e385ced1a", "x-misp-object--8b8ad180-8552-4e8d-812b-da9f253ee1b9", "indicator--b8ba81c9-1297-4551-ae6c-2b6d946febb7", "x-misp-object--11995272-e3a2-4760-a818-37805cc4f8e3", "indicator--d8183a96-7140-4e57-9c94-d6201404b3c9", "x-misp-object--a7abb420-7ad9-4c65-96fc-68532346ec83", "indicator--c3538fa1-ab37-41a0-a386-067259736edb", "x-misp-object--5a32cea7-20aa-4eb0-bca9-2940c5942b16", "indicator--2dd98880-5edb-4b1a-9bfa-b4266acdfe73", "x-misp-object--c9c438ef-21b3-4629-b4a9-001374c76844", "indicator--0717db5b-0c11-43a4-89d2-850a05d2dc1f", "x-misp-object--8b7c3477-583e-48b1-98eb-1759a8c1f43e", "indicator--4d524d85-ab4a-4b09-aa3c-ee0950ca9b0c", "x-misp-object--d64ce314-3e09-4ed3-9469-50de2887db7a", "indicator--23dc2bb0-649a-4e7e-916f-ca57f3d41232", "x-misp-object--fffa31cc-b7da-4435-8da4-4217eae9da3a", "indicator--eee91a25-6f52-41dd-9fb9-9cfd82b106be", "x-misp-object--8f64c7ff-e13b-4ff7-86ec-140e2e9c10d3", "indicator--ca547016-95aa-46e4-8bf5-1230c0ec95ac", "x-misp-object--6165d746-908d-4b45-970a-cff224beb318", "indicator--e4a70633-da70-44d0-966b-fba6df61eaf4", "x-misp-object--822b9cb0-6e5d-44fe-8b7f-f19c63897c15", "indicator--107eec73-a024-4922-b0c4-afedf04ceaed", "x-misp-object--62b3af6d-e571-474e-b4ea-8902b569ce7e", "indicator--c53ddfa1-a388-46de-980f-2046696f05b1", "x-misp-object--6d3ef398-bd13-4015-9058-e2eac116d851", "indicator--e5ac22fb-0656-49c4-a9b9-50958ef4f078", "x-misp-object--cfdac520-216e-4097-b168-f42f780b2386", "indicator--8c714bd9-dc11-4c58-aa9a-ce8e7b35c10e", "x-misp-object--ef16804a-b4f8-4abe-92ee-8ccc6e30030a", "indicator--d9b51778-96b9-4bd7-bed6-a45935fa6e0c", "x-misp-object--944ef95e-0873-4427-8ba7-a07d8f180213", "indicator--d90d7510-b18d-425a-b1cf-d801ea2c3728", "x-misp-object--c2d36373-d8f8-47f8-9a7a-96d0b308858c", "indicator--6e373fa3-f338-4be8-9b0c-d217612f616c", "x-misp-object--830692b4-bd66-4352-ab65-39e17bf659a9", "indicator--fab8ae84-bdd5-4190-ab4e-56d8d18efd3a", "x-misp-object--564b429c-6277-495d-bb51-8360233835d8", "indicator--5234ca77-d73b-4679-9fb8-1cf66a877229", "x-misp-object--74c0b91c-8211-47db-b595-dd05b2dcf8af", "indicator--e84612a5-d35b-408c-ae9f-896ac729316d", "x-misp-object--9846dd5e-b532-4be1-a46b-388972733ae6", "indicator--3f22fe4d-0718-4842-973b-fb3836213ed1", "x-misp-object--a0f19881-bd26-4557-bb1a-434cb9beb1d9", "indicator--970f7ff4-676b-461f-bb28-9c2a7729d453", "x-misp-object--b69436ac-21a2-413c-83b8-77e1314c6269", "indicator--79091794-26ae-499c-aebe-2494a65a9c04", "x-misp-object--1ca35cdf-ad36-487b-9eb7-baadf951f44c", "indicator--bad3e71f-dff3-413e-b388-694833e99291", "x-misp-object--29395e5f-bfbf-4bf0-a0d2-0282023748c9", "indicator--b54c01e1-4d36-4567-998c-d4fc934e3ba3", "x-misp-object--1f653f28-d3cb-4254-91b3-e62ecaa7a324", "indicator--bd742976-f97e-457d-88c0-51c6a8ff95dc", "x-misp-object--76841c9b-9b53-47cb-bb88-0ccebed9f734", "indicator--bfb789b0-2ceb-4a1d-9539-1e412e2024d2", "x-misp-object--7fbf0609-157b-4d8a-b7e9-1c14ec63a169", "indicator--d9b8737c-a356-4ed8-8275-7cd7afae9b2b", "x-misp-object--4a1fb428-1395-4bcb-9d60-9698ae754c95", "indicator--2956e51c-200d-426f-8eb0-afde5b6d8200", "x-misp-object--1a3316e4-b260-45b1-bdf6-5db657f71d9e", "indicator--858b9465-0a70-45c0-85fb-83633f3913a9", "x-misp-object--158928a5-e941-409a-9300-7fc5b2b59fb2", "indicator--7433c594-7224-453e-8be3-480918097012", "x-misp-object--977810dc-56c7-47dc-aebe-e65b0c1bcdab", "indicator--556e15c5-218b-452f-9df4-7ed5143cd879", "x-misp-object--d12ab561-6b0e-4aed-a73d-c9cabb8f54cc", "indicator--6942c9ea-f904-406c-9a9f-2fe4e43a5c65", "x-misp-object--5fbfff3b-8a04-475d-8c33-7242bcfa7e1e", "indicator--5225ceb8-f692-46d2-a37f-f4b1bff422fc", "x-misp-object--a4dd923d-e33a-4766-b505-14320eef16ca", "indicator--1f22cdc6-7815-428f-8db3-2f12ed08f365", "x-misp-object--da7ab84e-ac1f-4045-abd0-7e8a7a7c81bd", "indicator--9648d79c-e673-465c-acc0-5305dea0752a", "x-misp-object--e1dfae7d-d10d-4f84-9232-2a257263fd54", "indicator--2b0e1b4f-e4f0-4c50-a085-72f73fb42e33", "x-misp-object--a7841efc-7297-46b2-a0d7-de38e9dadc77", "indicator--97740513-6b6a-4d71-b58b-10247b79b46a", "x-misp-object--f374d92e-ae65-47b4-8c7b-80394675594d", "indicator--9641df2c-64d9-4949-a376-93999f2c1ed6", "x-misp-object--cb668e55-75bf-4b47-bfde-31713c7aa475", "indicator--0647a406-ae28-4819-9bda-5305edb9da80", "x-misp-object--43e87703-8b04-49b7-bec8-700f4da208a6", "indicator--89931ac3-de3d-4e51-b5e5-038fd15da894", "x-misp-object--1bd57d79-f05b-4dea-bbfa-b9a121fee8f4", "indicator--44c7c2d3-f768-4143-84d0-4994eba100d2", "x-misp-object--fed8de15-950a-446c-b45a-be7ded28131f", "indicator--424730a3-d4b8-4008-ab0f-86a7d157d85c", "x-misp-object--a226096d-61fb-428e-a5c1-e90cb67593c8", "indicator--1f1a6d16-b82e-44a7-a80b-c4ecc8de3f68", "x-misp-object--271b2ddb-776a-4903-9371-201a5fc9d40a", "indicator--901e56b2-8f8e-4f3c-b98e-812da51a8e8c", "x-misp-object--4978e001-da37-49e7-9401-22eadc89f2a3", "indicator--b941fbca-a22c-4ff4-929b-fd1cadfb7fbc", "x-misp-object--6730f7da-0e56-4dbc-a917-812a43136628", "indicator--dd07c58c-55cb-4f10-83a1-1a06dc64a1f1", "x-misp-object--dc4db6ff-2801-43dd-9fb1-aafc185e8c78", "indicator--b16200d2-460e-4519-8dc3-e2b344f6cf18", "x-misp-object--baccedae-b49b-44ef-9a96-77c1f0d1c78b", "indicator--f067504e-ada5-43cd-85f3-77c40814646e", "x-misp-object--9da7c678-13b4-42a3-b1d7-224235a95a58", "indicator--bf6795fd-f4ef-45cc-b33d-80a5e4d2b640", "x-misp-object--c918c925-f940-4b22-baf5-6a2dfb4ba597", "indicator--91ed5442-d4bf-4d87-a164-ab3d02136d0a", "x-misp-object--70d64ea2-0462-42af-9697-bea528a2cdf6", "indicator--a11b9dd0-c1f3-4364-9eb8-6b05e0a2667f", "x-misp-object--0f57c64c-7bbe-4f6f-ac55-7afcd42c3f35", "indicator--2233994f-677c-444c-b9fa-e7ec29fccf78", "x-misp-object--46fc2e97-93c3-41bb-9f7d-c0471e92a5a2", "indicator--7594f724-065f-4791-9013-fbfc82dfe828", "x-misp-object--990d2868-e933-4aa0-ad3e-d7265cf10e15", "indicator--7f0f2aa4-dcea-4938-8c5d-6364da9925c7", "x-misp-object--8e2ea5f2-dd27-4c61-8a30-47ac5289d93e", "indicator--eb0466e5-b50d-43c0-aa69-2f1c6c79d905", "x-misp-object--ca373d32-0ba6-466e-98a6-15f24d0c8115", "indicator--a7200b0c-fef7-4eb9-85b2-d618615c0809", "x-misp-object--bf842af9-f8e6-44a6-b7a6-3c24478cf079", "indicator--0f4bb689-990d-4905-907c-81a9351fb46b", "x-misp-object--dfa592e6-e771-4ee4-8eb4-1b6cfb89e77f", "indicator--a0b2b74a-c8e1-4d94-8949-55503c2e4be1", "x-misp-object--d57d34e0-267d-4d69-8932-7c53e3159081", "indicator--4825fefb-afed-42d6-88ba-2076ad113636", "x-misp-object--b55fbd24-5612-487b-a91c-e8a8550bf3df", "indicator--478f79ba-3f6d-4afe-9dab-208919ecb65b", "x-misp-object--fdb38221-5885-4819-8fbe-6397bad847b2", "indicator--7c7dee2e-2977-492d-aa98-5d4fd62eb113", "x-misp-object--34a6994f-068e-46bf-8345-bbc4635d20d4", "indicator--6c3a81d7-2298-4643-a114-979b560178b2", "x-misp-object--9122b627-febd-4ae8-a6a8-a26387e4188a", "indicator--6064c164-2955-46c7-9bab-3f2ba5ba4e17", "x-misp-object--a7233309-72f4-40b8-853f-a91d120f4f13", "indicator--d608b556-1e42-4724-bf13-92d382cc0875", "x-misp-object--d2be4787-cb80-4529-9bf8-fcf3efddbb63", "indicator--cfad1838-ec2d-4706-9c29-1add7cd262e8", "x-misp-object--9db29e33-08e0-465c-94dc-14bf1d1beba4", "indicator--d11dabb0-13db-42a7-8e45-d46b5be2d46b", "x-misp-object--39a6b77b-e8a9-4859-9f38-ad5511b67c19", "indicator--5316380b-6882-4fa7-bd9b-7feb1585ed6e", "x-misp-object--855976ee-8343-475c-89f5-09fcd75d0354", "indicator--9a4cc9c2-bd16-4336-a8f4-0b63238ce8c8", "x-misp-object--c94d77cd-e9e0-4db8-b96f-f2aff531545c", "indicator--e8c3711d-2475-4e1e-9bd5-8dfb243d6513", "x-misp-object--d1da2898-a85e-47b1-a1cf-088854edef72", "indicator--843f03fd-f8f0-46e3-afc6-48283b2c67c1", "x-misp-object--aba95b98-4ece-4333-a3d7-ba5d458d2502", "indicator--af6e9894-f165-457c-b788-04d7249d1994", "x-misp-object--7ba25183-ea7a-48a7-b08f-384f93f21ee4", "indicator--6f33a2fe-f083-4989-bae7-70dcea2414de", "x-misp-object--e8fae15e-e914-4136-b3f0-1d718f31713b", "indicator--57c4c25e-09d4-4be9-bd08-f90fe51f8ed8", "x-misp-object--c4096a02-42a6-470c-afa8-7e398c9440b1", "indicator--a1e23920-9593-42e0-a5af-ebf55ba78815", "x-misp-object--9fc57478-7b97-4f3f-bb63-7ef94c4b4217", "indicator--8bdf4abd-0227-4932-81a2-3e4852d27812", "x-misp-object--5540ba5e-d7d3-49c6-b9cc-e12710b055ff", "indicator--0d3626c4-d758-46c4-b1f4-f3ffb75548a5", "x-misp-object--ad748a67-b407-48c8-b20e-13d19eca50f7", "indicator--d7f97683-565b-42a0-97d3-bdb65e2fbd93", "x-misp-object--1f667321-a70c-4b3c-92f3-4d1cd1683aca", "indicator--32f451eb-9169-4c12-a78e-e55862a94f17", "x-misp-object--ea9d219d-6734-4c30-9739-4fd946062bf9", "indicator--8111e71b-c902-4992-a2bd-f5a9614cdbbc", "x-misp-object--04d5b57d-03a9-453f-b7a6-2f16a70b721a", "indicator--fa6205a7-6a6e-4801-89e7-8f25ba199a68", "x-misp-object--6ad6afec-cb00-419d-a3e4-a1b88248047c", "indicator--2fc50d7f-d453-4546-a345-d4bed46eee2f", "x-misp-object--749f12c9-3e05-463d-9c48-5476c87c8a36", "indicator--58af372b-6894-4460-9af9-6a6494e62084", "x-misp-object--fa5519fa-76cd-4283-be2e-cf479c538281", "indicator--d1910cab-795c-4542-95fb-09893adc810f", "x-misp-object--39f75481-6d10-4b0c-81c2-27d908d8d24e", "indicator--2dd3a782-5257-4c38-916a-9a98c9b58666", "x-misp-object--ee72a41f-34bc-43d4-93b4-6e7513bd3162", "indicator--62d23ea3-e22a-4cf4-9217-0e679882cc83", "x-misp-object--eca2a236-4a01-4a6a-914e-e95542c236c2", "indicator--553f485e-b4d6-4cd9-a92f-f8f1f089fbcd", "x-misp-object--af0a31eb-cf9d-442d-aae5-a1b510d0154e", "indicator--12f133d3-37da-434d-b28f-f13998690487", "x-misp-object--d6981862-91dc-42bd-afe4-78e54660f67c", "indicator--8d4d08fa-89fa-4a93-ae47-e6c385a9692a", "x-misp-object--121ff0cb-3515-41f2-a7f0-517f4734cb74", "indicator--dc27e937-a3fc-426a-8b8f-c2b01362dfb6", "x-misp-object--3aa13296-74d0-448f-946e-4d8dfea79884", "indicator--8be3bbf6-0270-4d09-8f15-278921cb1395", "x-misp-object--9ed15da6-ed0b-407b-b586-a94afc851003", "indicator--891011ce-df32-48cb-8d94-65d3fc5f8682", "x-misp-object--c5d5ae0f-a526-4531-9348-a609323990d3", "indicator--e65cdafa-8fda-4c15-b765-517ea37e400c", "x-misp-object--dd269146-131f-4691-8c24-a2ae13fff493", "indicator--e00c6822-899d-4ec6-85ae-67a45dc2e857", "x-misp-object--eeb4ab97-a3f9-4995-be2a-ae76257f32e7", "indicator--75925d56-de1c-4741-8536-dd11890d8059", "x-misp-object--5bfa528d-17cb-48c0-842a-d6eaa50ddd6c", "indicator--ad7fdb40-e118-407a-9787-47f0c12ca2f9", "x-misp-object--238e6584-fd2a-4ad0-8b8a-267df462773f", "indicator--902ed478-e91f-489e-806f-1ef9bdca36b6", "x-misp-object--6aa52ea5-c087-4ee5-82c3-7cfab18678ec", "indicator--598b04ce-e5da-40e7-9864-faafb34ec389", "x-misp-object--c0d2a4c0-2180-4ade-a8a5-75fc536af3e9", "indicator--6415e0f5-6146-43e0-bfb7-06ef088beccc", "x-misp-object--bec9b077-26d5-42fc-93e2-25690c9bb1a5", "indicator--f5fefe2e-5fc5-4a89-bb76-5a64c5775300", "x-misp-object--6642411c-81db-4e86-a094-aaa8caa8c6eb", "indicator--95d32e3e-18d8-49ce-b395-25c9bd0e4d63", "x-misp-object--9b6e178e-5b5e-4b18-800c-6de5e925710f", "indicator--aaab1a77-85aa-497f-b600-f08170e3dd11", "x-misp-object--06013ee4-86be-4174-a724-c99d5ef046c7", "indicator--6fadbbba-7434-4127-9bb8-937caf40dbe8", "x-misp-object--e875e51d-6da6-42c4-b9ee-6a7717def8e1", "indicator--3fe4d794-f60c-4345-8996-2d65560e411e", "x-misp-object--4ee103d5-0790-48b1-9407-e91e67854c3a", "indicator--ecc40381-0188-4695-a7e1-1f8752dfdb9e", "x-misp-object--f2ed2385-8cb0-4b23-9c45-6c5a682a2efb", "indicator--a4c4e3fa-fb63-4889-bdcc-743ed7a11eb8", "x-misp-object--232966f6-d638-4faa-b81a-66e273133adc", "indicator--d2ff7c1d-b222-45da-84c2-110cd100ebfa", "x-misp-object--8e781d79-b7cd-4978-8515-394ca1f48d91", "indicator--0de6bc75-19c8-4f53-b103-bd92fc36f4f0", "x-misp-object--e0454c25-d52b-48f0-911b-72f128304322", "indicator--1214d8ae-4a94-44e3-b79f-d2e7afc0818b", "x-misp-object--4effd1bb-52d8-4f35-b34b-c78d591ce23c", "indicator--5d73fa50-2098-4266-bc83-0a9addca5070", "x-misp-object--c23e5d0a-9014-4fe9-a86e-d1d53fde3bdb", "indicator--08636a98-7447-4e50-9578-93efa2fef7c3", "x-misp-object--991a8a37-e9d6-418c-8f99-fa5cf626362a", "indicator--f29547a7-5ec8-4bd2-873c-9c46e578c585", "x-misp-object--501a98f6-aaf0-4d27-8dc8-7d02d7cf0584", "indicator--0dca173a-8b40-47e3-8a33-dead4e124096", "x-misp-object--8b00d70c-2614-4efc-b5a0-a69f87d4cf0d", "indicator--0852caf7-8875-45eb-a91b-33d2334b172d", "x-misp-object--d4fdae16-e9e7-4111-ada2-171b8da4e5c8", "indicator--3cdd59f8-6d0e-413e-b96b-4ac44e6ce56c", "x-misp-object--2ffce14c-5ef9-4e63-ad94-9d81c43da9b0", "indicator--480a2886-8b70-448e-a467-91972d8ee88d", "x-misp-object--630d727b-ebb7-422a-9e2c-7f7d651462cf", "indicator--8fe13168-7f35-46b0-8673-334a93b1c445", "x-misp-object--7eccc0ad-3bc9-4f27-bf29-42c689fa8b13", "indicator--693eb4a6-6c91-4f3d-8a41-39b4a388b08c", "x-misp-object--217bde46-aa3d-4969-a68a-36d0385f7301", "indicator--61fb8e5f-2103-4a55-afb2-db120c501d56", "x-misp-object--a4d0a189-bce0-447a-bb3c-57f45d66d69b", "indicator--5d9cb84e-117e-46f3-84f0-5508358b9dec", "x-misp-object--610de0c0-a0c3-44ae-8bea-75a8d691a50e", "indicator--15c09bb1-2f0f-4e13-9722-d2eda392d772", "x-misp-object--7f0a542d-75ec-4857-8d9c-2c2feac75c60", "indicator--de874556-ef37-403a-9d10-fa16f100b3ef", "x-misp-object--fef9c7a3-2181-484b-bc36-6f4352cb265b", "indicator--b90c13cf-564f-496a-99d7-29c19e842eb7", "x-misp-object--fee9a30f-77d8-4e7f-a9ad-aba3bc0767ab", "indicator--df08daec-a00a-43b4-8601-d515dc2651b0", "x-misp-object--07d36978-be41-47ab-8996-78330168c467", "indicator--e7608a9e-eaea-4cad-ab79-18e62041c6e0", "x-misp-object--faad4461-56e8-4856-b5a8-a9655b7a27fd", "indicator--963635bb-375a-4bfb-acf5-d01d25647a85", "x-misp-object--b393d054-939f-4cf1-94da-8a49e472be24", "indicator--c1f29f2b-4ded-4ed9-9459-f32dbd82721e", "x-misp-object--3f631738-ec40-48db-b60a-7b51df7fb5f6", "indicator--08d27827-1254-404c-b30b-73b3be143ede", "x-misp-object--a4bec410-e2dd-4406-b859-6179ed1201ec", "indicator--63a3faa1-d34c-4f73-9aff-9baca3137eae", "x-misp-object--39e9da1a-04ea-4f8a-92b4-83c2b28af2a0", "indicator--97d056b4-77a1-4ba4-a9db-bae0cf629aba", "x-misp-object--0e895b28-8b79-415b-9795-85c278ae5448", "indicator--09dda9cd-6cf1-4605-95e5-a025d9038f02", "x-misp-object--8005aad4-bb1c-47dd-8cf6-5e31eb8e85d4", "indicator--3e18aef9-9f41-4f5c-84c1-1a9e45d094fc", "x-misp-object--763b5eb5-7aa6-4e5e-ad34-51aa053692cd", "indicator--ef35229e-e31a-460d-a92a-2e68594da9da", "x-misp-object--87dee87d-1be6-475d-9a87-f8872a53a501", "indicator--e8030f48-91fd-4f6b-b8ea-cecc32f6a78b", "x-misp-object--deb59489-ba40-43d4-b4ab-164d41931d90", "indicator--c84edebc-c688-408e-ad95-7a021be439cf", "x-misp-object--548bb10a-e236-4d27-aed2-fa6137c005ae", "indicator--c6bdd2f7-846b-4054-98c8-b022f346923c", "x-misp-object--400ea43c-ccc4-4e2a-91d3-0f1785b2f42b", "indicator--18828ed6-01af-4af3-ab4d-fca690d96af3", "x-misp-object--2ecf2c6f-1090-4fda-804c-514e7dbe4943", "indicator--2778deb9-c215-475b-b26c-1658a49e0c97", "x-misp-object--c37dc55e-4889-4204-abee-1e8e26c434ec", "indicator--769adf14-6a7f-47dc-b97d-3a7d94fee27b", "x-misp-object--f7bec7d6-bdbb-4134-bc6b-913adb67abf3", "indicator--cea3da5e-0781-4762-a3b8-4c500d2f5eb2", "x-misp-object--6ea26dff-4241-4783-9fa6-acde12bd3821", "indicator--5a1c17f8-2f91-4529-b7b0-f5fd54c0d7c1", "x-misp-object--29ea3c62-b290-46de-8d0d-fc15e8b101ee", "indicator--0b6a4da5-0bba-48f3-868e-9a13e381aeb6", "x-misp-object--b279bb8d-cd93-45ad-ab71-bd1ab6f73374", "indicator--f0b4b63b-d2dc-498d-82c4-2336a319e7da", "x-misp-object--8c9ae71a-d8cb-4fa9-9db5-27afe3787bd0", "indicator--13d97b4c-5ebf-4c4e-b053-23a65c88d670", "x-misp-object--afc87775-b270-46ca-a6b3-420a46e49a13", "indicator--834d3a9f-32d7-4e85-91d2-c5127dd44a80", "x-misp-object--d7e2184f-3d98-4617-bebb-a7d5b6f02cc8", "indicator--1cae09e5-ff7a-4a82-9577-fe163db614ce", "x-misp-object--59739339-aa52-4345-81f3-48eab8bb78bf", "indicator--808620ce-1aa5-4f04-86af-a9bf134b7623", "x-misp-object--5db01ac1-ff59-4b8b-bb39-c0a3d26d50fd", "indicator--220ab859-2e0a-4cd8-b7a5-533400015a1c", "x-misp-object--49e6be60-5f03-4f64-8477-7dae8f91abc1", "indicator--de3c5515-69bb-4285-9c4f-fb3ee777ce49", "x-misp-object--984595e7-dce1-45b9-a410-2294d6fb28f2", "indicator--d51dcfe9-d081-4a2c-bf88-b984c5cb4a0d", "x-misp-object--25fb5c72-5de0-425b-81d2-4879e920744e", "indicator--ce35ad64-3e90-4857-bfa8-7d574eeb63ee", "x-misp-object--7b9b54ed-c035-476c-8474-6b5239f424ae", "indicator--a372a0f0-51f2-4b79-86b3-d5b6611b0530", "x-misp-object--4f37be4f-53b9-444e-93e6-32a31d8cecdd", "indicator--d63422bf-765c-4422-bae3-e05722b7f50b", "x-misp-object--5b62e69d-b12c-45ef-a7bd-92a71dc212e0", "indicator--0a9c29f7-5eb4-4f37-9857-a94edd3484a9", "x-misp-object--9724179c-5715-42c7-bfd9-4375d2987e24", "indicator--0dc9e074-7188-49a7-8cf1-61c271067d0d", "x-misp-object--44d573b8-8c3b-4f81-b359-b44706171679", "indicator--ec57281d-a52e-4ec3-9864-88ecf7d077ba", "x-misp-object--ee086507-5a2b-4b5f-af7f-67efcc717313", "indicator--60f91c41-4fa6-495e-859a-d5728619dd96", "x-misp-object--439fe388-297c-4b78-82d2-4228f0918a54", "indicator--9dc9c877-a7a9-41c8-8896-95614059c37a", "x-misp-object--ff2fc6cb-0daf-4349-bd62-b213f05340f4", "indicator--6b00327e-4ddf-4dec-a46a-7833c829ef78", "x-misp-object--725442e5-1e94-45f4-b174-26c11c4375be", "indicator--8f60f10f-0bb2-4abe-96c7-870315a567d5", "x-misp-object--66262593-7c34-491b-bd63-bae2c5717a2e", "indicator--4a596c88-c2da-4708-bc04-8137ec167945", "x-misp-object--81b66735-8b1b-4ba7-9930-47afc63d8a2b", "indicator--25fc58fc-4486-4519-8f8a-b37ef6ab6431", "x-misp-object--9824f125-6779-4a9a-bd60-063532f4ed5d", "indicator--bd63552b-3ce3-46f6-978c-5b6b15ea5b0f", "x-misp-object--3df48e75-a739-4211-9407-6311765cdaa9", "indicator--a4b3cf43-3ee3-4127-9013-8ff15a37ef5a", "x-misp-object--1e4f61f4-b717-486e-8313-76ca42f9d871", "indicator--41837ce0-6fc9-4bf3-bbd7-b5db13b56d8a", "x-misp-object--a480ec19-a2fc-4c23-a2ba-d901c3e46209", "indicator--2a34cf03-2091-4bd1-bfc6-b0c4f096701c", "x-misp-object--045a999a-05af-4f68-97b3-c67877b7306f", "indicator--eb9212b0-60a3-40d9-b087-27ab8db99dd6", "x-misp-object--de7e7abe-cf70-41bf-b039-e3e9e9118bef", "indicator--c4a5d335-d05a-4f1b-927b-f07d48ceeade", "x-misp-object--ffd6cead-93b2-4611-b25b-a918732de14e", "indicator--387fd63b-aefa-4afd-853c-caf75eacdb7d", "x-misp-object--a518f4a8-4592-4a87-a370-8bf4338440a6", "indicator--bf1d74a7-6453-41df-b8c0-c8036ca30e3b", "x-misp-object--e24f718d-46ce-48de-a1d5-5b59fa3fcb50", "indicator--f9bd53e5-f96d-4b52-a85b-d008fb299c67", "x-misp-object--ed42186f-425b-4534-9e72-6d8667bc2763", "indicator--6057798b-3af5-424e-9be6-1f63bdbee336", "x-misp-object--82c95c8e-9acd-4d94-84bf-a2732dbbd804", "indicator--c307c82e-5ee9-40b4-a57a-bc100bc9d5dd", "x-misp-object--d1ae46d6-dff2-42eb-a2eb-3caf259da849", "indicator--9d27efc7-ae77-4a63-8946-2b5f139d9ceb", "x-misp-object--24d1e65b-5461-4b43-8cda-af45bff380a7", "indicator--35446faf-0ddb-4f87-854b-385260b95671", "x-misp-object--835f33ab-3f7a-4ce3-8abd-aab87b77e4bc", "indicator--91f2a406-203d-4994-9682-e7108f0df365", "x-misp-object--8a91dc91-0540-4679-b542-4a6626806420", "indicator--5b141a34-9277-4a85-beac-d7493563108f", "x-misp-object--3e844dc3-b609-47db-9acc-099b34ce7d02", "indicator--047dc7a9-043d-4f84-8cdf-ab188f1bb32d", "x-misp-object--1199ba69-0bf0-46ef-b935-a55651b947ed", "indicator--e5c22d2f-bf18-47e1-b9f1-e649da622ba6", "x-misp-object--994fbf8a-51e0-46e6-acdd-8ce215181e20", "indicator--bc463676-fa0d-4152-a4ac-f9568ad30f21", "x-misp-object--9b02493c-909c-47f1-adea-240736dc4ed6", "indicator--e0309f0b-5aea-46c3-b31c-85409e2f1575", "x-misp-object--9347bd73-b4ab-4e99-83f0-a9b892bd2cd3", "indicator--a1f459a8-8d2d-445f-8ae4-be737e996cf6", "x-misp-object--631266d9-9ebc-4b97-b95a-9042ce7b37e4", "indicator--1c80147c-14a8-4788-a975-fca23e47c4be", "x-misp-object--82717ca0-1aca-4e43-b093-95115091b83e", "indicator--c2a8bed0-ecec-4727-aff3-9692b710ec87", "x-misp-object--0bd0a4e4-3dee-4363-855f-290fbcfb272b", "indicator--f72eda7d-b70f-4693-8822-0a78cfa8cc8e", "x-misp-object--463ae21e-bbde-444e-89d3-99479d75ae8e", "indicator--1e15b2c6-4e3e-43b6-91db-741c882e5f57", "x-misp-object--290a99ee-e5ed-44f3-b8de-a50139d24917", "indicator--eb99d484-d0eb-4eb3-97c7-8f2aff1583fb", "x-misp-object--6339d9ce-f18b-4cab-b0ba-90603d434da7", "indicator--7b96abe4-4bab-4097-bdb3-ac8a298c6796", "x-misp-object--7bd1774b-123a-4795-a208-e214b34da6d7", "indicator--790e9ba9-414b-442e-a128-1d3a40dd80f4", "x-misp-object--f34ac31a-c93f-46a2-9bc1-c0bb0941f729", "indicator--0f18d2de-6860-448d-87ad-d7daeb9022eb", "x-misp-object--78e30eb5-6d68-493c-b7e9-01d872e9b47e", "indicator--0e905908-feb4-4bc9-9c9f-be6c013deabe", "x-misp-object--2bdc1369-156f-4352-b274-343e87e014fc", "indicator--6620f764-ad31-496f-a9b1-1f5d3cba2720", "x-misp-object--e6afe7fd-4808-48f3-9e13-86d21eb5d043", "indicator--2c25a987-39a8-4df4-a449-34c6e50aaa83", "x-misp-object--d0988bd5-e3fe-4b3d-86cc-4f487be10b9a", "indicator--31aab19d-f800-4ef6-8d32-74c6db0f8981", "x-misp-object--d65a4876-fa23-4956-9b83-993ca4626952", "indicator--1f9dc79f-f7b3-46ce-a6cb-31984ae06835", "x-misp-object--33a5510d-f8d9-4e09-ac75-a43c9fa9c815", "indicator--af2c0ba7-1d20-40b1-8df4-ba840f095ec5", "x-misp-object--0f05b691-83cd-427e-b4f1-d023a58e914b", "indicator--e4037054-8a55-4fdc-8e7c-6c8ee7055455", "x-misp-object--8d164152-93e4-491d-8174-71ce50247de7", "indicator--e1fdbd81-ae8d-40a8-8a37-aa3da6836d41", "x-misp-object--d8d6cc05-a655-4af7-9dae-3486ca8047f8", "indicator--9d6f735a-20a6-43bd-bd48-cc666ccf0bc3", "x-misp-object--16861013-0e17-4c80-9221-24cc9b73b85b", "indicator--9f72b5eb-27e6-441d-ab60-7fd97834c781", "x-misp-object--b3a698f4-af39-4d2a-b5f1-0826edb603f1", "indicator--dc226cf9-3901-4edc-90f9-9de75bd2d00f", "x-misp-object--93d35eb5-e307-4820-a47a-a57aa72cfe2c", "indicator--2cabe989-3926-4b82-a18e-ee6350cfb8b1", "x-misp-object--2b338a76-e93c-4865-86ce-579be4f77db0", "indicator--96a29e4d-f0b4-46a6-b1fc-7149ae1ad279", "x-misp-object--31c7787b-9094-44df-b7ca-87a0e7021c77", "indicator--49eb8d09-d848-4ff0-8816-a3d7326ebccf", "x-misp-object--062efe17-65a7-4b2f-b136-d58822c364f1", "indicator--db7298fa-263b-498f-960f-1b194cfe4de5", "x-misp-object--e2c7bb3e-63e8-4dee-bbd8-b7d6dc6e2e02", "indicator--1e073b10-f5b2-4b40-b03d-2ac3c346c623", "x-misp-object--78957d62-12a5-4e50-95bb-1bfc7d52c0a3", "indicator--7b06cd6d-1b04-4eb1-a5b3-5ac16957a74b", "x-misp-object--225b9831-90f0-4a1d-b648-39c64b06e224", "indicator--4291cde9-27ef-450d-92ba-2744f8c947b6", "x-misp-object--c144293b-4b7f-4679-904f-b7434c4d9c8a", "indicator--42f53055-e221-4cf7-b437-044ce5ca2211", "x-misp-object--178b2283-f003-4655-adb2-b3eb8bfb8661", "indicator--e077c8e1-eee3-490d-a8e6-650a84d6da8d", "x-misp-object--3da85cd7-1e21-4793-afa9-f535e305f09d", "indicator--096051f1-52d6-40ff-9a26-27cc4cbd5340", "x-misp-object--eaf1bd61-312a-450d-a6ba-98a75c96cc4b", "indicator--e75a5ddc-399f-4cef-b8ef-3ba62b37f3fc", "x-misp-object--691f5fc6-1432-4104-b2ab-91845bef1c80", "indicator--6a5297e6-1764-4b15-833a-dcf2da04d712", "x-misp-object--9c8c3b07-a837-487a-84d4-2bc1dc29af73", "indicator--0e099433-6b3b-4670-aee9-8b7df2e13945", "x-misp-object--95dcd0fc-b65c-4d8d-810c-254cb5b8a74f", "indicator--7bc9e536-46da-4612-85ef-3ae475a779e5", "x-misp-object--164e873a-a433-47c5-b72a-871a36a0277a", "indicator--a4efc00e-8725-46d8-8eea-f816f13f8217", "x-misp-object--61f15f05-9676-4c7f-9d50-63725077ca79", "indicator--5ac70318-589c-4c88-9b83-9e3c52632fee", "x-misp-object--cd1c5269-192d-46b2-8484-d5672a05cdd2", "indicator--8e994ef7-443b-4711-a08b-5a654a62ca50", "x-misp-object--bd08d423-1190-4b66-9395-012fc9783231", "indicator--a6c70bd6-5746-4f7d-816e-13c91d9750c7", "x-misp-object--af5461e7-5cb9-4010-b77e-07e856f70881", "indicator--963eab17-4976-4e37-a597-18564603f162", "x-misp-object--02d36b0e-fd99-4989-9d36-810644b59d5b", "indicator--986317b2-6bcb-4cbf-97a0-fa7112dd0685", "x-misp-object--7c1083ee-e7b6-482f-9879-13ec6ee3c5c7", "indicator--f1cd008e-8200-480d-a5fb-8e173036480e", "x-misp-object--aaedd3d9-81ad-48d4-bb08-21118d6c5c92", "indicator--b3c485b6-9b8a-4569-ba1a-8b9d6dda76b4", "x-misp-object--69b65471-2062-4ad8-8af4-58686651264c", "indicator--ef8cca41-43ea-487a-a1ec-12b5fefd4e8f", "x-misp-object--039b1866-5082-48d1-ac4f-8458c388d040", "indicator--226fe583-a514-41be-bd33-7866c1179721", "x-misp-object--0ffab07c-a846-47b1-aa43-521be8c2a596", "indicator--50dec8fe-3cd0-4f41-a870-20a9b6db6128", "x-misp-object--3c4872eb-8452-4a07-b687-9c0f6e7a095c", "indicator--c47ca59f-8107-44e0-bede-9da7ed3e3ddd", "x-misp-object--06b80fbd-8d89-4ff3-a9c4-97c0f4799814", "indicator--793a3327-6441-4b54-a2d6-60235d929428", "x-misp-object--8485114a-e92b-40bc-a589-7c4820cce159", "indicator--5807ca57-bc74-4766-ba66-c3799022d537", "x-misp-object--5103ca8a-800c-49b0-9213-441f504a0ef9", "indicator--4eaa3b4f-092f-47d3-82c1-737f44a09d84", "x-misp-object--fef1241e-6180-442e-a04f-37882c440f94", "indicator--f19f7fe6-911c-4772-b318-3fc134181a04", "x-misp-object--d4381004-4cb5-4eb5-ace2-c1e4a08fbfb7", "indicator--01b59dd8-4bc6-4e51-9e74-355e39d0a682", "x-misp-object--4cef2bfa-e8af-4f8c-beea-1e92db05b867", "indicator--dbf658d0-da2b-4e98-92c8-4fe1014d7849", "x-misp-object--1d589c18-3ec3-4138-8e6e-ca6f296f1847", "indicator--13b44bea-1d81-49ef-8063-f34bffa7bc4e", "x-misp-object--3af0974d-d8d7-458f-9b9a-4db4aa839f43", "indicator--1a53820f-5888-4777-9aee-8b8e0b61bed5", "x-misp-object--ada1ab8f-647a-4bd0-9b40-355d456990cb", "indicator--1429c623-c7c9-494c-9515-6f69b26cc3af", "x-misp-object--b4d4de39-ecb9-429c-9ef6-a9db4f14947d", "indicator--45a7c66b-623c-4608-856c-f81e805d30f0", "x-misp-object--f1af9694-19f6-448e-99a8-4bbcbc9627b6", "relationship--8524226f-c818-4d6b-9fa5-2347f4378bd3", "relationship--4983605c-e26e-49f0-a290-544e254a0d08", "relationship--bd2fbc11-323c-4281-9cdb-a717804298f1", "relationship--f4d38b30-004e-4ee6-8e1f-8a2e925e536d", "relationship--6acc04cf-39d4-4f14-8785-e2569a34a5ec", "relationship--01c0cd1f-2f1c-48b7-905f-125f4df182f2", "relationship--cad69ce8-5d3d-4c11-af4b-8d62494307ab", "relationship--78acc9a5-1266-4f97-8d44-588aa520116c", "relationship--e455bb35-7bc0-4d74-b562-432ad66dc98f", "relationship--2eb86ffa-63fa-4ae3-850c-fbaade06d20a", "relationship--faff92d9-d4b4-42dd-aea5-31d78086ca9d", "relationship--7e4269d0-3998-408b-bbba-a6aca37fc87d", "relationship--6f561c24-01d3-43d7-ad32-40f71b971e9e", "relationship--2d7d6a9f-9698-4809-b60c-20ce470bdf88", "relationship--afb63504-0e4e-4956-81ed-9ac82998b0ed", "relationship--2ee8bdf5-e461-4b3d-8f81-983a612030d8", "relationship--a9f84a58-3c6b-4b67-9447-d9bb88759ae6", "relationship--911f08d4-a530-48b3-a393-661efa214bc7", "relationship--73b2bc84-c929-42c0-af0b-b757073219d2", "relationship--4299f1ba-7da7-464a-b99a-babb7f349243", "relationship--4d5afdb7-e6c6-4106-9f12-5d8742459d5e", "relationship--b99a23b1-20d3-48e2-9d38-3dd634885143", "relationship--5b22b578-724d-4d34-a438-383e3e05ea1a", "relationship--bc26c85d-bdac-4c29-93d4-1fd9d3aad42b", "relationship--9ec9ff8c-f16b-41ff-a8d6-cb0e10db118b", "relationship--a1b07caa-b103-4ec5-a289-4be189273264", "relationship--96440039-de88-4964-9116-b3d62b0a1e78", "relationship--cf19c146-8fab-482b-aaa0-1f4c56a6d33a", "relationship--f018a761-4c35-46d6-ad8c-1913c06549b7", "relationship--62a84ab7-1893-4ea7-bec3-a6e78edd3b1b", "relationship--49b6d502-2235-4eea-ab3f-19c147ab76ae", "relationship--07ccdd04-7f81-4c8f-863b-b08387f88492", "relationship--bca68e99-3f10-4493-8137-b95c947ecf50", "relationship--8d3801fc-aad3-41b1-96d6-c3ba6dc05099", "relationship--e260ccc7-6ac0-4785-8a4e-df8e7b7ef9c4", "relationship--ad53c28d-a2d4-4f09-a493-4d5a1929b703", "relationship--b737fa3a-5cfd-4c67-8a96-151acc370976", "relationship--9de28e7d-0d4d-431a-b501-176585fb695a", "relationship--2c0ed56b-9b80-46f8-a372-626caa3af3b4", "relationship--b05693b6-e947-4b73-8e0a-7b0f48413f72", "relationship--3d16dd80-c906-4cbc-94fa-e8aec5a44195", "relationship--8283a87d-e332-4606-bbb3-e6a952b6c951", "relationship--58f15b02-9483-46a0-ac3a-9c5d26b87e90", "relationship--94dd1fa9-e4da-4693-8c5e-545cac87fe2d", "relationship--267943e8-ead2-4161-898f-ee09e309b999", "relationship--4eacc473-c1c5-4320-848d-325a86c77cdb", "relationship--1b925c91-15e5-481a-8a0d-21fce7b470d6", "relationship--527024f6-eed7-45de-b376-1c7604836a06", "relationship--139dfe65-8fa3-485a-bb32-836d00ee4583", "relationship--1f8850e8-46ef-4a31-88d7-d411451236ce", "relationship--369b9b62-a9ce-47d7-8cca-41f45b5d9169", "relationship--9b852df8-14dd-4dd4-afd1-8bf1d54ca6c5", "relationship--1a37cfc4-062c-41f3-907f-865379bb9247", "relationship--881b81d1-6249-4293-ad0f-79d1116f8aea", "relationship--4489edfc-5f80-4cde-b985-f673c95332d5", "relationship--b15043b9-01a6-467c-8c92-cfd3008757b4", "relationship--568dc793-59dd-40e5-859f-16b76da04182", "relationship--ca4fda7f-4ebd-4387-b9cb-6db633b89b90", "relationship--f68960a7-33cf-4faa-9a5c-b642d2c290b0", "relationship--2c886445-da0d-4ac3-aecd-dadd3c760a36", "relationship--f8b24609-ab92-4a9b-929e-14e5faf6cbaf", "relationship--2ceddfa6-80db-4424-ae96-d3baeaf20a2e", "relationship--cdde5ec8-2384-4d71-9353-e179b4906d18", "relationship--e0528c19-98cb-40e6-bc85-981d6eef8de3", "relationship--8ce9ddac-eaed-4018-9798-f207500e372c", "relationship--82c6187f-07d5-4ca5-b1ce-6d2173820d21", "relationship--fafbd7d7-9de4-43cc-be75-bfe028cebc6e", "relationship--fdc2cffd-25e6-47c1-91dc-e8f674df8b58", "relationship--6a103373-1a6d-42c9-9fb3-7554d39588a5", "relationship--5c21a97b-fe17-482b-a2d3-908d9ccbdab4", "relationship--6bb95631-4257-4c3a-87e2-083e4de3b228", "relationship--282d4fc1-a8bb-41b8-9999-d4f41dd192a1", "relationship--631150ac-92e6-4721-8cae-1501f1d79b55", "relationship--fef75b8f-7df6-4a48-a5ec-5a84bfa9b17a", "relationship--25596eeb-17fd-4eb7-afd6-e0748986b0f8", "relationship--549c5d39-de7d-46ba-8d39-51a72cc1765b", "relationship--48f33ee4-d3b7-4d7f-be48-9bee7f89e288", "relationship--825f8054-8dd9-4bfd-a62d-a21dfc48ec6f", "relationship--41871b2e-25b6-4c19-959d-8e1f6d8fcace", "relationship--2ea2a8e8-ceb5-4295-9d75-7415aa8fa912", "relationship--71ce98f0-7344-4a83-909a-32f06555745e", "relationship--aebbe93c-6da5-43e8-bf3c-338cdc2eadb6", "relationship--a8d54591-290d-4be2-a27d-9192687cb29d", "relationship--ae06246f-9d26-407e-91cb-0a8a045c9d7f", "relationship--54fc8793-c595-48a4-ab8a-9065000f69bc", "relationship--aadfd850-f59c-4cdb-8d7e-8b2af57d6bde", "relationship--7c6d64d7-2d4d-4dbe-a774-6cad374d854c", "relationship--e8f2a5a2-c692-411d-ae82-185c1aadb5e5", "relationship--0c0be9d0-9716-458d-99da-06eef4dd9505", "relationship--b7d9b6da-3937-408d-8143-15e82d76ae6b", "relationship--d7828fac-e730-433b-96b4-4622c128d149", "relationship--d24702df-edbf-42cc-915a-da60913ea194", "relationship--115f4090-256d-411c-a311-b00f7c0b1aef", "relationship--7d94a71e-d850-4a9e-89f5-a0a7ab42c14d", "relationship--60a65eee-1c47-46df-ad0c-d6aae303b443", "relationship--177d6aa8-5af0-42f9-af77-523e56bb7da6", "relationship--b44537f8-2860-42da-8eec-e5808840f179", "relationship--3df0abfa-9a08-4e4c-91da-bbde6a69bafc", "relationship--eb92b0c8-5a51-4e5c-8c83-a02e7a4b2cc8", "relationship--31f90967-0d2d-4671-aed6-52b6b4b6f4da", "relationship--e9d4ca6b-e10a-4a96-9d45-7cbed231ad13", "relationship--018e01d0-29fd-4f8f-be8d-a0ead8d64d41", "relationship--1e300d24-23db-4381-97f7-6d2b45f5133c", "relationship--19e5323f-5504-482b-8d56-1af42034364b", "relationship--13465fea-3187-49d5-a3ff-fb3d847d09d0", "relationship--e15a560e-f139-4045-893b-07c9ce18cf07", "relationship--17d31c07-efec-4353-8e3a-fbadb87d45ee", "relationship--5a34b812-70ca-4d7e-a2e9-0b967481f8fe", "relationship--37db2053-0e97-4a3a-b3e3-22130e951067", "relationship--152dd14a-fe35-4528-a46d-7cf56418ed24", "relationship--fec6344f-6023-4e3a-b9a6-20c660264b11", "relationship--ecd58f58-68df-461a-9e96-1464846bb479", "relationship--5a8b0b98-4e36-402b-a7f7-dc695615c6af", "relationship--1d2784b8-4dbf-45d8-8e90-023d2b962864", "relationship--052adc79-f041-4907-bd37-1429094f574e", "relationship--a604f387-cd73-45dc-9ffd-23767455605e", "relationship--de336815-8c98-47cf-a16d-e7566f0537c6", "relationship--edb756a5-1671-4cce-98fb-84c5719221fb", "relationship--03ef7214-143d-4474-874e-ddde009d4cbb", "relationship--4e04c30b-8249-48fe-b939-a5791a704f9f", "relationship--caa27ba8-0f47-4d6c-8f71-3800bc59545c", "relationship--121ef90b-cb38-41bc-a6da-cf3517162d2c", "relationship--72997182-3048-4a39-827d-2c9c148cfc41", "relationship--cbfc17ad-2dcf-4cda-8818-c3adb9a603d5", "relationship--e9814300-5336-448c-a02c-c8e8dce99b4e", "relationship--7f45ae27-6f98-4819-a265-afb81eb34665", "relationship--9172da67-f59e-47e7-a795-74e8454a637a", "relationship--21eca4d8-59bc-4488-b43c-5313c40da28c", "relationship--6b66b7aa-bf0d-4acc-a1d1-c12896eb96ca", "relationship--ac99acb0-6c96-4988-bd20-6d32de9c0675", "relationship--3fa3f122-79d0-461e-a9de-aef78a087014", "relationship--b8a45269-1d1a-42a0-a44e-ed82e0cbed7b", "relationship--226154bc-adb2-4deb-b262-bad3473be0c3", "relationship--af2a2f57-881b-4063-9d16-74badcd601f1", "relationship--cf840de9-b416-48b4-b342-87df0ea575e8", "relationship--7f895b58-e019-43a4-8cf1-a6f4b48f1e07", "relationship--a2e4efe2-4482-43a0-a22e-8fd3722afdd4", "relationship--0a19d507-ce5b-4649-8657-dd7b20f7e4d0", "relationship--0d7d0cfb-a53c-47eb-8422-3eebd66514c0", "relationship--dd07d4bf-4134-491c-99e8-d9008c2d668c", "relationship--0cc5490e-9a03-45a7-acb7-ba19d486d8c2", "relationship--3e192b7b-e4ed-4b03-ab4c-f0dcacbb0ccd", "relationship--6165c56d-dd57-4514-b3bf-5b9528e123af", "relationship--cc463f7c-c961-448a-a5bf-6cca8c4fb04e", "relationship--de94edca-12c0-46df-a85f-57021892ff5d", "relationship--d1efbb47-af0c-47bb-b66a-a5759af1b9b9", "relationship--b9ee5a8f-9e52-4d39-8ffb-08b512577fa2", "relationship--3685f535-f9e3-4b36-908f-eddbf1acf72c", "relationship--d4d9cf95-7da8-481c-a71a-7e207159968a", "relationship--7b5d729c-df0c-421f-ad81-7c72560fcce9", "relationship--3dd80056-46ad-4420-9c18-99d4acd35cce", "relationship--6f13cbfe-0f2d-4536-9745-e71a4ec14132", "relationship--15ab1af8-4826-4f0a-8bac-cf793a118073", "relationship--321487ec-3356-44f1-97a8-166aef752e16", "relationship--f8940ed3-2fad-4145-98b7-bb4652272262", "relationship--c09e535a-65b8-413e-a5f7-8f1ff87cbc20", "relationship--c365aba5-b26e-4641-92cb-1ff7e3d7636b", "relationship--d189be0c-5829-46dd-863f-26b5676c01f9", "relationship--5dc9211d-c1fd-4e93-aca7-4a489d3aea72", "relationship--d9eb4803-c837-4ecf-a185-0255b1e1fad8", "relationship--193a4de9-e903-4d30-9d6b-7ab2fa69741b", "relationship--0bc4a8a4-5f97-46bc-b385-7528e508d385", "relationship--833c6193-f759-4c85-bab1-0e51e6782d29", "relationship--5d40e22a-99e9-413f-a69a-7b544a7d1c63", "relationship--7e2617ff-ab5a-48ac-af6b-cbfc3709f897", "relationship--e63a5b9b-df59-4c94-92d2-8c0fe48c024a", "relationship--ed24479c-05e9-469d-b123-7909e0c2af19", "relationship--b0b6adae-70a3-46cf-ad84-53cd0a8b6b42", "relationship--14138d3c-2a0f-47fd-b6bf-6a82f456bc83", "relationship--d0ec6ad0-504e-4f5f-a897-1bc2129d17ec", "relationship--0fb70f47-13ab-4dac-9145-603952fbae45", "relationship--1021b638-e4c4-40fa-b072-5eb0473b2feb", "relationship--7ce19e0a-8b21-43ae-b577-623ab5cf2446", "relationship--78cd048c-9644-47ed-840e-e5e90fd74d83", "relationship--7a1c4a9e-e1a9-4a23-b36a-28574ce1bbcd", "relationship--00224f11-f77d-47f4-b551-a547d6fa313c", "relationship--83851036-ff40-4eff-a3fa-48865dd493bc", "relationship--49e42226-e863-4a40-b332-3d221fa89e0f", "relationship--b58ca582-54f0-4531-9409-bcea34c40389", "relationship--5e6e5de9-1893-42f1-8c27-b38e6ee8e5a8", "relationship--ea63931d-50d2-40fb-a4b6-41c5fc782935", "relationship--1165a607-e1d9-4d4a-9dde-336e8af4096c", "relationship--2b4a4878-e63c-487b-b7c3-3175c24e17eb", "relationship--4331b89b-bab4-4308-84a0-96b6a24c80c3", "relationship--4afb6351-7653-42a9-8e0b-4125d7994a11", "relationship--64fbc438-c7f3-47dc-b275-c31e5bc46344", "relationship--8e5dfdeb-cca3-4810-ad27-cb621a0d8306", "relationship--a77f0ce0-8c1b-4e56-91b8-82c8c780ff2d", "relationship--0a93a781-c873-4fc1-a84c-75e797beb40c", "relationship--edad3875-964f-4e1a-a173-f3d68fa99ff4", "relationship--3e7a5814-85be-4368-acd7-ba36af60936c", "relationship--904aff0d-6eb4-4fba-91ce-221618b5578f", "relationship--cc6815e6-7c26-48ca-a6fd-b7d11be90da9", "relationship--dd6a7445-1a71-4877-a4e6-1ee339cbb1d3", "relationship--07ba961f-5057-40ab-988b-dfad0d8fc99e", "relationship--4c1e5906-a849-40fe-bbbb-fadb81c5aa2c", "relationship--13e7ef80-9265-4852-bc3b-8ff825b744ee", "relationship--eec92dff-aa13-4f37-a774-dbf6d9de9a12", "relationship--4233b7de-69ec-4ff4-b477-9372d00eb024", "relationship--81510441-72aa-4ee2-a752-7da052d35fe6", "relationship--e5287f7a-69d3-4152-bf2e-0cc1fcdf5f19", "relationship--24dd237e-493d-452e-8cbb-a9d4d14cc8f2", "relationship--f47b22e2-6bfe-4d23-b0c4-b6852e3f45ec", "relationship--ba5587f4-0e25-45de-a6d6-39509ecacbf5", "relationship--eed1f17b-355e-4bb6-9708-5df11b90a413", "relationship--accbde32-76fb-4506-b4dc-cf33671b15ce", "relationship--386868cc-ae6c-476e-8b79-2c70d6247c15", "relationship--41ca4961-a899-4dd5-acb2-bc85c5ff5026", "relationship--5f9583c3-0137-408d-95c6-f4dbbb5e4aae", "relationship--33535d7a-bbfa-4424-b935-2f0cae526f1a", "relationship--ee0a8634-6f5d-4c6d-9f83-cf0cc7c65bc8", "relationship--a49ca78b-d454-4be7-8860-f39f4808bbbe", "relationship--cd139a3e-2b6a-43dc-8966-6ac2ee9d700a", "relationship--62481af8-cb59-4c22-a77f-5cefde4d233b", "relationship--119b9e76-1bc3-481b-8d06-5758b8b51e46", "relationship--435aac78-f8fd-47da-a227-5123c09186fe", "relationship--2d102633-4849-4065-9362-faa7f84d299f", "relationship--6d07d9d4-dea9-47c5-888c-fb510c5525a7", "relationship--72dea030-e8fd-4df4-ac02-1e4deb6d7a99", "relationship--295d7376-6986-4721-91ae-bf2ed8d8e15c", "relationship--0953c052-7f8f-465d-8c15-585e7ce11746", "relationship--98fd78c6-9579-4be7-b5c2-fafc99157f39", "relationship--651b7515-cbc8-4c39-95d1-de4e58124e0b", "relationship--57a0b596-6b2a-48a1-ad49-1ed88da294de", "relationship--ae250be9-9b01-49fe-a8ec-5f2fb6df4e29", "relationship--2dc318fa-217e-4f92-b144-314bc575f7d5", "relationship--7f96c194-6fce-4084-9b1c-7569600f5ade", "relationship--ac48534a-eb81-498e-ada2-ff2c6e3ca331", "relationship--f5b22ab1-eb9a-4b60-82a2-c85793b0e976", "relationship--92bc31c8-2d66-43e6-b8b3-1e253985ef3f", "relationship--ba527f6e-af2c-44ce-9d85-dfcb132dbcd0", "relationship--038c62bf-38e9-4368-8487-70dfbff59f9c", "relationship--a0a68bb6-58e2-4012-986c-9cae85474c69", "relationship--1e4bb71e-977b-47ff-966a-87606b986e14", "relationship--4753db3e-caa6-40e7-9bd3-1aba9a9861af", "relationship--4591ed32-4e19-43a5-b68c-21ea5321b288", "relationship--52566fae-6ef9-4f62-9974-0e4e04fafa81", "relationship--d9aa6369-7076-4f35-b1af-ed9d0f896c14", "relationship--b0658482-5975-40f7-91dc-3c99c8b652d0", "relationship--7cff076c-d01f-4e05-a74c-d0c920a58746", "relationship--18fd0a3f-eeb4-4d6d-b677-077003b47dc2", "relationship--d4442e29-9b4e-4dc2-810c-5f856de70784", "relationship--208f32d7-d1d4-4cbd-8aed-c38bc00d60bb", "relationship--8de2c830-eb37-44ad-9e67-1ec03cadebc2", "relationship--5867adee-cc2e-45df-9a3b-19a3e69874db", "relationship--1b84730d-c1e0-40ae-9a88-7809a30b7e88", "relationship--60dad972-f99f-42a7-a49f-5f5f532bc0fb", "relationship--1f4ca59b-8118-4781-a0ae-2702761f9175", "relationship--2b221ad2-8945-470c-92f6-5e1a05f950da", "relationship--10178051-8f99-413a-a600-13fd8d2e824b", "relationship--e680cea1-10a3-49b1-955a-393d5cbfc0b2", "relationship--2c650844-511a-43cd-95d0-c0a628a738fa", "relationship--223b1150-36cb-48f4-a42c-b6d9b57b7fce", "relationship--d3554bdf-52d4-412d-a52c-dc3024674328", "relationship--a745350b-bdba-4030-9640-39f06f864c04", "relationship--d466b826-41bf-4c73-a5a9-d1559678b205", "relationship--c502c8c8-c9f3-4b77-905d-b3202777e02a", "relationship--6870e291-dd6f-454b-b50c-857a27640739", "relationship--82974672-bcb4-4272-9373-8946a57519fc", "relationship--bbb2361b-00ff-46de-9652-fcfbcb3802dd", "relationship--8d6c08f2-d085-4102-b8e1-cf2b11773a5c", "relationship--3f315fa7-c682-4442-bc24-6ac0cbed4811", "relationship--161a9173-d740-4fc5-9b68-7d52af466a75", "relationship--cff7dfc2-091e-42ff-a200-4be4bf643b40", "relationship--430f2832-2de4-4255-ac33-231ef13fd6c9", "relationship--b608e36b-761d-4a2c-a8e2-9b0d783a5fd5", "relationship--88fd7a06-59a3-4ef6-9378-6018c9b54a0c", "relationship--8002808a-3fb6-4ef3-9ff5-f22ca584028c", "relationship--5b4436fa-c4b7-4446-89a5-ae570cec9f2c", "relationship--3b476ebb-ffce-4782-b44f-b93dd2845c43", "relationship--c94264a7-8c91-44ea-9b3d-3f0c6f2b8ff9", "relationship--a565fb96-75ea-452d-a7eb-e2a7dbe82933", "relationship--ed228e62-8992-4a96-9517-3b3ceee82da1", "relationship--a9eb683d-1f04-437e-98cb-937127b38a78", "relationship--cc802941-c3c0-457e-b166-a79be2972724", "relationship--60e6e430-c02e-45cf-b69c-b53ca0f43e70", "relationship--350be120-469d-4d30-8884-45bf94f1d9ef", "relationship--ca116ad4-0e5a-4528-b931-4cf85a6f8434", "relationship--6f7111f9-9df3-4264-995c-a570f7d656dc", "relationship--a6179c41-0f3a-4b1c-9d31-5ea764e74483", "relationship--2a837aa8-0d35-4985-9e82-a4bbb2f3dd55", "relationship--87a8e573-91a3-41c6-abc7-6333776b575e", "relationship--e5210c2b-19ab-41c4-aa18-093b03b31a20", "relationship--89c2fb12-28ba-467b-9678-c1b906873051", "relationship--2adbf480-95bd-4519-948e-afad1685d2ff", "relationship--a469a11f-702f-49dc-888d-51a71de3b5ce", "relationship--ce0ccfaf-a973-419a-88c1-99035cbea395", "relationship--751eda9c-f2f4-45d6-aad3-1d133911cb03", "relationship--a1877da2-2989-4304-9333-2d481e54ea55", "relationship--d7e40294-adc9-4b7d-bde2-064739a1db2d", "relationship--4784a2c3-ee09-43cb-8aae-5511227a3775", "relationship--e07eaedf-95e5-4e69-8c22-647997f8eeab", "relationship--b2d674bf-06f9-4cf8-9b03-d4c53adabfa5", "relationship--5f87c060-6dd6-40f7-8d14-e27541bb9a64", "relationship--6140d7d6-63d0-4039-b3ac-3a3e40682981", "relationship--1cb61801-57e3-4f37-b7c9-5fe37d0c74f7", "relationship--81247d70-35b2-4d57-a9b0-e6fb86773762", "relationship--5ef7b51b-27dd-486b-ae42-6f22544871d0", "relationship--c1e9f7a9-bf8f-4f84-a9d4-c408cf183777", "relationship--b8acd508-7431-445c-835f-41dcd7453ca4", "relationship--8c1a9222-760c-471f-9385-67076a3ae801", "relationship--5b3102f6-2f18-470d-afd5-8ea102473ec8", "relationship--a57dcfd0-90d3-48d3-bd33-758927e1acb1", "relationship--90e89269-d845-4536-90e9-69e2f46614e2", "relationship--eded33a1-ce8b-4974-a0db-4d8460fb6bd5", "relationship--d77914e8-e57b-4e18-9d6b-9d29871b5640", "relationship--b9be729d-1091-4516-97e4-c0dc9d8558b6", "relationship--b54a9d58-0007-4095-83e5-8580c7c8934b", "relationship--e61fa3b9-f5c4-47e8-ac06-168f2c6b0522", "relationship--bc99f5d7-058f-44d1-abf9-c8f011e06984", "relationship--01cc13b1-713f-4c51-94d1-eda81b8f11b0", "relationship--8c3f51ff-c5d8-455a-908d-1ead24463331", "relationship--3c69e583-6ff6-4335-89ee-f7becf1f1096", "relationship--e4c85731-4537-4c96-8e1d-64dd3a8d21a3", "relationship--88ea597f-b4ca-40fa-962a-532c48d97af4", "relationship--31ed3809-a260-4db4-8f4b-a691f5cafab0", "relationship--73ee2322-b446-48ff-8a60-6de171536df2", "relationship--8c7349d4-e1e3-4832-a9f0-5f489b29d37b", "relationship--e23d13e9-e0bd-4c97-9981-f7a1f5056588", "relationship--73dc56da-6946-4699-908a-e862cd15fdc8", "relationship--9c09a598-e33c-48cd-b7d6-20af818444cf", "relationship--0c4a8ff6-a0ab-49be-a310-55dc24c063b7", "relationship--47330458-ba96-4dc8-ae0e-afafdbdef1f2", "relationship--9d152ded-9af7-4050-b99e-5b239116377c", "relationship--4f715f9a-85af-4481-9875-5a46355d3169", "relationship--5b77d499-28e3-481e-9b0d-75abca06d68b", "relationship--ba2ebeaf-0eb7-4677-a678-eb56dc28d15a", "relationship--2d6484d6-4ab3-496c-980c-652ad9cbc04f", "relationship--a0828773-87d8-4a24-802b-fce6aeaaf7c0", "relationship--25af22cb-b2c8-4636-9fc0-80c3c884c50e", "relationship--f2e367a2-099a-476e-817a-17e193ef94fb", "relationship--45583b91-cd59-4e14-bdbf-5d8432484c38", "relationship--e08d6706-a5f8-4d62-a46f-df6b39a381d7", "relationship--faf8f483-305f-44fb-a672-b053f60d92fb", "relationship--4a29aa6b-4aa8-4bfa-9ecf-1a9a16510567", "relationship--81ee7bd0-f0db-4375-bcdc-68aaeb7a93c8", "relationship--7fbc1c93-5799-4114-a8c5-31a9b25af770", "relationship--33c56b01-3587-4f68-aff4-deb1ae5774e4", "relationship--f6d01f98-9188-4c75-bead-5f8fcf768c08", "relationship--ec81f3ee-730b-4393-8055-f781749f434e", "relationship--b4461e10-3099-4407-a22f-c65fac0eae43", "relationship--1fea6fde-166b-4331-96f4-7f9b7c27ebef", "relationship--e07b3f22-f30c-454c-bfac-1f7aeeb2df9d", "relationship--03febe61-f49e-46db-9a76-43e40cb20c53", "relationship--426122ea-9810-4e30-b9fc-96aa4f187bad", "relationship--fc324ccb-be8b-421b-a650-160e2ea1fa3f", "relationship--ab1e7c38-163b-4f3d-96c4-5293eb7c9566", "relationship--a28d3f86-220c-4450-80ee-8941eeca4959", "relationship--7a772528-c4e6-47db-b6d8-97918f8e6969", "relationship--0d49c102-440f-46f3-8b77-9cfd55af3bf7", "relationship--bafb9796-9442-42b6-84ba-79fb8c62e6e9", "relationship--49c62b7a-783d-477c-9f09-aa29301f18d3", "relationship--c31c5efa-ddaf-4407-9af5-c106c40f583e", "relationship--4f185465-8e26-41b5-a086-7d188a659375", "relationship--7272e64b-08e0-4c16-9718-a1e2e15a45d6", "relationship--47fd1c0f-658c-47f3-979d-71b09eba9e4f", "relationship--25fe0512-b00d-465b-88c4-74d1c99ee83b", "relationship--553313e3-1a68-443a-a80b-0a814eeb970b", "relationship--d3b6fba0-b383-4947-b450-f570ef8fa005", "relationship--5eeb5e82-7c38-4af1-ac16-5f0e48365a79", "relationship--baf220a3-83ff-483b-920d-8a432debce95", "relationship--cc77a41a-8010-45c5-8746-c4cf88732f29", "relationship--98995eef-34d5-401c-88e1-d13556d65f78", "relationship--5d31876d-654d-4573-817e-0eb804790f90", "relationship--437211bc-c685-4788-bd62-c52a211edc10", "relationship--1fe5f77a-71b9-47b8-bcfb-c04866899559", "relationship--53c0ac77-34c0-42ca-91cd-d6ca2fc29e36", "relationship--fe2845d5-9bea-40bc-97e2-3f0e50a3bb66", "relationship--5fcddd1f-3be2-4055-bd40-7760a91bd0b6", "relationship--04ecaeb4-7144-42c0-a7bb-09b1ba92bd44", "relationship--3b07a0a3-56c6-48a6-a9fd-a44783eff7f7", "relationship--b67f998f-b46a-4dea-9b96-0c5bc644c16f", "relationship--53945e44-b907-4e2c-af8f-d49ab3832a63", "relationship--f0ef4775-357b-423e-873d-f7b9e96c8a16", "relationship--47818ce8-84cf-4023-ac87-b5d7ec55235f", "relationship--9c145399-a552-499d-ad5a-452a5bf1bf1c", "relationship--9d59577b-6f3e-4c68-a039-3c5ed0672810", "relationship--c6815009-bbe1-457a-a17e-8867daffddfe", "relationship--7fc079b6-3152-4edc-b270-5c6823d8c82a", "relationship--5e542a5a-c9ab-4b86-bc36-c7b3f02d0938", "relationship--6c71b994-c6db-41a4-948c-8e609f55ec4e", "relationship--c47e25ef-a1d5-495b-af63-c457789f5ca3", "relationship--47a8a720-49a9-4188-9ea8-cddb4dbd772b", "relationship--6e469baa-f6a9-4052-8744-733d0f39321b", "relationship--926a9ed9-13b7-4497-8877-641cc0925687", "relationship--9ecadc43-bde7-4151-8d96-d988ce9cdd8f", "relationship--d52a2336-db19-4bad-956e-f49397fe2e4a", "relationship--30b28467-fe41-4fcf-a1c6-805f3f0601b8", "relationship--b6dbb753-816d-4aff-8e14-38189ccdb054", "relationship--0abcd15b-73eb-4e59-bc63-850a456462a0", "relationship--221f40e7-c51d-4b8b-855c-6090343b519d", "relationship--d175ccf3-517a-4785-9908-7c5676639f7c", "relationship--0043c1a3-3431-4d15-bf21-3a548ba5c577", "relationship--24a18bd2-235e-497d-b58d-bd35a4da5a59", "relationship--ec69c413-faaf-47e7-a313-c6714ef5bebe", "relationship--110b22f0-7d70-420a-b51b-3dff844fd575", "relationship--9c91f96c-20a6-4a8d-bd7f-cb38644c5a47", "relationship--d8ccb24c-1e31-46ba-9c44-e00fd7f96410", "relationship--da771d34-6dea-497d-a14a-e0ee3889cf88", "relationship--2375ffc6-66dc-4d00-9cc2-c0138f93955a", "relationship--7358c7bf-3636-4a32-a00d-2a0fa25d7c6f", "relationship--c5a19c5c-e798-481c-a5d1-8f1b8a8f2b75", "relationship--e47a158d-b9cf-4149-88dd-b7b906a4cc4f", "relationship--e3b7a75d-e205-4615-a720-68c94b764b81", "relationship--d17d669c-4209-463f-b361-b84ba9586735", "relationship--dd01f085-48ba-4a78-b9eb-b22dc6971232", "relationship--4869c968-b0db-4f11-a667-ccf37ebf7d49", "relationship--4f3c6b75-4d68-4868-a1f1-c60838f225af", "relationship--01837a9a-fd94-4d7e-97be-c77d5ab09b8b", "relationship--35f26b3a-7ffe-47ae-8a05-6634f618bd05", "relationship--ca2f13ef-5ef0-4ce6-ab2f-31c22f981a17", "relationship--465054e4-6f0b-4b64-847c-684333a42242", "relationship--0055f0a3-2d6b-43d2-9a52-8134ea92d0e4", "relationship--1dc67a24-acba-4ea9-9835-15a89a79bbeb", "relationship--5d5f2bbd-3c21-49c6-a7cd-cf316be13901", "relationship--72eec1b6-a16f-4151-bc59-15646311006f", "relationship--ef05a302-3449-430f-9c2d-f589dd02eef0", "relationship--54987c3a-a9ae-4ba7-b1e7-a019a42bf6cb", "relationship--260bcfe7-1fd6-40a2-af08-c07e052991d4", "relationship--5b14d82b-7964-4a3f-b31d-468ec127248b", "relationship--54909178-2096-49be-87b7-f8a34dba5b00", "relationship--d689ea65-af4a-4281-9d76-bb50ce57c8b9", "relationship--7bff7d83-d56e-406c-891b-f3cfc1819490", "relationship--c4abdbeb-9a46-4cc4-8332-2a40daeb107d", "relationship--e34dc3f9-bdf3-4f2c-bb78-99d8ef71a182", "relationship--d37a00ea-0b90-43ba-b2e4-c45d58ce8cdc", "relationship--971f369e-c3d7-4b3f-a6c7-a924531ddb62", "relationship--35d8e5b4-f592-483d-af0f-e1e7c07341c0", "relationship--00832bdf-82c2-4e23-add1-02dd2d979139", "relationship--a7b3af95-73d1-4e71-8662-4809993e94f9", "relationship--997e78d8-8ea3-43ea-9597-30146ae16c38", "relationship--c62ef5f1-cba7-4728-b3b5-a18af45d2d38", "relationship--01ffa936-31a5-4ac3-a76d-dffc4e03e0ab", "relationship--79977d3a-a2c0-4293-86b6-523b28aa851e", "relationship--dec5360f-8b35-4485-82dc-a6fccb5cd6b3", "relationship--77e7c81e-05f4-4d53-b2e7-a078dd5a9d34", "relationship--4d70abac-b53c-4281-be67-5386999810b2", "relationship--cef6ca94-33bc-417a-adfa-77ca076fe1fd", "relationship--82690d6b-a1ab-40ab-81af-9d9e09276a67", "relationship--a2f11b2d-191f-4513-9d14-d7699c277821", "relationship--c0740e18-94e2-4183-92c6-78912c43aac8", "relationship--7468820b-d644-454a-a598-2f9caab6bc06", "relationship--a2f23485-c319-459a-91e6-1d067d566764", "relationship--dca97328-8b6b-42db-b828-b7b4c31aecdd", "relationship--dd193a29-e2b7-4ca7-8c78-f9d3d2fd4d96", "relationship--dd2a900a-2e2b-4e52-8193-b98b1aa4015e", "relationship--08a45b49-efa1-49dc-938f-1d20017cd49f", "relationship--33834ed7-990a-4a0e-b012-2bca51b8d8a1", "relationship--99fad6db-c48c-40da-91c9-a5cc0c77f08b", "relationship--57d76f83-553c-41a3-89c9-19e3908a6af7", "relationship--5cf975a0-b3b2-4e2c-910e-a6f7001a9d58", "relationship--414e2740-dcc9-4078-b8e6-671fd0172e1d", "relationship--357a7593-5916-448c-b55e-2ee14b21d581", "relationship--c0645170-34d9-4c2b-9d6b-6fc456343779", "relationship--5f173512-e2d7-4e80-82cf-d0f7194ddc3e", "relationship--57e62f34-6b52-41a5-8a26-2ca841d5822b", "relationship--dd89fc7c-594c-45aa-a753-ad68a993f7c8", "relationship--fee681c2-fc2c-45ee-83bc-936c40892570", "relationship--238ffd9e-6546-4490-83ee-a0cd2460de02", "relationship--e7090600-8bae-4cec-93b7-6139a430e7a7", "relationship--fbc4accf-24b8-443d-92e8-2ce754330a98", "relationship--c667134d-ec7b-40cf-8669-b8c8bde5ff1a", "relationship--1a4777e0-7e82-4510-a23b-227759c559da", "relationship--85d6838e-32b2-4d01-8fef-ff67a083917b", "relationship--7f3f94c3-07b6-462b-b086-7e0614a1b6a3", "relationship--3272bcdf-b23f-4623-8a4e-245d2f8f5fe5", "relationship--0b13e0e2-c41a-4bee-b80d-428d44a33766", "relationship--ac55f2b2-2df6-4b26-b899-c09cefa083ff", "relationship--1a3eb6a5-21f6-42ea-85be-34e09483bfb3", "relationship--8027f8e5-f464-4091-94bb-3190caa3afa0", "relationship--71fd1188-85c9-4ca4-847f-0c67451d4585", "relationship--a25caf86-1286-4f7a-87db-a3bd108a63ab", "relationship--734cdae2-8ca5-49d9-9005-0b242d75235b", "relationship--060c4a85-18a4-4f01-93b1-b3bfd433b6de", "relationship--a25621d5-cc2a-4a89-ab56-fa45827992cc", "relationship--9c01c786-15e8-45cd-809e-c9f59da01a80", "relationship--2855529d-c84d-4067-98f3-ee7708022b26", "relationship--2c2b57c9-f2a8-47ae-8fea-ac2d8415261a", "relationship--ee74452e-78b2-4008-a222-4e11871721c0", "relationship--d44591fc-d295-4f72-8984-9e98c35f1016", "relationship--d0eb193c-a369-4876-a4f4-fc6e400435c8", "relationship--0dd10649-dd02-43cb-99db-6c6118afd430", "relationship--2cb0772a-9935-4539-836c-8ccc4264c70d", "relationship--5f278e32-ce44-4d5c-b344-2dd0ae7f7622", "relationship--311a4114-a3d4-46ed-8e82-d470ab6e1bf5", "relationship--e4d5199d-bf18-4fc9-aff1-a9b14f93a3cf", "relationship--dcb8b500-06df-4637-b279-5c8ee076652e", "relationship--735b44d5-2e68-44ee-a501-f3e58e0d01aa", "relationship--5d115dc4-d7f5-4e35-bcc3-d5e823260dda", "relationship--61fe2626-750a-4aca-99bf-e7611b78fd24", "relationship--c2ec3198-cee5-462e-a298-e940a8906cd7", "relationship--b8f6f00e-ecdf-45a7-a041-98e24cf1c8e8", "relationship--0259839d-1ac8-4f29-af46-6ff059c27ce7", "relationship--e994bffd-de1b-4c12-9f3b-c326f78e2825", "relationship--1644f3c3-0d71-4118-94d6-93eac1993922", "relationship--e73019d2-3577-4126-9f76-66f24b86ccb0", "relationship--896d2d6c-1654-4d4a-a59e-1f97a28a8af8", "relationship--d6899d10-c281-4459-a76f-e66f8e844c36", "relationship--9aaa9b6d-4e2e-4029-9ff6-53550d17cf97", "relationship--083af6ab-ebc2-470c-8bfe-a5271a164e01", "relationship--6ff45ea1-d248-460e-9d91-c0a1d29be34d", "relationship--807952b9-c6cc-47db-84b8-c93c3317a2e3", "relationship--ed2afeeb-ebf1-4bf7-b3a6-52880f4295a9", "relationship--1a88c477-c526-49af-a83a-375c42bea4d4", "relationship--9cb47625-d74a-4ec2-994c-c4cf7d3e3154", "relationship--e4b9616c-b616-45fe-9aab-98f35b3ccd6a", "relationship--974185cf-9de9-44e5-aec2-611388752f80", "relationship--d7dd5fff-f887-4227-9951-e115306db37d", "relationship--26bfe85d-6cd4-4530-ae1a-6481caeac707", "relationship--d3e331ce-3835-430f-9ee1-e3cef610fe70", "relationship--b0fa2200-07bd-4e9c-863c-4dfde79b5257", "relationship--25e02809-b4ff-43c9-875b-364d9910e42d", "relationship--6d8b4181-41cb-480a-92ce-292f036f11f2", "relationship--5e03723f-4033-40d4-be90-78ef7da81380", "relationship--d6672fc8-290d-400f-9967-20eaa143d0a4", "relationship--3de805b3-bec5-4767-87db-f34bc1df01fb", "relationship--e2058249-88f7-476f-9d0b-ac7473b345a8", "relationship--fe432bde-0f38-414a-98be-87d17c2c8e18", "relationship--291b08c1-c00e-406c-9f7a-b278f4cb84dc", "relationship--85186b26-061d-4bb6-ad8e-ba9802a80465", "relationship--170c4cc3-558c-4b45-8419-d7e232fc4583", "relationship--742039c7-63cb-42e8-8f14-ee4c07e138cb", "relationship--8706bc49-510d-4fde-adde-81b70e85eb19", "relationship--654f7c7a-7e18-4521-bc03-49b38dc70482", "relationship--e41898ed-8ea9-4710-879b-15059c7bdccf", "relationship--fd91586a-04de-4749-b3b9-ef78b72ec420", "relationship--a5b1419e-fb00-4264-b5a6-9dfc49049327", "relationship--9d2885c1-1b5b-4af0-9532-1fcb8e052de8", "relationship--6671afe5-f7df-48da-afdb-a73cad3b4d5d", "relationship--3d7ef229-0680-4a62-a3b6-e88795fe658f", "relationship--0cd1d5cc-a2e7-4286-87a2-133c95c07b22", "relationship--adc28268-ba7a-48b6-b1d6-e1be91652007", "relationship--1ff80a7e-410d-4765-a583-2e8c588dd29e", "relationship--c796c860-0ff7-4f42-b7f3-606f7c0d2c52", "relationship--b3c1ac8e-eb64-44dc-a142-b607119cb652", "relationship--59570721-ec7d-4f0a-8d61-40e57c244144", "relationship--cb81ea9d-aa52-45a6-9e68-79d77e312ca6", "relationship--646a5770-639e-492b-a162-37a4cc63e764", "relationship--62a2b314-57c6-4700-8b90-dc8eb7d36e65", "relationship--cc6f6953-4954-406f-be8b-04848128cfef", "relationship--dcd51a42-ea1a-49fc-9d4c-9422c9e4c183", "relationship--c5cdbad6-d8ad-4e6e-9718-d3f49e06589d", "relationship--c2a15279-4c21-4586-a01d-19d9c42d928e", "relationship--168d938a-66f3-4a69-af93-69e188544526", "relationship--30d40be6-f7e1-43e6-86bb-a6054c67537d", "relationship--ef47078d-d3eb-4097-9b69-7a5f50550f88", "relationship--a5d9e6ec-282d-4ecc-9fdc-5eebde26f9e8", "relationship--44c89e55-c707-4e28-92d8-62cc1094042f", "relationship--da0d2eeb-14b0-49d9-ae8b-0962da053cfc", "relationship--46f7640a-b970-49b4-85d1-7cf5dc70fd01", "relationship--cc3e6c80-a5ee-403e-8e3c-cc8217fd0124", "relationship--1defed61-070a-4c05-a73e-3a825ba35d43", "relationship--208a9b3f-1ab3-4299-ae6f-6051db079835", "relationship--2927d184-7316-4fd2-b7c0-7c740854aa97", "relationship--415ea551-096a-44ac-aca6-4ca24833c0a4", "relationship--f9b1266f-f66a-477f-8b29-7122779e91bd", "relationship--1df865b2-a105-4d25-8a96-208f8ea2005e", "relationship--b46ed9d1-2871-4165-aa5f-54d9802a0bb9", "relationship--782e57cc-3b06-40f9-9121-c27b42012ee3", "relationship--35f5d140-734f-4b28-b0df-29f0e1b0d6d1", "relationship--312cd6f6-fe8c-451b-8952-fbb75b687ba5", "relationship--3ad5374b-a1d3-4e34-b0cd-29e5ba6d9913", "relationship--b38e1f91-8f9f-40d3-b75b-90f3ad199cb7", "relationship--67b835e5-305c-495d-ac00-2215d7c4f091", "relationship--97aac47a-688d-48d3-92f0-8c9916554b69", "relationship--e99a0fcf-10bb-4d5e-abf5-d1cfe2433b40", "relationship--362b40df-b5d7-43a6-8fc9-4f4f6de9e290", "relationship--0ef8071a-3dbe-4abc-93f4-e0e632268860", "relationship--3887db2b-ba0d-4a57-9a71-aa2a649f2422", "relationship--790d3824-cc3e-427a-8a99-aaa562990a6c", "relationship--ee941098-c7c4-4cb5-b7eb-efd294a8cc76", "relationship--45c3d40b-ba79-41c4-ad98-214d6c1fcade", "relationship--abe5cc9c-823f-4c4b-80c3-ea4e1e61a6ec", "relationship--69c6018b-44be-4bd2-8239-096b5a121b7f", "relationship--c14565d5-31f3-4ac3-8b77-4da6e4ff02f3", "relationship--126e3d42-8175-42ea-88c4-78aeb0e763eb", "relationship--4c53ae32-a4a4-40b4-9ab6-00a8a1c1f090", "relationship--af1462ac-6720-464c-afd9-b165e66f0528", "relationship--c3ef3256-7b22-4ea5-887b-1358b9442444", "relationship--f85690a0-a6da-4c88-bb57-8942170b0928", "relationship--25d9fc3b-00d2-491f-ada1-c12f65916af3", "relationship--71a314cb-2418-48f8-9a5c-408904c90e3f", "relationship--c7e21b5f-66d8-42bc-ae87-c4271d530557", "relationship--eebfc66c-ec1d-4837-9bb9-32509c9b13a0", "relationship--6d89f6a7-44c3-430c-9c0a-7ba8840bb6cc", "relationship--2864b5ef-c7b9-4a72-8e9e-b61c680f7128", "relationship--3f916646-efe5-4d89-b180-35158f3267da", "relationship--360097e1-b9cb-4e62-adfb-560c3d31758d", "relationship--f81c2322-35f5-40ae-91bf-2c7573b5d0bc", "relationship--545a9723-bf2d-4b8c-be97-6581debc94d3", "relationship--e17037ae-b44d-463a-a1e5-574ffd8e8a22", "relationship--61ffcd1d-0409-42f8-88d6-353d3f358a56", "relationship--455411d2-fb80-40d0-9ddf-9a23e000be4e", "relationship--deec5c71-6672-4a9f-93eb-b42b597d6020", "relationship--72086be3-59ee-4309-a1b6-709107e3f5a0", "relationship--42ec7459-e982-45ff-8467-097eef8277b0", "relationship--cc60b760-e787-45fe-a8ad-c81b68169f77", "relationship--1c7aab81-635e-4cfe-8e00-eb7b2bd97fbc", "relationship--6735d478-5b50-41d2-b4c6-946f1b1f2e63", "relationship--f5293457-354e-479d-8ffc-4764723154ab", "relationship--a1880071-67e2-4913-ba3c-e6e68e1bad54", "relationship--aeb38624-aaa0-4fff-b6cf-03af5a998362", "relationship--556e25f2-b322-4e61-9acc-37b411cb4c77", "relationship--2c3e2f64-a4ba-4a17-bbf9-1fd739b1a89e", "relationship--90cc54ee-58e9-4fd1-aa4d-5398987f5fb6", "relationship--fbad7241-fed7-4f49-b523-b0dd73ebb1af", "relationship--7e62091a-dd2d-4dd3-ac40-3400ec597432", "relationship--2c1bf490-c39e-439b-b22a-bcb1cdb1d07a", "relationship--11fbaad2-3783-48aa-86b9-8bfe9247dad5", "relationship--3cd55efd-8266-4380-91b2-72451cbdfda8", "relationship--5e6d150f-1fc0-4378-91bd-168d2ca4b3c8", "relationship--9b31f217-277a-4233-a5c0-2fab7bdae942", "relationship--2eadd1fc-da9e-49bd-a53a-319b07d2c860", "relationship--5e20650d-e048-4560-9063-e1eb40e742d3", "relationship--68781c6a-5cfb-47e6-b0b4-8bb2b338b87a", "relationship--132aaa04-5b0e-4fb9-93cb-6cd8bad93478", "relationship--977fa307-c279-4086-aec4-2b798c48a512", "relationship--6e44e35b-b085-48ae-8db0-953bee6027dc", "relationship--3a7990df-bacd-4d95-add8-baf991788d71", "relationship--fda47260-01af-4310-a935-190ddc7890b2", "relationship--ce7a22fe-7336-4b7d-8424-aadd9169f3df", "relationship--f77c3435-9f32-4443-a477-482046e2b11b", "relationship--77b75bed-0160-4676-943f-fe01a935f72b", "relationship--55ff7c98-3951-4919-bb5c-28f5035773fc", "relationship--e9cb0558-22bd-4e9e-b4d3-8be0da8ff9ad", "relationship--0c7d4f76-c414-4f7b-be35-d40bdfe12967", "relationship--c9cfcb9f-7a82-45ef-86cc-0a1d14d05ae9", "relationship--e617e66e-7b01-46b3-80fb-06c7aaf5f94e", "relationship--1f9a0b61-abdc-4c5a-92f6-373aeddfcab1", "relationship--f4d2fbd6-494b-472f-a8fb-fce738fb7bdd", "relationship--00340609-b71b-46f3-9aec-b45c0f4f633b", "relationship--d72f70ca-1b4b-4adf-8406-920b19a567d2", "relationship--f7cbbae8-5024-41ad-a673-c8f1a9d3bccf", "relationship--a8fe5ccb-8035-42b4-a062-7130f8e8f644", "relationship--9aeaaa88-bbdc-4bda-aa0e-9c098cd7af2a", "relationship--bcfaaf60-b723-4379-a9fb-020d7466b30a", "relationship--5fef3ece-e5fe-4d2b-92de-3116cdf47166", "relationship--b9081538-e3d5-463a-8b0d-94717816eaad", "relationship--80e0dcc4-a9de-4628-9021-16f4d5989ee8", "relationship--b43002d1-3b8f-483f-8530-d45ff091cdfa", "relationship--68637231-d2b8-4b4f-a35e-8fbb4c2a2673", "relationship--a6940509-f183-4443-8654-016036c4d2b4", "relationship--72c2d9c4-676d-4e0b-bf1b-256b65661fc3", "relationship--f1f04432-28e4-4d45-a862-d8d698cdbeba", "relationship--271d0c39-6332-41cf-b38d-b7da28b5bf11", "relationship--ad399030-1055-47b2-88a2-377d0718f375", "relationship--4446dd1a-749b-4126-9dda-61c6363de091", "relationship--ef50f8d8-0b45-4fd8-a026-023051831be0", "relationship--0e2ff436-c9c6-4910-92ea-d052e2025529", "relationship--5ce36b6b-c862-4fcb-bc95-fed1d4e417cf", "relationship--b9a2eb37-8b0f-436e-8214-fd5cd834b82c", "relationship--6a111e13-4e02-4022-81bb-3fa2af324c0d", "relationship--9289ba33-63e4-4977-841c-4a6dba72ecf3", "relationship--8db428db-aa54-4181-a50f-17a97e67448c", "relationship--d7ee5019-464e-485b-bfa2-82a3562fb1ef", "relationship--a80d275c-6aa7-463b-ad77-1c038840e4f0", "relationship--a59eb624-0766-485b-8148-5fe0c8cd386d", "relationship--dc6692f8-cfb2-4208-878c-2d670c8a488a", "relationship--0b1616b1-0911-45d6-913f-9314f229bb16", "relationship--f94ecffb-9572-4d3f-9f6f-060e87c3eeb8", "relationship--72c7412f-0908-4406-9ea9-8fc0788f8fb3", "relationship--7930fb54-f5a9-4287-8e7c-088f4811b0c3", "relationship--ea8b0923-c431-4533-a6e5-ce28ad73affc", "relationship--6dcc56cb-d88a-4985-aec6-c9490c17eafe", "relationship--d337bf39-183a-4c99-8426-a10acbbb9e50", "relationship--9f5da04a-1589-4f9f-9833-1cd513b324ca", "relationship--514bcdc5-77ef-43d3-ba58-c04ba4f4226c", "relationship--c738f43d-28df-4b22-a6a1-7e688f79293e", "relationship--c7b67622-b720-41d4-97b1-3d886540be81", "relationship--a3014a4d-8ede-48e5-a7c8-a3e628a668c5", "relationship--78659d1e-b56c-47ba-9566-d3e012a1528f", "relationship--949e5393-2fbe-47be-80f7-b24e9c8b4750", "relationship--c99c5d7f-797f-4e8b-b29c-0f434bc66939", "relationship--a01c647f-6052-4628-8d83-dc151c281deb", "relationship--70d1281e-2ce3-40b5-957a-664f0a82b59d", "relationship--dfafdb0e-c0e2-435d-8935-302bdba01d2a", "relationship--549b99b1-ecec-474e-b147-ad580622e43a", "relationship--895148dd-04bd-4489-8417-24abc32c48b3", "relationship--b849a2f1-3db9-4cc1-8d2e-12035dc5d0cb", "relationship--33d6f904-0ae4-482b-921b-6d41b15c0014", "relationship--b94bff75-681a-447d-b982-2f3f719605c3", "relationship--e4d35668-103c-4e1f-96ed-4644b57db513", "relationship--9219457e-4a22-4282-826e-7010840b0af5", "relationship--90b19303-a18a-46fb-9219-41aff21a19e6", "relationship--b0a10f3e-a451-4d77-9815-3e274d0a6739", "relationship--6a8fcccb-b9b9-485a-ae3a-1540ae08ed6b", "relationship--46bedda6-f64e-42ad-b7d7-2751b6a34bc5", "relationship--a72294bf-1d95-410c-909a-28a74b4bf85f", "relationship--574fec6e-6de1-4b0c-9cae-cc1460d9e4ab", "relationship--09b761c1-c060-4914-ac03-8d63db61133a", "relationship--70942a42-b7b4-414f-b017-b7a05b16b8a9", "relationship--46319189-074f-4770-8b0b-f2ef03607453", "relationship--996e0fde-572e-441a-bb80-ea2380ed1512", "relationship--ac6a90f9-b0e6-4e1d-b415-3f2fc425fe70", "relationship--f6ad3ac6-b89b-46c2-bf0e-1e775e20e4e3", "relationship--395556d5-eb5c-407e-a005-227565e4fc2f", "relationship--d5963008-aae4-4108-bbea-3918597b0539", "relationship--896a7355-631e-4197-99ca-18e022ebf96c", "relationship--c767c7f7-64fc-428f-98cb-47d231f73b72", "relationship--53feadb7-c0a2-4f3f-9194-0f7a7934af75", "relationship--fab3d8db-c7e6-4d8e-acb4-f94e7f4692e5", "relationship--6151e7de-45e0-44ef-87e8-364162e8172a", "relationship--b1bbc393-c636-4310-9196-79d558757028", "relationship--ea02760f-3bb7-476a-b43b-23768b30a6f5", "relationship--51be222c-0593-469c-8566-31709888cbd3", "relationship--7428d7d3-ba1c-4ed4-b422-a84f5c1145bf", "relationship--fba5e7a8-cf1d-41bb-8195-673542df12bd", "relationship--4b83bf72-35a0-4f16-9624-373c8f4ab2d7", "relationship--a11d17ae-6c14-4afe-8781-47b3f60d91fa", "relationship--c79f666c-c351-4565-8b14-450fa93b38f5", "relationship--d054ffd2-7ffd-45ce-907d-61c35f45383a", "relationship--b18ef465-93ff-4892-8d34-ce6f1f6fbfa9", "relationship--ce191167-279a-47fd-bc7c-68e4b09cf733", "relationship--4ab2178d-3907-44b3-9944-dff3f869c59a", "relationship--5ff657c3-460a-4a6d-bbb3-a051d18ed7b8", "relationship--42ff60e5-25e1-47bc-ba3d-e16dff321d33", "relationship--3a9b842e-7a2f-43a5-8cb3-2ed70be46c24", "relationship--10834e8a-0378-4695-a2f9-aea5cea40529", "relationship--1fabac84-0bac-4341-b810-0a842195cb45", "relationship--8456fe96-4fde-4a3d-adee-066878d7060c", "relationship--60b9ca66-6d3d-4747-b53f-4df69df37a84", "relationship--c225d0c3-7029-40fc-bd9c-e1a18140e49e", "relationship--cdcf9ab6-d15f-4cdf-8632-403ab35cd9fb", "relationship--8e4ed1f9-e142-4414-b58f-ebd44a96be95", "relationship--cdd811ef-5c83-4ee9-babd-4aa2effb19b4", "relationship--9a0bffe2-ac84-46ad-98b3-db3d381536ed", "relationship--13eaef3f-31b5-417c-bab2-6ce1416bbfa7", "relationship--409974a6-2873-4876-9b15-19cd90c6a934", "relationship--92ca3009-6d35-4922-8d8c-7bb8bb847d4e", "relationship--26319504-591d-4aaa-837e-d659c969ee40", "relationship--eb12e3cb-200f-4eec-abf9-8408fda3562d", "relationship--f57cc769-fc26-4447-80c1-2145fdc10828", "relationship--ce52a117-1133-42e5-8eab-8a7f121d3c1e", "relationship--6d74a256-4e08-495b-9558-c0e0368da4b9", "relationship--6caf32c7-fbcf-4396-a357-50751e190914", "relationship--61da3fc9-fc06-41bf-9892-2c046a25d319", "relationship--5e86e07b-99b2-430c-93e9-504fcfb31e1c", "relationship--1c1a90b4-0b3a-432f-a5bb-8cd300502ef9", "relationship--f149f114-9cb3-47f8-9f8b-0c6e22be1b68", "relationship--c1d6df15-f2f9-4147-9bb3-51c02a59b296", "relationship--2a2af207-2ef6-4e17-b7ec-98b1aab9fea4", "relationship--b0d63ca0-cc7d-4422-9b50-fc9370b3fe34", "relationship--385bd16f-fb87-4d0f-a00c-24efb5ff4629", "relationship--abb72b1e-70f5-4659-8a3e-33e9f5b43fed", "relationship--0c801514-b326-4d09-813b-2069dff52c2a", "relationship--8fe4e70d-593c-4e96-a928-84bd33015677", "relationship--513f4971-252f-474d-a3f6-9b56c119aaad", "relationship--2109e20d-3e86-491c-b747-e5a831ac8cb0", "relationship--deaf2319-3b56-4438-9b7c-a81ba17dff70", "relationship--3fd81f17-34e4-4fde-95cd-3ca990b8af59", "relationship--60f5ac23-e7ad-4087-87b7-6e8beaee7ab4", "relationship--afae66b2-2df3-4acf-84a8-83dc5359bc34", "relationship--80c15233-6f98-44f4-a572-a0c077981acc", "relationship--8cf007e1-e36b-47ce-844b-e943e611cf36", "relationship--8a8e77be-969d-41d4-93b7-14c02911f479", "relationship--2d0bf6ed-1c9d-4fe5-bac0-58ed0a5e0fa8", "relationship--4e11b560-f2e6-4cab-b8df-7fdd6c17a730", "relationship--bc7083de-1285-42d0-9f4a-d699d365196c", "relationship--d2bc16a2-8d12-485c-bdd3-5f559d685aa6", "relationship--6f8567c3-5ea1-4fe4-ab03-47763d83de67", "relationship--c9592d9c-c6c1-4049-8fab-4319975d00ec", "relationship--ea21367b-6590-4406-85e0-24b5d6362c33", "relationship--29abfbb5-9aac-4ef4-8ac1-1c52aff6d3e5", "relationship--636f4876-4f39-4443-9bc8-6e2c08111f50", "relationship--9b886f21-d287-455c-838a-4d9fcfa96c33", "relationship--112b583c-cb87-4943-8d9f-1d1702f24aaf", "relationship--d8ebb286-bbc7-4735-8df8-21c10b1ba3b4", "relationship--26e39c06-59d1-4fda-bdf5-6fddf5b5793d", "relationship--180b0566-9d04-48d8-a6a6-1e505a62c2f0", "relationship--fba52054-bdc8-4d7b-8021-8a887898162a", "relationship--697aab26-8ac7-46a7-b169-8124a4e447a3", "relationship--4010aef4-852b-49c1-a315-5145bf3cc63a", "relationship--bb0eeec2-7a00-42be-a885-5b20803652a2", "relationship--810230cc-c616-4015-9479-27790384965b", "relationship--c50cd1a9-4611-420e-bc5f-39e428fc163f", "relationship--553ef682-01d8-46c1-89e6-f441dae22502", "relationship--03692eb4-16cc-4a56-a1ae-6c1cf0cc8df5", "relationship--df95534c-e632-4c49-bc58-a34b53cebc0c", "relationship--464a71d1-228a-4ab9-b704-708b363ac1f6", "relationship--28b011d9-787b-484e-8676-51d858b6ae41", "relationship--dcc3385d-66f7-4f70-9fcf-ebe12c32ecf3", "relationship--568d41ef-8d6c-4161-9e03-426070a774d6", "relationship--b534e9f4-e056-4ba3-84fb-5670b21b61ba", "relationship--c0f2a51d-9873-4660-8dcd-2c717f48bda0", "relationship--5f2a7791-b944-48d4-9f2d-0444ad655599", "relationship--88a3bc30-3aaf-4f98-b4f6-a101b051d6a1" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:banker=\"Trickbot\"", "misp-galaxy:tool=\"Trick Bot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-e42c-4c15-ae50-412e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5f1de6fb357ee5821e86dfb0c373ea29a600769e8a83b70e77e4ecb284768302']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-cd14-40ce-b472-4421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fefbd626a8986fe0c42ad78e59421e0dd05bae31c26ee51a4376c58d99d3dfe5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-4b78-4d3c-997b-43cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '986620e9e27ddeefef746b3ab85da4ed3a8d38cd36245a76fbc0b99a119c537a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-3f08-4c2d-8507-4c5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4e125c0e8b8578dbaa20638a4aac926a79cef3a6621d3351bb630eb243fe33f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-d36c-4c63-a2c7-42ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7934ca1ca0a9ec30065d12a2f5d4dbdc7df71eef8e8af8d92bf5feae7850e43b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-f384-4019-8151-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '45363875792ec1150f235d43a398d5080019a31487e322d0bf2221279424da64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-1f54-4e48-aab7-4f10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3da6aadcadf81b15f1117771e79dd6b78bdd28405a35e8213de97c046fb30447']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-1034-4265-a7a8-4c3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '91eaf9d913402a7c3378f4b7a2b068e5b73ade4abbc929d65407106602f0f463']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-aa1c-4aab-8c4f-49b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ecd9e7bbdbf657838d3527c43e04529fec97af74907493ea2a9ab46f72192754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-d8d8-41d5-87b2-4e71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7ce5efcdc40d2b8e157c16f4281c84478eec5d8a6604351b005723b80135a5c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03b-7354-4e0d-bfc3-4c1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:43.000Z", "modified": "2019-12-11T09:00:43.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '415d65745d95f0a468a6ec7d21e670e58d74f21717db5db645cbd40eee7bc6ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-57fc-4aa2-9a8e-4f83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '90d86f95cd827d8d1e9093257e118d59f7cfe02d869e52479a85673850e084e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-c048-4978-bfd9-42ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '97a4658497adfb1b8c46c615e676d7e51308490aa1715cd78abf03662a80e145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-8128-44c8-8fb8-4353950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd350d2d326c205e4a93442bf7b2f29683888d8a1a77023da769e8ce4d2cbd94e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-b074-4407-a952-448e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dbf1565a95a2485ff3448bc994277768df704e8c37c553e64d5b59b82074cbee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-f6b8-4023-b8d8-411f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '96689f58b3f9f44ca9c5bf133b1c880c03dfdada3b0c28cbb9cc6ee160974ce2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-6614-4bb1-8214-45c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '28348068d4a96533884f5c481a16083dcd8e331c09facf08df1a331fe6ba4395']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-6bb8-4008-9b60-4074950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '58f45d651ba2fc5d8a1c4a0b338208aa0a7946afe933c7d34d35cdfa2af5c2d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-d624-4417-8b7c-4ad1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7a34cd84c913e1e6c2e1a6f94c34d62d3a261cd1a75da85c0f3d73df9259c5dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-5c4c-44d3-a372-4f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f4802ff60ac9e87c230e21ea0909bbb0930390ac51cf97dacea41fd24211d5c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-8b84-41ef-89c9-4bfd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '504a762eec4cf52c11196700afedf0416a8edd206e1ce24cf792ec269fd8dbce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-0764-4c59-a1ba-4781950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd4af0967f5d0934dadb18b1e05ae908d586a8817305f89592ea272e7009d9f46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-c600-4652-b7e8-44ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9544a35e1dcc645da251a6a56db8bf5232b14824c1591b2760cfcb62ee4eb127']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-a578-414e-84da-40bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a679240bf4af8ef69fabc147e123bacb020ee58a055abe272c0e1e20b36be5ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-83f0-407c-aea7-4901950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a9db888bd80d8c94393e815f0e7810fd12365ed9be183b4babf61a5e7124a7bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-645c-42ed-a0d5-445e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8019eb1473eb3015d1b1f4b4f606f29976a50b24d73bb5a7276af48bb2df6b12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-2890-44bb-83d0-46dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9c0cb9e43e2fc4cbc2cb3728dbfa41d015cdfedaf4111f28726df8f36fc929d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-29a0-428d-8258-45cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6a3b484113c16cb513fd220541c556f211ec9aaf0cf2737cddb960ca8425f63c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-46c8-415a-baa1-4e3f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ebbc69e2b6ae5e838c17deefac4a00e0e52d69fa8ca50d133fcb849667a3b3be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-4d34-4344-827b-48f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9d7f87b56eafb20acf39a0be08e077c02f40e2f8f08cf661b57902600de78c70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-76b0-4f02-bd23-4930950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ac0a3eef0ee842e7377a81a4b64470ec90e3e3d871c4b0bbbba027d6dd73d839']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-f73c-4780-9f0c-4fd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a46cea0a797e51ebe1e29dada58a6fc7c8f119813ac76ff85055630f2ba7ca27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-aab4-4637-b433-4327950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '20fead8a77400ccc5979691974048f9350cfeed23a6e5b2436ab0a9e314569aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-37a8-46f8-bffc-4d5a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ffc171e07bd76e75957d7a6d6ee25505c33401c50830a2b7f2524f802336c72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-46ec-47b7-a2e6-427e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8577330adc83aac74476e9f3a70103a2ce7bc2a57d87032a8f5443b4d4f18517']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-4840-4cee-b55e-4ebd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e258a486f192d62e58b5cb4dc903579ca62f5eea504962892869b479de7ba71a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-f7d8-4537-bf89-40d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '20f68227ad461fcff097a135fe39b6c1a9fcb5711d7b9e94830a3233e1ea3fdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-f9b8-4bc2-bc9e-4bd3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '257c041313c04b2dcf175ebe5cc874d0ce9aa4bad93e817279f4dc332aa09420']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-d67c-4d61-8203-4c30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bd705bae29e82a184dc1b697fe12e31e0856fd5cdfafb8e6eabd6e78ae4a16d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-7284-4195-b9da-4a2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cbfae70f76b555df5c045a3236d56a8b3bdb7b80d05119658898b423f50c4293']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-e298-45b6-91de-4a3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e18e786e4ca230ade1bc145f485435d81d039dc0ab92fff6c88c8accdd1ba95f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-c700-417e-9513-4e7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a3eaf8b097433b8b607bbcb8f7bb4e435431c6ff825dca3e6541c2dbb88514cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-04e8-4bdd-8114-4cf9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7860674666bc7c299809637998310b9aacf6a4965da0d852b61c67742edd8b62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-b5a4-4d45-8bfa-42f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '65eeca9512dd349debcb48151fa859e1b3c02d1e533d07fe6d4b6cdc465aa43e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-4be4-4ae9-aed0-4307950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '31fb9cc444848fe2c0b178119d5080419347f6dfdf76bf820834ad750285faa5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-1e80-4a6d-b6eb-4fd7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7a368fd689c7f3e7c95d7d67f963d4438fd8fc417623931bd17b03f0a9da6ff3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-dca0-4339-a2a4-4a65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eea7cc92f6d27c6a67c1fd0767dc4d97be238d7b8ae3aa93020d80aa7ff65d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-d534-4176-850f-4d0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '568c38c9adb0c2c1ff87043cad3004ab4a537b1c2deccd2766da616867dc634b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-de1c-4824-ac34-4c1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8dad0d94b2a5f0e442dfc8b600c9f1b0011706728903a6dd72ed035cf8d62e8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-1748-420b-977e-442d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c904c857a88d375b1d7647230fad0cbb4cc8e173ff5f874faa6e4daf3ebaca01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-f76c-4172-9b77-4438950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '73d2fdb420a1f0e4ae42b362f54c6cfe39f197f8f9b8c8c2c7581da53de7e144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-113c-4b19-ad6d-434c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a9207aed06e769610fc9ea357bae1e1462c180d10c1cb05e49db1f499d48592c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-d66c-4011-9935-4960950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5f80a818809cdaac0959a7bb4cee64ab1044a0444a34db5a154d6a7e060353df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-947c-44c1-abd8-459c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2a2b7c96b4976ac66c22872575123b72bd9d285001f83c8e81f352afbc0a68ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-3378-4f3e-9124-4dcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '44e6c50c223f82ebd0700bfe9a0c1d4f9f9d95bd49f82e2a6f6d800e60c53bf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-acac-4bfa-b48c-479e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e87a102922f2a09acefa82210ad67e10e269f3c14ab4ca9cd475ff66b8b48706']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-8344-42d0-a6ae-4837950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6fad038452d694046a6040b37057598bb05cbd6d898b92da03d9af7d8bae9d64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-72b8-46f8-80c3-4402950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f0a8d23efcf2c50479a878dea17207424b0294f6b03f5b72910579b0f490d22a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-0d7c-4f9a-884c-46f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '63c4cce6d4abac25062b3826bbddf3fcf9920e86257bd0fbf32b78a1cea48b17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-78c4-45ee-92b5-4f60950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a19cb57464849401b6b3550182b359fd662673aaa44103c2d698a6b19612cb63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-9c6c-459c-8998-4c05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4d758688de62b69c69b98dcaebae6e98dce463b4eb0f62591cd2df371ad54535']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-b354-45ac-ab17-4b8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b636ad3e666a2fd724a2719bed3c7bf04cb21eff830409eb806553be8835e424']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-b954-4b8f-a683-4b0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f506deabc2b7589292aa8af68f7dd8de7326cbfa529d4a8f260dbdc0dd7126a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03c-c8f4-4776-acc7-49de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:44.000Z", "modified": "2019-12-11T09:00:44.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e61a1ba9c85ab774dcb35ca580282cf980bff6928695b8beb06843d73189dbdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-f794-4f85-b13d-437b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '060d74a4f7818bf7fc147aa5e2ee4533a7add3605d4014cd4a6c58916c6172d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-7a30-4d31-9143-4221950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '192e68746552b5546de223be6ec1f65adb4abb9c05a11ba8fcf159c1738872ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-0dbc-4761-a1c4-40bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9edc0ce20c2ae14ea9c587e0a6d6f7663d501542168fd6382d829ef85073a594']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-f7d8-47a1-9cc5-4477950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f586ffd811378d6d3b706c5792b23cee7aa320ceea9694544f38ecc7983261c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-e924-4554-8009-46a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c72f5072c7aea97e0bf562953dbd10743bb5a981d6a0baf88ccf28c881ad1435']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-298c-452c-9d7f-405c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '64eb9c3b8f0dc2bda117596f50c751bfb6d90b72b7096b59eed72b8ec4613de8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-4ce0-4722-8c07-4a7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8defe8f8adf49bce8b4ca4af8a3b89d717b6499445239ff1a77b00529ca05455']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-f7cc-48f9-bf33-4e69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a1a25ccadda246f3d7a560a95bdea9957950045f11595308df5624485be320b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-ba30-4484-8656-4f61950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2843f7de1d188c9a2f962d64ab487c600c1d9ba38a9d3982f6d8fef7dcbd098b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-4e30-4a2a-892b-436b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd643b32810d7b5fe56ca5148590e7e8079d0d2c7de248905f773f1832dbc8c0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-3368-43eb-b26f-40a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '45664849ec2256bcc959b68c06d959e9e0571e4b98f29462b1ee5459a05ba03c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-82a4-4273-adbd-43e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f9b97e51603687908067e0a7da3e3b7b7ec893cc01f28a66244e0180d8c47abc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-0b14-4e2f-a34d-44a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7e1b9dc4c57c34e2c2acf28e6032cc7b944cd840de765c97cd6b1d936836498d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-5474-4868-bfc1-4b8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '576b5faa19a20599f24a3322b098c214077112a0c1c96f5de5a1ee898595ad30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-1e98-4f8e-bdcf-4ee5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1490120495ea192eda1987907729197bbcf56f3826e0f0406b545e52a8c69373']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-9d84-4f88-856b-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '34c389cd507f99a380deb6ccabe2c6cead6f25e5fe78e710acdf8707a60a57ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-281c-4a4f-9a12-42c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8a18be5d3739b3ebe39b075757c60354cee2e680b8e08de49b32085cfe69ea53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-fd6c-4e3b-aecb-4418950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd9e5d44db6bb8faf66be54b55986ee4c0597f2b5b31ea0683bb0f543adeb9d43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-5684-4e20-8226-4fb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a7d52d0e385159e745d6495a4285a6e4fc96c83b775e79db98ba1fa4e46c292c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-e560-4aa5-bef1-4370950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '57a99264787fecbb4acc9f317f460916acb380ac941ccb66d7c7521b1ec17e46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-7cb0-4adc-a8a4-4784950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'aaaf7c645d38e22cef3b34153c449bb7fac3af8e0f6bf29e961018d27e6bf941']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-1c10-46c0-b3ca-468d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ff9133669c7f22c1b09d8ba869c490ac9d91da045762401eb975b600e051a643']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-ef40-4639-b993-4fa7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ccd47c869d3573eadacdf04e8ae5294ae8e193a68bb05aef6d0e4eb563f54bcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-fe3c-4907-aae3-4d9d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5eec8ae262bcc5d47f42cb57a742bc95691278d80f6f5dd3dae50a0461a2d746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-fc74-4861-9e74-45de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9401771a55e0df0af4c8f2e73f30f622cbf2632cadf476aadb16fcdd2c7b5d46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-6bf0-4c28-80c3-48cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2b27cf8d46e3dc99cfa4b0381f7e2489b203b4c079bdce5c107629c7957456a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-5304-413e-9be2-45d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c680fc7b51a0cee302bc5fb4c39921c22c1253d2bd339a09c1507ccddfffce3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-7970-4d84-a48d-4278950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0323579935236a84bddce1f305ab4202cb706e89f910ad18758e118689af546e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-48e4-45b7-b617-4f32950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c204d91f556a9102c196cc649289e4cf68db2a31c17b28f5c3b3b70ab65f0431']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-b238-432e-8332-494f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5ac92f676d9698faa5b6f5b63b7b8605e62994cc766d5516635d7ed40f70cd35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-d5e8-4fdd-bf4e-4598950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c8d02b63d5d973233f3f72a608c991c48cdb799c314287e7de3a1a8e327111bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-c4f8-4b2f-a96d-4353950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'be6cbb6d2c42472006c1c3f093a1015830e4fd45bcdf50bf89f5eb8a234d2c1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-24d0-4ebf-9fe7-4d10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fd0014cc7ec0ba63e363f60e94870beace7e0f649d5609accb8d4cc83a559e20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-b68c-4da4-a1d8-481a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '959a7940a5d8811036a35ce12b36fb9e2675fc4ead51f8eb9d67a870194ed9e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-8e34-494a-9719-4387950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f41ed53c0c864b4d60da5f6a8e31a1bad43d48fad76f39f36c7d351c401eed5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-0db8-4f4e-a96a-41f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'aed94a273cd5238ddfb5fce13847f51857beebec9e2fe22a8726efbe42498746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03d-2e34-40d1-a6be-43c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:45.000Z", "modified": "2019-12-11T09:00:45.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5b706dbca4b0975be310481c0a238641873bab44cd73de01d09ae00cd0061287']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-738c-4320-9f77-4c1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9726003bb13cbbb847c3f771c2097722038a0487a721b1f3d5cfaf01e891a3cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-f73c-4fbf-99ce-4c88950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '161a343cab2f3e862271b6d5010e8800388cb2e221f54f197330792881938e51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-bee0-49ec-bd32-45bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6cee05723caefbd2f1f92aad74d7f1cac9f0074e20b4423fff56e1a8acd689c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-1954-4498-b9c2-44be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '34e500bbaf855bb4bd7208899b40a42a15d6c38ed09bffc1dcc64f481439ce15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-f6d8-48bb-9c62-4ac9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0d9d499882a9188a73f1af194fc03e5803181adec3fdb9658e4a7c1991196ba2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-e028-43d7-b17a-4047950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0bdf3c6e94121a3f2911f2acdd0514c38069b699859a29fde0d54b0a0cc37e85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-aff0-4b63-aa9b-4f50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '924a8b62fd55d59d80701387c86651ca455d5e6044dc6c836198dbe3577e8202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-c6bc-46bb-b04d-4a25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7a7c7d75c04c7a22240ee8223dd9161c4cc06d3f5f442ceba055af748aec487e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-c328-4db9-8883-4961950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2293a2c7ed2ce7ebe8c161a286dc5e2b4d2b70afadcf972d524f02abad4e59e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-a0d4-460d-85a3-4c1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '77cf0d5a5c3c8256ce3ebb1ed3c3937c181cf717986bb64d8457143171736197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-3434-471f-8655-49ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8dd6ac6c539d10c74f76cedde68adbed0393e880ab9a305a9297316884f360c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-2218-422f-80bc-4816950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ee008b9299dda630d5ff4217a43f7ca9a280001ed006db0008ef2716b6c7a5b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-6b48-42ed-971a-4c49950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c09a454de3ee3b814d0ad8530ea962596dc66ebc7366d9d731e273ff9560e87d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03e-2e38-4a15-a040-43a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:46.000Z", "modified": "2019-12-11T09:00:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '97e16593378bf75c26944f5a84af8d6364a062bfdf5bd055f2e5d76a0f2b94cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-072c-476a-9919-4742950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ec7e696dff324e9b1302069dfbd49a684d820ad0b5c79a16b305ab2478a144eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-2ad8-44ca-a1ed-4290950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f9061958003b279ec0cab8c53ce83c588ef2be18d5840a8bf0a9a57ad2adf51a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-8d08-4845-9b8b-45b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '21f19a65a0194ead3ad5b624e44c7b32510be96633d6e778827adacb311f8877']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-106c-4fd6-aa0f-4aee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a1c52643e738eeff690993a22fb679a98c8ef2057eda04a3c5edbd2632b3c2c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-61c4-4742-a4de-4085950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd619f315ca6b1e9212d92e361a09ad01a2214326a435e25a33c20689343c6f42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-cb04-4f73-9d5b-42ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ffcb32513e35a6404482528b90b4eaab4bb4e3b4d2bffde5be51fe1fac0eb152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-7d08-4fc5-afae-4338950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '46cd5c3efbd83d66e3752be1d8229c6eb597d7d24ab68c6cec249f6b0368e57a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-3d4c-4090-91e5-4896950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '12cf9d677b1ff4e8a97b43bccf1ee7081737ff556c65907ece0debb4a2cc590f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-e5b8-4baa-9867-405d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e8d6740005d7459b7119b660a95661a6889855b3f697ad063a06731cb6423036']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-0354-4fec-9ada-4544950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9a5f8b42ee9f40a59d99c1b33ebac6ac9290f907dae8188bbc9ac1f875c2a99a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-5268-475f-b1a8-4c2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5c7b6ee00f7c96912e4f5391be445daf2eeb90d5f81cae7b6337b6329fe59165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-9418-49af-8e23-4f31950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '91c3e558704960cbfc8f2e0a781d3ca3d2adc4ec82a978f6c598bf842d267186']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-0f98-4bf2-8f7b-41f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e3eec80ccd47c6935f0fddce1d3627f5be717e90a30e2f736c3ef268bb7676f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-8830-44e9-b79b-4edc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '387d4ee7df6dd6fe6321789aaaaf2c9752b2d07b001d13b446c559b73902b633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-35e8-45cc-948d-4ea1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ab6792b3d193042bf502069939c409e15715efcc86b4d03410ffcb6eb4779b5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-ae54-4a2e-a9b4-4426950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7a68d875c499fd6987c5fa1a46272bd7c2969f900807e51de43b49d9934aa59e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-3460-4b60-b0bf-4321950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2df028b7d9b691bf3c25d8579c5b7846f40227eb00b563e04956fc1981fd5ba9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-273c-4ca4-a725-4009950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c7c3bd15e6546015a1dc1805d5dff9fdca0a103e010c9538c84a66a632a0493b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-6340-4455-9e32-4e30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1c209ac0b2139297bc88bbf37a5262ed039bcb454abd8f75abfd21120b9df883']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-275c-4a5a-bb47-4064950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1e1f68b0b5a623c08acf5c37fe2c72505caa9783587a7ef925a25de26d950f2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-7030-4d91-8c30-428c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4ca8e95a0a59b48ca7b24ac6ef01fef657fe47d3ba98a4abc870e2110c174986']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-6de8-449b-a47a-4af4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '03b8210693afae7306e09bf2032a5cc47d88b623aadac02e6bf932e887454c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-ebe4-4e7b-ab22-4361950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '123954a33e65c8ac28dba816e408fba324e4f5984a08dfa94f7640d5dc429c1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-9b7c-4c5a-a844-4499950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6f06ed65b8e0314d12bd54d861c9a7fdaa2c1409f3b91afc0ccb8bfabbfe47ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-5730-43b6-8f8e-4e9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '220a65657f754a4b46670b3666f8e14545c0dd286e8caad4591ddb8172e56105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-ea84-4598-9737-45ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b0485232103de6831e588c1fe1b52ae9ec3fb554b12dd29843c7d535fcb676a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-a9bc-41b7-94a4-49a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f7e080a60a2b820f8860af7f197f29d32aab6f38ac9c9074aa906b20cfed5918']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-4b20-434b-a381-452d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5c2590abc22bdffa9a7ff469b6caf8b64c66242aeef5f6b6229b1ca600ecf387']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-f5c0-43f6-b76d-40df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '82b1489f223b70fa1ce9da30d6477dd00abd48a274e99f32bcd82d92c2af808f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-99e0-4b8b-ad23-4b57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c2232604d5247808d7be0ff297a17c87129824209d8b8f17a6c5ae9c8cf50144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-0304-46dd-b713-4e73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cd42c483e127c30442eebd5a7143d25276d06340fc24a4324ce6fa39da7120b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-f770-465a-a9fa-44bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a00c5219a5c8c3a934ffd4faff9a79a964c8b60280f6c26ee18490b2f9be0152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-ea54-42a0-be59-43db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '878eaace41f3e112afa57f52541613cd126979bede58b0a7eea091a057e75e88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-415c-41f8-9713-494b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9191189f3c8d3ef2f451ed086ce3520b25aab1b81c5d5c965c11fc81876c9ca0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-e558-4a96-967b-494e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '608aa2fb4ceae9b590a2bf265e7e7a44337ed8c20f1884db16ab91b898bffbb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-ff0c-490d-89b8-46f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '40668f08878740fd7eab3c521702a5504f8c5fea2b803252962927e5d50c2950']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-f448-4d67-9ab8-412f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4b6c68077d8cd37814b678f2a04d997fe3339008e9750b8cab619360a2ab1b96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-0244-410c-84a0-4d56950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e908dcbfc6a2d0dda43f4fb1aed61a3279b0f8cd383e796cf7d13d45049a0d7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-7cd8-4a6e-971d-4ea5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c4cf061f764535f06af80e3a1e8b9bf87617a509cb879dc26278ad9577310c6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-d4cc-48be-ab18-4ddd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '603b8b68189d423aee83a9f2113d293538eb9d8f0ac4a58bda55734006734b4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-e840-4758-840f-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3a7fe7796e70149b80f41d070b2d0050e2055cba3bd2e6cda7752441a736b8d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-1db0-4094-9b55-485b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '460a87ff9ac1302a2189064447c092c8388af958e14da48a85070b71f0478e60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-c428-4446-b8bf-4981950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7f882477d3f1b5925f53dfeb5c0f582e9e1813c10c46a2ac0989ed6417fb0a76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-79b8-4260-a28a-4bb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '490cc1a82b65b83687a798282fffc65893ba472fc55d106204cb54434f04d582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-710c-4683-a2ec-48e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3e9666def4f1f0d096d02d0c15738e99da05da2a52b64dd5a4229d6548ad37e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-0d5c-436f-910e-4c60950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e0c1209a7ea3ca2f78b0c9e33b25a074491ca7cd4208b84d8e1908db76da8d77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b03f-27d8-4f99-9967-46b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:47.000Z", "modified": "2019-12-11T09:00:47.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '88b1b7d25c5f4f118a404eff1800dbf2794d97271ab293c1ad8ad8ec5e545f02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-c300-4d41-a7eb-4577950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '02f89e7b87262d14560f46006633246541d521d41b8e90b9466e61e578dc0aba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-9f3c-496a-80a7-4a22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e3b3f7195bd380f9fdc3192b24d0958db1e99937646a795e97f1db1a86b67756']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-01fc-4819-be6d-4ff4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '80a07c5c111eb78c26ae8b707f9c02ca75584a0038994bb4523cec0ed018ad5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-5304-4afd-9d5c-4c99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '301435e44ce79e819700be21046eaa6bc26fe28f7b94d85419f55c32c18b68ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-f8b0-4883-9f64-4e98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1473aa4c297929bcab0b67f502ef90b5214113b442ed01910442fda077692f4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-1c28-496a-b270-4654950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b09e5f96a0eb011cdc9aa3a223c00459a2778a74f2d1f0fad982ac6ffc3157c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-b640-4f59-ba81-4260950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '143572af9a036032d8a0ff56a8dd828220d0ef3aa0469058261beb9cb687c30a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-92f4-49c7-b0cc-431e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd885ace57e9c72d3026b994e70cbb52e68dde1df934e69084a9173c6d37f4023']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-9910-4785-b855-4714950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eab2961d1e43ebfe346bf69d1d424efa3553f9726299a40e45bdf2f743c101c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-8868-4a2b-95cc-459d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5b3fd34ea531bec8d64fa5ccf6bfe216a06984fd02d7384ba3914814d744d6d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-0ad4-4157-b48d-4eef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ff1a7c25bf00f8e001176b6b0301cc8ba7e87d06b4f01bef90235e7069a1b30d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-10c4-457d-94d4-489f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '09ec80f99e85ccf0df9ee0ae4c6520eebde71bc3c87b2726d84b981259164639']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-948c-451b-86cd-413a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e43830a8d66e07606f3b52c56d1cc6bee3733e1b9e7a435578a052834ea78bcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-43d4-4321-b56a-4cc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cd48897f0bf376271dedecd481a6c9117a6e8303d5a3e583c034c3d33ce23c4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-a52c-41a6-9e35-4176950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '388abec861fc7230337a22b32f349639560154d68c82e195509d30a1e8a7479c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-ec98-477b-9ff8-4427950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9767c10a00326f9f167178d813afb963021e2f58aefd174a211978c4aa1a95f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-7be4-40e3-abbe-4507950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '77db29ae7db276b52c2c4f8dacec831896523d8bbfa2cb21a161fa5a50d63476']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-cf08-4ffd-b873-4d78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c0c02334dc523867f02a593cbc860e1520158da1b3ff9c1370bcbaeef70d4009']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-1534-4aff-816d-4d7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '96beeb7236cda9ae1fdbb692c03626f40e57ff55014838d5143ad461a3461770']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-f8b0-49bd-96cf-4bf5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'adfc6aea1314ebaef8bfe956ead4223322da266c696a2f4d054fbb157f8d5abf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-25dc-425d-ade0-45cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ce110da29dec4756efa27fc5d4ad17eca6e6194375f8391226f60972bcd17a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-e77c-4e6d-90c8-4e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '940b78c80d87d87ec29b645857635886addc471f8c70b865e49288feec5059a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-6bf4-47e1-9d2b-4c05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '63476988992a922fa9c1b2ca608557701306bbbc5f2f062e3477d31947efbb62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-c1d4-4f96-b94a-4ab8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'decff0530202a546210fc055e1a6b0f912678ed85d2d77ef48eff23ac2719019']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-9f84-41b9-85b3-4b35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ef5c29d77fd28e3263573cfd998650040d586316a37b82d6b7646872255ef3b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-51b4-4cc9-a4f6-4126950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a3c8cf44b0a0d6bac1841c641b2b9113eaeb70c35f2c2668076bea15099e1eff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-f440-4c0a-9cc5-4214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c52f02602bf5945fd62bc86c992f4d37e51857af76b67fd029f715a6fa695b3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-76b8-40de-a1a2-4aef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dd970118732e36438b0af85413668925c73f2fe7983bc085b0cdeab3582f271e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-933c-4500-9a0b-49b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '37d3ec9d3335ba7c437681b01dc79539046aec484045c00ef764587b164d133f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-0eec-46fc-b3c5-46bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd6720180c4bcf1e2d01fef9ad426edc52917286a5807a518468eba3e4aed7b53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-300c-4c85-8414-4ad9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5f21b9e408d2fbc366e15204d4965cddbadefd113612a647987f9126961aec04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-4488-4c16-850a-4e0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6c69d1c6a51d6e5254f6ce3a1c55d91571421835033259d7052f3ac759820a18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-2574-4052-9f69-45f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8d32f91d955cd2b85d657cab932431097edc4b52aadf51e5e25d5eccc761132c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-f0e4-43c9-ae7c-49a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '51f64cb9a8e015fd8b960c82e5cceeeabe379966de4038b460e0d77bd91273ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-18a8-4ea3-b6dc-4af4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '94116b1efc4fb3208bca075dd55ba04321803bd14a5d91f8038313ed816f5560']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-1d44-4bf4-80a2-4244950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f5d15646962641710bd0af8169423b16cac279d6b78af0bc7f6f720d7c30ec01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-1e1c-41be-91f6-49f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ff35cf673a2eceec026cba6050750170456568b307bbfb2ba984a7b0d6d5f2ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-6584-4c5b-9df3-4e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b9b546dfbe34a6256c093ad7688cb447b89de2f9916dc073e6f7951a3ebbc830']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b040-d0e4-49b4-8e47-45de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:48.000Z", "modified": "2019-12-11T09:00:48.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd838184152595edbd8093289a71d84670cad912010d07c309d1321295b1cad09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-c2ac-4009-92a2-4525950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '54ac5748d75d1963e2c5b753e31044813ba9e116532d73815a862e469879260a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-e5bc-48ee-a1bb-4eb8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2443279e31ab6247ce24de7144d024d6d7ffd792541a813972e9db803716f533']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-37ec-4bac-93b1-4c95950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9a1c0b695bd632525b1a33629f16393409da089284ad36a2b8a7a86cd24c2cdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-cd50-4431-a7b8-4042950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0ba437dde133d54fe3ee1c2882320698fa2b0738d7ed8ffd53f1d76ea8897481']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-0270-4dbc-b980-4a6a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ec7482e56c1a048351a1b9f9825352fd535089359e232b70bf2023d3a0143e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-8d48-4115-a6aa-4f58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '91f1b3a4c4af40cee470b75619653eeb88db8b37958159b6df262ed01d2ed7c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-0498-45d1-9a15-45c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7c6233499d1298c7cdac827e66e727c4b716cbfd3789e468f3e26693bee57467']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-d2c4-48f4-9dd6-401a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6bbba3209752c404e353cd13947b9e851aa3865a6f83493b5e42be1ce586f963']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-8340-4f16-9947-4b91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b7ccab9717b1469e44bdd4682dfbb66706a067deee8f841cecf77e598a69062f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-4060-40cf-bbc1-4392950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8fed723fdc0793a7a130e6327d5e8feff1feded7555142d01a3d788404a1b3cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-c478-4853-b3cd-4fff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7046577f74929156e1a0e8b8a267a254074ad941a58cbfa808fe95f248c7687d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-7db0-42f8-adfb-4819950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1a59ce8bc8290a2a21af2f6914566a2301e3f2c1dca2f42749d16f037b2c805a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-1a40-415c-bf3c-4bd1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c1258f15e48eb097453ca8bfb959e887d98d128759070034665d95314bef1cc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-d868-4ec0-ad19-4449950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '66dcbe7ca3b5ca2636ed3d8de7a57b2955091a0cae30731005d82efc9cae0c79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-7c00-4ae0-aadb-4b9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '957f3631844a1981e02551916a6e3ac788aa468cc30130f0da01166a02588268']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-41f8-4a22-a44d-436a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '79efc9b5853a3beacbcc3e183e810d34b2745e3cbd74dc6533cb595a09d1ebc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-dc94-44c1-a313-42c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3ad66d92af7445f4dc1b339299f95c7e08372bf8b1b5055fc9f48f07481552c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-bf10-486f-9f0f-483e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7f1d3f304633e81b604ec757cb319d92d5a11f2f5de8e89d90dafcf872fcbeef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-8d3c-4b35-abc5-42fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fa0d550b5eae5ab246a42be129e71e37f8b98857b533a69c410097b34670e94c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-4e84-4e72-96db-414d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '28f108aae9808c8751112e789f8987902d57a51f283f8cac6c4f8ec333ebc168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-88a4-4aac-836d-4673950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '82048f464c16ff7008e7495cc87fea4fcc5cf04d958a12fb1b3dc613fd33efa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-39e8-4227-ab36-474b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9a984474b1600dbbd1078648f66a9d8a82f3c0b97c5b278762f24e3b6346e210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-db34-402d-b48d-4eb2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6af21af6dab46946596b012550939e5fe42b78a9403b2814995796bc3b15e976']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-270c-46a2-977b-4f54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '203cbe5480d28edc12930a107b24f625cf0efd10cdcdb954dbc122f9e2c74eb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-5f78-4f3a-8e1d-4943950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2c03ed5b6081c3fa6561c6d20c502cb4c47bb88c64f33263972b856215be982e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-e19c-4d1a-a83e-4c5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '95b4a039248c58c3886e6735ce41e3a2aa18ed7e4b9c60cfcf1ab0a4e013a275']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-cae0-4fbc-8573-4e55950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2e8b35c7bbb105d779c8ee29f3bd89f1e1753cf1890df83388ceff019ddb7ab9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-0fd4-46f0-9fac-4d8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dd5279f4d1936a2875bffcdb28cc5020cf6aea41c51a7c45ac3cd16dcaa2e0a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-5144-4a22-a665-4e86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '84c830d00205e5eec89eb6d87555785f200ba5cb94f5a7b3ddea4b67c41fdeb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-694c-4962-8301-43b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2ea3ceed200e046612256acc1f69a7d0582ed5211f537d941ac93360e8403559']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-7d08-479b-b71c-4186950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '590752a39996f425b0a0033329dd816c195bade99edd7f4c7aadba84f1744eba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-62ec-43c6-a58b-4fdc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '89517d5ef6fc519f230079a2c06b80e0e93362c0cdb4239cb6349a26136c8357']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-35ec-46de-adbf-4901950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '48dfc838c038dff2aef79334e74f1da28d92166ef03f46df2bead9bdd467d307']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-a184-4cfa-bd64-4fe0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '26649e486ba1a9ad46837aa6e7c80b094b0b6e2af1f0a906310e1188afb35696']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-3684-46cf-aaf0-47d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a0ee7213974daf74c1940dcaadc9c729cfc3e2a5a2bb4e2a73684fc4037e49ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-0514-4cb4-8377-4bd1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '307792eb08705f14a9b31a2718fcf07bcda31bf21b147f69a8287d6c57362680']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-4448-46d7-a6ae-4a9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8df4b1705188fae1a6472b1456db8af87269efd2a2caff5863ac165adacb88c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-c34c-47ac-ac4f-474d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '57933d84d9e4d9fedf9496972ac23510feacb2a4c867568b1b7ed490234e348f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-cd84-4706-92fa-456e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5950774f554812943b76eb930e90f82aef3e0d1483dda07546db29898dc6c336']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-e990-4066-9c73-4a7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '208408123b09439e6f8fc63cb0c58902a3f1e0fc730547e501ccbbe6ab880bae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-75b8-42c2-a502-4c84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3f819b905a4cec128b33469fe4b8eda61f969ec58247955a0b98b021e9a16a48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-ac54-4634-9066-4c7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6cde3711c42fda4fc47d075bc1885657a8f1f5000bfb3c40f99a62dc2d33359a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-2598-4749-b882-4ecc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6a1fcfdd092049a7fd75b42fb7e8e3f256806098ce884c06ca683d145a875fc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-f530-4376-9da4-4b72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '69b5a1582c4398b3367c6fbb40c51eeda0deee719b9830c55c946da564fc737f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-0a30-44d3-b448-4ba3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c7c31829c31467ef1ec99d169682c80a15ea6940249dd28e5d206a493e66b0a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-5e18-495f-b59f-4005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '723be12af49d00743b25237e0411053bd6ba684ed6026f91fae6c88e2b3736c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-7a64-481d-b2c1-48cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ec22ee792afd1e0428019c172aa3382df34771f9671a2a9b5cb67aee9267edc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-27d4-4441-bd08-4ac2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9fd9100c7ca4b77e522e14b979a431e8cd2349a359b9e7cfd13a282291f7c8d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-f384-4c90-a576-488c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '989a3fefb82d37805a91a2f07f07081e819a032b4fd9484fab1f2a01303feba1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-060c-47da-869c-4d77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a9db489b00bc4306cfc3e85a66746229b5669e2134840c3005feda5c554f6c87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b041-938c-477d-b5ca-44ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '935277a274a40581ca73699a0b61d0bf06800e21e3fb127279a994307aefa9f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-09e0-4277-8962-4e25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:49.000Z", "modified": "2019-12-11T09:00:49.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'beab3e5de052dd4686e48fb37b756e648a261b264d6cba66c265ef8a1ea9239f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-9c88-44c4-8abb-4082950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '964fd889c72bc6b5e553c6548001795d10c1d87cadcbfe248c766a5a7c931424']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-b2b8-4775-b356-4384950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fad8f8c03505c21664bb6841de7e6dc7a19338ef2fb9400d832776365d258ac7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-c008-4534-a608-4986950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7f2be3d7de95745bafdd1a69d077dc92d66b40f0005433c47d8323c1c0fdc61f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-9d70-4659-a9a5-483e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8affd6ae38dc7e715fb703a1341f835840c98fad83fba7466b9d5bf3b881771d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-1dd0-44e7-ab77-47cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bb09c8b7ba552b5200c6da5b55f9b29e5170c01b10aaa3140b0bccb85f991588']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-e394-4346-9929-4237950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '96af9cc86a8d45787ec4895a19f9b244cea2d0a23759c6dc7eaa1c42d1df9217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-c314-4cc7-a512-4b43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cf32204e546d98b585d28b0fbdb8b13f845e7ef8f5d819f6fa7517a98e9b552e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-6bc0-40e9-b20f-47d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ed2c195cdd3386c450856322d3bfc69369f3a787e4476249fa74e1440895f708']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-dd10-4c61-87cc-484e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9c1c4166a5f5861823f981c7e16932351844b0d62251eb79f73e7a25844b7dbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-ad38-4988-916d-472b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5d241730dafd29e909c9c4f4c172561fedb783c786dc865854d3e7bea0c9120d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-2a50-49bc-9580-408b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4d8a2f6e05217252abe1732f61c3a8e8cc00029ab483d6ffb25060aecd0caf68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-6430-45d8-bf83-4c6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bc210c0d9757ec34e1ec76264c63b71fee3367b7d020f81f56b3d89b75531da7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-d80c-41a7-96e1-40fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5cc8d0a2996968160ea9607cd9d2f3ff49227be3de15b096150e08198658c24a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-69b4-4c1b-848f-4c09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0b30436a70da6328b82022c227c7c3912ab0d1f998dde4ea0c846bc97099459e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-1f78-40e8-91cf-48c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5ee264316db1e2c32603a31b99a0d871d6b4d253aca53d76336aaecbf76cf6f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-2fcc-437d-ad0b-4b15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '636e19b738793a5338e5b90085d1ace86b9d790508de18c69b3567e1bd8ed5c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-5380-41d6-a8a7-4780950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '50cbc24760b13fc6069311028b7728e1d6a183c4802b38516918d95cd3999ad9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-17c8-4d15-8c19-4bf7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e781a624c56b45e8fcd37d57426fc03a7fe86a750b9885b75ad873086cca3b82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-f130-4ed6-ae69-4578950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cc0e31c60f0ed3caa59feb0d1d1304f96cf23c6312270fd8567e4ed87cb7c71d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-35c0-414d-b36b-4c03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b6f6a90c9aeea1c1cd79ad4c090ef6e7586f8b1ac4e3c81b16e8970de240d821']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-8ec0-4567-b3b8-402a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7090aa4a651779e03dd59527dc2ba2f73a727828d0f5886f9fae62db71526709']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-2e7c-4522-86fd-464c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3fd07c1d65ed0ad52a78f5a128a1fcbb83472896c1d61037137f95ac09cb5b53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-38d0-4f6f-ae8a-4dc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1461a178a2aeefd5c2ac2ec2d500012b5c60dd3b34eeefc3c261c019549f0288']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-527c-4ab0-9bb8-4112950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '65fc3e576108db04a432776c0806fbee72f388ef18334069f99708032bc53c3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-3030-48ac-ba3b-46f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a81e7d7911fca8d0b8a9f74edf81555483bcc111029c53383a72fb3c1a7cdb4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-4d58-4403-8ed6-471a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1a52d43768e4c1b16d7aebfcbbe52b23ea082ed91cf7afc01219b9a739e82df2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b042-901c-40f4-9050-4906950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:50.000Z", "modified": "2019-12-11T09:00:50.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0cbeb4d718e24f83387b5956f8ba06d54be4ff800543b6a8e29764fe64fbf8eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b043-786c-4d68-9fd9-493c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:51.000Z", "modified": "2019-12-11T09:00:51.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4bdb662003f9b91c203c140ea95e96f6795ebcc4eeaae68bfb8f82918872e511']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b044-d55c-4c69-98e3-42fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:00:52.000Z", "modified": "2019-12-11T09:00:52.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'aa4e6432312438a82dd9e4bfe897f915a2766ceb9dceee6c24ceed5bde6b4416']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:00:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b04d-9f6c-4d2a-ab00-43d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:01.000Z", "modified": "2019-12-11T09:01:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9091f32108282e5a2edfe5ca09d24f9cf335142e1061b2274f13a2534047d52a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b04f-7f98-4a79-9493-4cbb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:03.000Z", "modified": "2019-12-11T09:01:03.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8c225b6bbb767f950dc729cf038c299bf543090e72e2f9ee9ef082f62a581164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b057-3134-48e1-826b-4919950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:11.000Z", "modified": "2019-12-11T09:01:11.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '673dd35ef657718612f06f89ce98781f0861f261e5a4a3906e80acd27c249bbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b059-6d80-4df4-925c-434c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:13.000Z", "modified": "2019-12-11T09:01:13.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '31fee0d5fce984bbf2050744b0bc13c245eb70806ce260f0611e84bab2d8ce54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b05c-c4b8-4ceb-a6bc-4097950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:16.000Z", "modified": "2019-12-11T09:01:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f281a3f88fd4aca86b05300e4a00f26974154aed73715de92456d26cbe6fd873']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b05e-58a0-44b6-99b1-46e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:18.000Z", "modified": "2019-12-11T09:01:18.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9e655561670e1d8c0b424a935b58d1b9e62dd507fdd177b7695bcbf47ae1e7a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b063-7864-4911-a99d-441b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:23.000Z", "modified": "2019-12-11T09:01:23.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '09f3d9d701210797c5aac3e7f2825f7f17f186649474592f2a6ba6a2df5924a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b065-4d98-489e-9772-49e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:25.000Z", "modified": "2019-12-11T09:01:25.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2a33c66d6bab81782a1efc66c740cd1e1e38b138c76fa09c8eaf9dbcb7620e0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b067-62d8-4d38-861d-4df1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:27.000Z", "modified": "2019-12-11T09:01:27.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f705030ef79d322bd6cfd6e08b53c2e62d5365d701df30a9fe3aeafe451a55e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-ead8-4f25-83e8-4568950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8fe9321b5a511874984558d77aef49e79bd297d6a6b8c40186260bcbbdc8ee30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-c578-4b52-bba8-49b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e080dd64361c5d7855494333fb91dda700b0fdb898d7e0b37fb55d89dda4899c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-59e0-4804-83f4-4d0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2f34ccf1ab15958cf6eae626712718a6de864378732fbcdad429967c58633b5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-47d4-40fb-805d-4054950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '145afca358d19ee27d94bee9b6c3196311490d402386c00684219a0793336729']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-4460-4a42-9d4f-4370950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4e4fb92c6c122035e705e4f30aa14be766c7671a8043fe02e48bc7dd2d79f860']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-824c-4d31-be85-4190950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8cbe01bb083603ccd65892664cc93caa09ba65515337f1ec69ef28c818c6afbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-38f0-4f91-86ad-4356950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'af1e1c07f5cc6ba4314616156252bd8960c39f9106189ed754c6d673290cd399']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06a-9db8-47ce-b3ca-44c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:30.000Z", "modified": "2019-12-11T09:01:30.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6540b42f334391d3e48b964e39e199e9d75d7e58086aa6c40b528c9bb306ec8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06b-47c0-4fe6-b4f4-4b85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:31.000Z", "modified": "2019-12-11T09:01:31.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '975e95134bd072c19cda96a2f372467e6f3e6833e14db37de0f0b47e5a857019']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-ba7c-4100-8dde-4969950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0fd0a413f060bfd03456ccc0ee43b86e1614a96c8727c59deb2f7d09059051e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-0df4-4f36-9b13-460a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e063f4f4e14c56753a6672861bb5a44bfade383a94aaa84766eeb870205ef53e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-fd44-46c3-83ab-4551950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '41d588da12f978f1456436f3fd0a33bc6ac8b1965ff7a43ff252e16f8100cab7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-7984-47c0-aef4-415b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fca0b85fb10a75d04a9bbe9065fcd97a83676585181be6c8c4e6a2e35751f08b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-19f4-400f-a465-4a58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '39ef98994ddcc60068efe32bcf1b8655feefbcd0c9725124ca0d0ad0ee19cc5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-cdd4-4ee6-9c15-4c35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '574de62d0fa0bc8fe1af444960a9d8fb61f95f5bb23b42c9832fe7d288b7d147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-a854-4e21-bb1c-453a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd18604d8582e40a5b4dd358aff12f1ce422faaa204ef86264a5779ee2cedd0f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-f8bc-4e6c-a38f-46e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd093211ca6df1e26dff4ec0e2b432c56e7d0a3eb08e53d00a990e5a4c919e7e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-3c24-43bf-b9c1-40c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd2c301d3d084ae6f68000e2daed358fa538b4cf7e4f2d78ad86646c7d601fd95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-ba08-429b-b47e-429d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '63a1b92800d420cf3441021474f937833e56fa067144a36b74a15af49abf1128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06d-7e08-4332-9f1b-40a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:33.000Z", "modified": "2019-12-11T09:01:33.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '855164a11c1c387e06ee37f28ec8795b0cb169a75ebbe1a62143c5a34f0ff1d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b06e-a7cc-4520-bca0-44b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:34.000Z", "modified": "2019-12-11T09:01:34.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c1d650ab6aef15a7170da9d2c2060c6c11d2989282a27cfd63f9afc478027a79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b074-b768-4dac-b514-4178950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:40.000Z", "modified": "2019-12-11T09:01:40.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '122e7c75b0d159fbe36e277b1c66fe136fb58a73f42c8a3ffe8677fde56c1daf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b07a-e414-4719-83fe-4104950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:46.000Z", "modified": "2019-12-11T09:01:46.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '830667e2e04b4cf696847e772b4e0a70f33b907eb94e5b77ce8c017c8b106934']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-9030-42ff-95e3-433b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '84b21d3a7a5a85c9ac750f46a864bf8d236f0e6838f57623469d2ca2c9531f81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-6f14-45c8-aa64-404b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8658079dbf8cd8ae37fc32e6c9acd079986fa3311acd5b73b93d6ad94e51336b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-b90c-4505-9381-44d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd9f32d7b5404638a9d14fc4632936c89c9c6420cb63356a232d4e4db891bcf1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-a1c0-4467-9ea7-475e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9d5a0edd97c0689ca40a7ae9519f4992a538ff81a5d4c5a47e327afa192cac76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-47b0-4729-8e19-4532950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b2739c0042bbff812ef3d9106fdb32a6554a4ccaad94253b79f280506acb61d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-a328-40e0-99b0-4380950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3a1261fb978ac7806c43c420a2d92e5dcda896b1846fbba341909e33f5256bd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-845c-489b-9693-4119950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bf41c236fc909089e5b4220ed35d7b2c379ba862aa469219ea0c03ed7fe02de2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-5ec8-4fa4-8f66-4a63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f91303fcbb2e2397529987732c7922911381169d16f113752cb1cd9e1382794a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-2b64-40f0-b040-4c86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9b2da6540c7d3d44704c115996d25dd504be05c6a3232746efe3b1d3ed3a0e91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-934c-45c1-a0db-4928950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8618e3362f008deddb91a883b943bc250651d45016ecf8f98160c1ee30c31376']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-13b4-4c8d-8d3a-468e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7c4a3468a02545ca7dc7fef06b9bcc5b37f5a892695bb9c64bf898aae81545f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-b8cc-44b0-9919-48ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6027dd52f89684cbf428d9420f84fdfee93ee73ee35af34f469a13c76279ab71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-7fb0-4115-b524-4de8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '626c969f98464156d2964bc7d73d53aa83d68b0d3ee06224eae4b2a0a310d7b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-08b8-49e9-b199-4b78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'aae033ea6ac16ca78663191b8248ce7d6caa2c00fab27610cace73ac26f7286c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-1fb0-4402-8d88-474f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '710d2f297fb305a1648274801bfbab0aa21f1b67c17de9d8a930dc6cfa162f6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-6b64-4782-899c-494a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9514a036805d3a7973980175968b5f43d7ee14af461d8a966f9dea02ee2ebb4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-8dd4-48b6-a079-478d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd5861e71eba45e19297cb1c120e37718e191c65c41478a50e5eed96b9cd4254b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-0914-4450-b1de-461e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '245b5eea1f2095c703792e37341b68b4495c88f6f8c2ec3dc398a5720686fff3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-1cd0-4652-9f4b-41b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0a51c2f661670154c7d94dbdd507bf3b698f935756267c617e51103640f50990']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-a690-4720-99fa-4838950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a20196011e8fe6929f0d565c8a080b62c4ba29874896ec08ed4af0709aa36f04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-ab1c-4b5c-b168-4523950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7588f5502a3583caf38ce1a497fe61d3b3f45f05bb92f5637b2510e2bcee9a6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-6554-4473-bf62-4c9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0c19f0684d6cef08612c2ebe66ba38050aac3a68822a181390455882da6fe71e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b081-d9b4-4b7b-8c06-4843950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:53.000Z", "modified": "2019-12-11T09:01:53.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e4370b0ab4dde24b3f8634e6a154e243a1d96e447c5b03d17005226ef4815cd9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-c39c-480c-81e2-4ee6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c441aa77eb1d094403a8fd0f66dc7e00b8534a4a7db9ec3afa402c98fa7da440']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-47b4-48ee-84c5-43b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '424708e82897b74f3b31cc8408949e969353177be0fa88ddfc387f050971068b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-bd7c-4d3d-8a2a-4687950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2e91ec0a6c189ad8def886d10a30c668fb8e0817f804875b5b30fba17fafbbff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-7ea8-44fd-adbd-43a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c87a3d98f4b64cf15eaf00fc0cc7cef39a3a02540161241c288b2f0e0deec5a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-4d80-44e2-a28e-4565950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b130c34d608b40a3770f6833a79aaf3dd8c21cb9ee2eb9cbd6b80128cfb8d200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-2a58-4034-9301-41f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fa6a3b7f70c5c1aa4d083523146abb2f0b5af84b74c8c019c6c4feb3e01f751a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-e278-44d6-bb00-427a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'edb030d018d707cf2130b990e1ba80b4b2fd5415aa67c004fb129494ecb235d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-ee5c-48c2-be97-47d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e06ea82bd1fd49ae05791148c9e0fe4f327146911f434fcd3cba4db52e5c372f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-c5e8-4591-a6a2-4608950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '54462075b75adf13fd54d56282dd200847ebaa2e43340f3555e45073fbc126f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-a9ec-43bb-a6a4-4c85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '02af85494ac863e6d7d67143ed6227bfc886663ee339c9ef2f95ce28cafa2baf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-f08c-4746-bcf8-4b66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2acba73e75dc9f2fec4a30a81387a50b86079e0facbe3c3edbe436a6bf28b825']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-e66c-4c57-bab2-42a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7588964a824a72edfeb379ad77aa2a4f719878c8749910630d5563ba59ef2478']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-69d8-4704-8b08-40a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6eba1d9bef86ec551a936bcf43a148dfdf0d8d10dfcea1967c5195cc443b9689']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-d54c-4f17-9c22-46cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6451fa2d64dcc6b31c5d06e59d3b2c900ae420a5ad9d9fee87e8a39ad3a64c3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-b2b4-4487-8bce-45ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ceadfea8ea204382f4ce75d7f15a73f412ea54c28e49828b1f5358ee4d0b831d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-37d4-487d-8c43-4ddc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b91401f6ce92f63e1994669b0446261f10cec30633a57e6a14c583c52f16507b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-2b1c-4696-bd82-4785950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5ca46047bf29b4838397231f505f6a2c52219449933cb4156402a3f906e29a47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-cde4-4ac1-a3b0-4468950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '017ac2aed0f08d650d722308b79fb8f831b9be6f43c4368b7394b44ffd4f6f09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-cf3c-40ba-96cb-40ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '758360f2c03ae4e1a19238c748a2e0e72cd7466a9caf387e5f1839ab3daf3d57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-a3e0-4164-8927-42ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd0ea8533befeede8e05e192ff3b00a1e689cfe65c8db15abd0ebd28aad81b297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-cf68-4ff7-86fe-40df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8ed575d654411a68e86fe7794c96c9061cb2d79e08d83160085b15eab3443721']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-5380-4ec9-91c2-452a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ec099ce8747e0c8ad027da62e5388cc3ae5f84a2b4d78af452c8f79823e56dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-f804-4f5e-a485-406a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1ecedf01f1142c1616882e79f2d554e0e6c51e55e59392948c505d7dc12aa430']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-1474-4f31-b161-4078950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '35c322773997578185364bf8ec420dea5195e1e450aa0585c805115c593d62d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-caa8-4a17-8974-484c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '781f84274d6432596325a04276a68d0c5599bfdb98771a853400d94605dae631']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-a2d8-4a00-baed-4f8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1707ff37285a6c1d552eec29c1a7a4439c7787500a665cf8d34703d65af52788']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-f290-4b24-9c31-40b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '73399f5f04cdbf8fd8d61d730a24399a1058f727577cbf33b31c37bd6bc820aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-682c-478e-954c-4019950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bd0fdb7472b937dbc36b42e01c2b201fd7c8de76e0bf5f3c9b656cab78380c43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-a994-4842-a10c-43fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a33ebe9f8b0eafc1dc8dd220a5525ca66f328713992f43cc68d829d4fdb00f21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-6ba4-4e81-bbd8-429c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ff30ff65e97407715f6d03b6912ca42d87b912ae1e40b473e6738887aa1c3264']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-d454-4c1a-8dc7-454a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4d2e86301278a9e8859857bbf23ae2604946786fb8046a97ff1102a0df8fa520']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-3750-4654-856a-4dc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '64a8e288112a982aff6ca02c49a0ae0b2dd41d23b04433b93a573b62e43a441f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-49ac-488c-958e-4e43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e8c699ad010c200d8764cae0d4b75762379b321ab52e0614617a7bedfd42994e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-0fb8-4fe8-85c4-4700950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a29724b0d16f55a8ec4fdfcd5aac29de9ea7165b1e915a266184b8b16e351dff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-6854-489e-aa5e-4ce7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5b12baad329c9492712ab1c57b7e1e89ac507172d61d99da6f9fd2caf23be9be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-9784-4c9e-8a33-40d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4974552078e1f43540ee29a04b40618df797bef3299cf60cc46e5d68a4bf77a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-7650-4efb-b10c-41d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '88dcac0d38c3b5deac8490ae8bf4c74f9028d90b72573b299439a0769502acbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-db44-4098-8add-4932950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c8d71f59dcbb6a9248a1d6d2face02c1e7f7d54a70ccf32d1111cb0ec81d21af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-9138-4e5b-aed4-47e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '173e1f595031f1a862d18cb31e4fa49ad74ea93eeaec8a0dd830d5e59fa13a66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-43e8-4f74-91ba-46c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'afdcc114586c5720dbecef9911e1b3b30a54cabe7912b5a8bd3d46c868d7343c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-eec8-4898-88d2-4559950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6212b6073077941c534fc23d482128165b8d5d0d9ec165abd0b4184353de9c32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-0210-45b7-82a9-491b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c2758f27013aa2fd4cd57d3fa6aae6c61c43cac869f7622de24c0910165c6805']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-f728-4c92-9344-4b14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '47957ac381ddf4917b0ec2a325c6a68f4778196e4ace0035dd95d142858c4702']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-c530-4861-b8fe-4833950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1b50d9c750036e5e154dc86d3daa50502dc2fbf74847d7df401a0df41294d4c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-e94c-49ad-b320-4bca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '56f4307bffe1f95775fea20b85fe181ea7d0b1d0713b59d1183cc37535e9402d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-f4cc-47b5-b895-4f0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3286ff9f319d913c1d05725c17eee4548df331c36da0ea2e49d945e655f54ca4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-2014-400c-90ad-4c3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c55de9da7945deccfcd284a2516938a287d503218e5c7cceca8606a93e00cfcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-68a8-4f00-a24e-4b4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0ae75dac0dababdb13ebf9efadedf18c5bae3c09d919ea956e578b60e25725a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-bb64-4045-8cd2-41d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '29a19ca5aaf2c175255067ce165dad2510991ccd21f9be422471f4318e52cd63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-8590-4dcb-961a-4cb2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8abe40eb8d28d1ff22b5626f888ab4b2693ed5211887bdd83679762fa2b1f046']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-4098-4e32-a7a3-4ec6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c41420a1759debca01a347d21ce31593aa207ca5f3514bf36eefebb9515cd7f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-c708-49c7-8808-4b6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9d6d21f59f7c7160b5f784da15bed3750cb5b2a5ccd0c736aff71702a7e71e63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-4778-4ec2-a3b3-4367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fd55e025bb06dd688ed8aafae68f613d886184e93e7967d4a55dbb051ea48c40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-a3f8-4ec3-960e-49cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '56919d739ea0b1107916a790cc2bf270afc21693b0f4c31a0bbdc9b5a70cf81a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-c9e4-466b-959e-4847950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd1b58a7f25a5237bebb4104e247d7e036ea2b1a48f4342c88a117b1e8a43ad51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-2000-475e-a34f-452a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b755f549334e2612c52a2632752eb60d124b69e632f6c7fbe964fbce42aee440']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-7384-45a0-89f9-4364950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '62f4fab29c4f69c9bc911b6ec388ed93543889b6f58883e0513304fdb9210c8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-d388-48e0-85f0-406b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9528d0c578157a0c18d495e807bcc5acc82f84a03a52576e6e824698f748c12f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-bf00-4091-8084-4a1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '19ef2012b0ef2026959bb8eb5f921238d42b7e82dd298443ae21debf1e3e85d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-6180-419e-8560-4e2e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '537497e066b92b1852ccc874f865e6cc09d0d6032cefcf44d6069d22c9610015']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-b924-44d3-a70d-4df6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '050df8f1889c7a3c31a91ff07e9b4cc51ec203f6d9d25fb87a1ee0399a37f1c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-49d0-45dd-8a28-4b7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e64c25696f03af4f410cd66ba85fd2ddb951d224bd98cd5a1e29f171cd3c3730']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-38cc-4112-a5cd-4ab8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ab8028bc96c4000430bd8da9f5c7f86fc58f001080dc022fcb0fa61daf4aa3d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-8f70-4c03-baae-49c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0e6f9a877d5b73a03b475db5f2ec9a4052c330a186942cb61febbd2d7dab2a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-d9d4-46e4-8c9f-4fd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '20826d7e9b4bd1e27ce9d055aec859720dfc89dfc3ea640c680dea6c9cd5588e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-6fc0-4500-9a99-4a19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7de248257c505d28976224974b20e590bcf0a5f1c6da7326147930acb8541118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-1d80-4720-95f7-4d8a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1b39f0dd28bf86f78bb8e9727c43aea0ebef4a229b9d696f490eb0aa3b43e06c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-6d1c-4fea-a148-409a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c85d5d8c7e16c27fe40e17513ffce6a84c1e44aabd583411fc37d774bf7c6a2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b082-acf4-409a-9bc6-4ffd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:54.000Z", "modified": "2019-12-11T09:01:54.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1a60fe01d7c1d34d24a3d00590d53573980fe420a4afd747003324acdd7023f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-e524-4950-85af-4003950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8ccc4fccbb17b53e702f18f86dc88bd362c1bbbd7affaa26aa96bf4f655f3bbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-e094-42c0-b82d-4028950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e8c42093d0f6424ed018d43b6e416a645700dc291ea90ca5ce9bee7090a533b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-055c-4bdc-8377-4947950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b264af7a7700b8fab2a66a501ae033728f9fc11fe4b4f9e9f72544c7a8c85646']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-1eac-4fba-8e4b-4bca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2b99b9171cb3d2f13b8e21ebd70be56cc2475ced28ef7868cb7f537e65209714']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-6ee4-4560-8406-40d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e3a17ad287aa54ed67f4f802957d87810e5173c06b85d60dd742a05184fbce25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-6784-4e15-b6f5-4a90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a520390ad47a1e45c99aa8022584c650d67c7b094e144142cc87a6f3d3faf2e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-1114-4aab-b03f-4fef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '60c66d7f9bd30008dd2f4549940d46afd9cb84df073892766c8f2c5cbb58ab1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-dd28-4b6a-a390-4cb2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'af0dc865455bb67362237f2bc15828385b122578d5ec53d9eaa6fdd0e1f08445']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-6ddc-4af8-8a5a-4cab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a68b9516432bb43b24b47c9767f852cacd160c3069c7864d075be33f0070dd0c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-eb08-48d4-976b-4008950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'df502a4069b889ff8e73741352e7c3c07fb4a33478c92325d11b7fca3bfc1732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-341c-4b6d-bbaa-4053950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f5e32a9aeac0da48daba5170e73b0993ced02dfce759c04580559c63b80104be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-8be4-4b4c-a669-495b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c84a1c504d3e0c5b2f9f5ce17c7874efa1704d458db3e6845ae2b12112027fe1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-3ad0-4ec5-937c-4137950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b5bb9daca3aea592d67391824b3765985e10e17bcff43270305a72766a6348eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-712c-4ba5-8795-4ef3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bedcab7f3878611ff761325d62ee183f5496edc8dd2381afea34ced2bfc64db7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-eb1c-44da-b853-48f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0793a789afe30dcd3a93bda8b77cd75ba2f1a9d28a371f0f96cce03efb3c1849']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-23ac-4f2b-aa95-4e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '21d2ae10a5a809222b67ffaca166e2a76732b47615597ea2f408f19d43ae0493']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-4850-4e24-bc7f-4c2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3456947910ec14542ef059d0a3da5cbc9d0a173b894e72a210c93d8570d2faf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-3f9c-432a-98e5-4dda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f0d329b6cbf7ed9b0e744a499f0fe79f37919ffa9447783efb7ae2db1979490d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-5a18-48ab-a74c-4e3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '06fc21ab8354c6f6012ecc23d1c5fda1f8cb0be3b474a96da9587c6cadba99f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-c9bc-483d-bc16-4efa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fe59d5a474a9cd104bdd34d874e71cee88142eb467ea6c93962e23590194047a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-2f9c-4eb0-89a9-41b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '94e129b1a140a2a53e25cdbfb0ffd2ff02dd306711ac5c038b1b124fe374036a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-78f8-43a6-b793-4296950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '16265e842f45a44cdabceddd2af7cb0910130d819dff4b82af7aa5972294f5c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-c524-42f9-98e3-4b6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd54a2943b17d93852b875925a279199374e1e9eb78a34d8f1c5eede1b27bd179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-fe7c-4882-b2e0-4555950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3c6e8b9cadbf7611aab1fbacfd54053a78bdcf49265eee02394c17bdcaceb5aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-c474-4bdc-993d-4206950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '484e8e202934f502bb1b0a944721845ff81879b4e91656d30c5fe4c490cb781a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-e1ec-4206-95ce-4a51950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bec75abd1810200ca989eba1b5ed9d30ab150079408bcd9dab5506f2f7e17968']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-5dec-4c0e-bb2e-4f1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7f160a49ee4ad098f972f8bf86b52afeca4ccd77ed47f5282b36a9ab40040e5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-02b0-4441-a873-4896950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dbc858c551a2b73228898aef3689239432eb9273acf745034ec86caa2f19b2be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-0214-4ffa-bded-4e26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3e028086b6244035187b2847baac76b627dcfae5b10be55f1363ab5531af4d45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-eed4-4e01-a11c-4367950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5870f5bd63135a66a45a7f2d87741e211be129c74fcab5f43f2106af2eeae894']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-da4c-470d-b0cf-4f66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1e5e5820d5465402d2247e890127ee4d1e337742efe78ffafee046461483de0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-d2e8-41f0-9dd9-4fb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e246f1af92ee0dc1772a1a6a546891984ee3b3cd5a7258d61f95b4c3e2b113c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-1170-4a16-9fd6-450a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '94d2a8a51f525a51f4b7d3266240e9172c94f8562c695a2f908539cc46666087']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-fa38-45e9-b969-4c02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '737ff4b548bdc34e02aa05235d906b33fa44a38622e0551844c8bb0fb02e55e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-0aa8-4add-8ef1-4a93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9bc659247414c693997f6f7dae795f529a35ccd4bb21184b35b205a022f4985a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-2db4-4dab-8641-4541950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '676f1bb1cf144e5fb86776954be0a1471218cf502c5d0ecc23defaddd05e56d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-4914-40df-9f9e-4ec5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eed0c51f66ef52f2fe6eeb4b2809e1aecd48922fb090f2ef19fb1ac689e1e628']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-d8a4-4d8a-bd41-4294950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7303a39cc0af4c27eb0eaf3d164e5a046da3a1fdcd1d6815e6e72f4635ac6982']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-bdb8-4847-97e5-4689950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '815d74755a6ff3bb73d93df564abfce3e5479d942a23a6fca202c61e5c2c4d62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-cae4-4a28-91e6-4ae5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3a546325ce2a949223db646115b4fea6a9c596e3b81c529ec3c3b6dd96b17b0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-8898-4207-b205-4f36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '118c8b83363e1361c0e5687df0e6c8d4d5d265cd84ba778a6b7bd7a27f179c54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-8e40-423e-ba54-4256950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '13d9fce3701ddc48ae25113120decc21d458765bf655e3dff640b993b31a6614']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-2514-4352-b3ae-4665950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1a5292b1f274e2bc303cb8010b7dccead0c43b25a0abfcf61aed7221b72b98e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-70e0-4576-807e-4b64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9914f24595ad8463f4df3a24fb549da701d39cb4d1ee027ca50e794ef24ef58a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-9b90-42f7-93f4-4a18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '430e929301f32f2eaa12f78750a26e0e358dc53211fd3780c91381beafec605d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-d5cc-4bd4-8fac-4910950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dbd0b60e889c63a5162fd846c42952e068040f2a7cd7cf618d9428427d722cea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-b598-4e72-ae68-4a25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a1efc530151d1df800bb6dc15313e8c3a407334d56e0a1d59cac9026e6a78557']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-5bc0-42ca-a9eb-43b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c0db220cf85c131a29f5a83c822c61af5d7f530cafc90d46a247cb4f3b752a61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-9464-4e02-b6fb-46dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3e5a0fb76977b5025e6d60e9e9f9227594b274462bc40741c91329e6d435bfd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-4f64-428a-979f-4636950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '08f53891c69302e820db6ec3e54907497c50133a0b02d8151a3f0f84d4d798d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-46cc-4987-ae48-4517950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4926cd1eda6ef5314a1eaa49d2a9ddaf9ea1894cb97bc29a57ad28bff70c4b07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-fe2c-487b-9074-49f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '876b129b5571a80390ff1b9420d6a422fffad80396cd524c8a28d79a594e5785']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-cd20-4422-b207-4eed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '01f9ed2163e7decb379aaffaa35d0307b95c9ade7a1e20d476127867a3ea8256']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-82f0-4587-9d34-4647950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8ec3ddea193714bd2fef447d33c11b71e5d6f6b87b019fe76a16ad08f425c49c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-2a68-4d5b-a044-43a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b12737e22992e76fb0b07481696395ec69d92ff79e592d5d553a22f6825163f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-79c8-45e1-8da4-46f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '89cb6eb33e51ddfcebe483e0e44440cfabb952350c13c77e316d216d83aada71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-1540-4d18-9022-426a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5c87e2f8867987ff3a194f428f8cf0f190015e586ab269b52a309ea088c4107b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-17f0-4fb7-82c4-4fca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a0df4633a022ba93d73a75ad7e6b8e01c369407107c27aa8650cb5f5fc878fb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-21d8-468c-a158-44eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6152b2318b2b975ccf7239afb2222156bde9f1dd338023b5ef6801bcd6e4ccc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-1418-4711-ad2e-470e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f3bc9d6bbf6c7609fba43c3ace9bb9e6a134b92c048b1c3712d31d906b489725']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b083-386c-43a3-8e0a-46b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:55.000Z", "modified": "2019-12-11T09:01:55.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3c705f31d7165350245d3fad4db9ab7a0b85475b10aa1cbe2030bd23458495d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-b7e0-45e6-9c05-4598950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b0639a1314161dfe9590eef1830a7a4cc2c8dfb75e59eb5275cc91339365371e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-3154-46ce-bc24-4b71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7eb19d5b71f0994ce6a57b946172483c9951fdd66a5198e1289a4aae3a4a13e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-7e98-482a-a8e1-4b5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '61f53a66eef46ebed5318e21eee3b03c91dabbd7e87e291b072b24351f47db2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-1710-4666-8fd3-481a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ec8983d519b411aeef042ad15f794e817855421f0cf4d00c3e858c4e6817cedb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-3244-4214-9d07-4bd8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '90eb6adc4f5f291590b8da5f7e0ef1d97e3e7ff10ce825c8c0badc79a1df5487']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-469c-4a14-87df-4093950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9cf345394b70a129fb77e130037c740fe2733b1301bc07b809d14fac187eed2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-139c-471e-995b-4bc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b888ddfa1dc6067ff6b46d81c13a46c66c3a55eeb635ccdc29b386bc21d0f66b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-d734-4417-8e31-4e30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c8f3516e6579f1182c2387d42e28c9c26397b0ffb5819aecdd38e1dc60313ff4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-bcc8-412c-94e1-4911950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '92440151a74d4e58043dd7c10df2141a6877747983e5b96b28fe8fa2be268d9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-769c-4219-94f9-44b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0a3a8e203c017695546bcb0fa764721f61d7a5a2c2c0d2ff7c2edc18f7fcb2bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-1eb8-45c2-9dc2-49fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6cc3efcc4d64393074d60aea4c50585af789ff68b4c7b1181abf352b129a8840']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-aff8-4902-8743-4919950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f83c4792728be3bee73911473f563b776353e79811febaf30e0736ceee68298a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-5774-43f6-b6e8-4f4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd1bbeed4dc9881d31df1bab35c03593d874d3fcd5d8d65cf4201fdb479d42c5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-3384-4868-adaf-4bf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5871169ac3ab263569ed138888cd17a3770d375854e7734fa03c339c7ed9e916']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-6ba8-41c5-b8cc-4c71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '21db063f58ba1e3e9f7d9ceb5288e89bc9fbe023ab7b3d1296c83f9a271e0ade']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-cdd8-4723-a4fd-4060950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '345dd3d94a7f7c68034d64523189443cc0d5112b6aa826783e6dbf5842aa7362']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-7104-4478-8b6a-4c49950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7e43b88207db6991ca9a1e5bbdbcce511d9907667f24b7dc34514120cf469855']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-44d8-4d44-99a9-467b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '46057abf095625ca75f36b5df302f5060a21288be15a819458265da59d8f3547']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-6d38-46d9-a298-489c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ab7cefe8c033c0d37cb5afa1a15697ce47d2c74d46384e4ca572c4c012230b19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-9590-443a-a55c-4950950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f878ab6f2fa0e5b01e61cb5deb5188bd0d31ba16f31fe8a88d2cc17859f66ef6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-f4e0-4d66-9d40-436d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1727fe93ee7f5cdce528dcd24d36c425fa90ea91c293c58fd38fc71fcff64e32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-fb3c-4a7f-b396-42fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5e044a65acb4d8faf7caab4375a7fb995806691135ebd20cb3e199e9b2f29aed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-ff88-4407-8146-424f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2f88813ba2a9fd0c09d188c305482a94ddc809200750f7ab979affd944b8b019']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-a7c0-433a-ac8a-4214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8e90c30ea85486b8fbcf0bfc45bed76cb8981c83d84c066ed196067b87266f05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-ed6c-49a8-b5a3-4449950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bea877537fcc69ad507962979b853651d7871edcdb286dfb42636203241dd287']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-7d58-40cd-be47-4b65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c6d1dc32460d80466b2a56eee1018ff5ed04c9b5cbf0691f8c8d69a3e44f627a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-5d2c-4345-b8f8-4e28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '024efd926b745ad0e6a17407a0fb85844868daef8aacfc5c83ab34173c0036d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-d094-4b50-852c-4ac4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '960279a5458f1204c009a108bc6aab5a9f6e5c9a0f257b211dcfca39796905f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-253c-4818-92eb-4a7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6c9cfef6b7e2312183b7140e1949ed712a28ed9e906580c25bc371c7d2c6f559']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-e5b4-4202-b2c0-49d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3fff30a09c222236dcbbe2ba82d30222a391b6d6fc5e11660b5e32910990b097']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-b0b8-4ee6-919b-4852950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd2e1649eb93dc513bd8285f44f2631cdb7a8282acb626dc7873b6f536f10fec8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-b5b0-4501-a8f8-4825950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '43ff3a3e53fe58d6b356a772b77df9caea2bb07e133a0bba78f64332b415d4ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-1610-42a8-a1b6-4284950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3da8dba74d4e1965885ee13b87a34296cd0bed175cdc52f7995bce780a88d3fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-e9d0-417e-988f-413a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '93533608231aeb71e1b7f96f0c5b37b8e781b525def4e3c21b6379a55b55cc11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-878c-4b16-ab20-41d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '814162b87fdb59e4b04b1cbe83d67c07ddb97950f221e31a81674e3346f5f078']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-ccb0-4b03-9541-4418950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7d61fcb28088fc3713bdb09a3b8b3372a494b449bcdc0bc1631c541d2ad25504']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-70a4-4f1e-9514-422f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5a0da68d7f847acdbc07bef59b2f6cefae83ba6d0f10686ec2fc37526c0f9c91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-caac-44c7-84b0-4ce8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '64ecad0a55b2950a40af2c2c6b67177b54ccac3a97e417ca42d0c55ce4b365bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-ad74-431a-81c4-41a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4c289673d7e8272c016e3b9925dfde7b19a2c7c9f6db70102f7c7d882f4b17e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-8f3c-437f-b04a-48c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1c9ee620d0aaba03b3aadbd044e1e266e25085edf5315f573e6e4844ad9aae27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-8848-4150-bcef-4056950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0f64b020f47a73628af0bf2e62e0108e90f7d1fde5b830513bed1e7b0ee0f73b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-0b90-40a3-ad2d-45fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '41e978655f6b85f444b99c91865c0221c27a54a20e3fc55d4e61c3e106af73c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-063c-4a08-8ae8-443e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'edea204fcd030a0b00c8951b1fa6dd0397129067f893b2da490f32d4e8a7f2dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-f7ec-471d-9d9b-4f39950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd65de0d445035740cdf1cd4baf0405a8924edc0e9c3024aaa70df20cb7f28a32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-6a20-4c93-96c1-48f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bf33725115b8b645f205947c3d252589b4fbe732dc64f5ebb9c10cc9b92877d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-8bbc-4803-a274-4a9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b5beb26498be7bcdc7339b4df0e98b1efd052287706d8677a46c85cf1924fc22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-fef8-43fa-beee-4772950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd3e28102b217faa33b3c16ed5d3ef631eb423955492b61067df4862515df8b7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-9adc-4b2c-8d9e-4689950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dd73b9d898d7663b38388a2f2d36f3ef72e5def1b2e67310158273f66cba61a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-44f4-4364-811e-439e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4a38aea6d52d72b4969f43d948ddf29a2d3576db9b3e288aeafaee4532a3293c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-b668-4e6c-a077-4d9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '60a0d505ed7870300d7f47928f551d39526a735f074bae05d163e2a62389f9fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-4138-4e1c-92c8-4797950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ccbf899aa9f6c8b54ca16614053741007519febb63299e5435a3f6c690f3d0a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-0e04-4ac8-905a-4f52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9e15e1cb09224f97d4473389080ef7a811bb04df9c6ad6e1764471a1186008c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-d8e4-456f-b028-4ce0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bd8bfa884d792afc2d037da121f3bf122b90a724d406cff50b9fa34739ab7095']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-d96c-4ada-8e07-4aed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bdc55acb282895b9942d5b188e752b35e106a55ad17f4357c0c2fe098da92e50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-cd50-4409-97ba-4692950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'adf0001edca850a68fc0a04e1635cc3d4849cb9662197b2ed689a11b1a0843bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-72c4-452a-93ab-40dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '28dd5bb9bd2a828533fb5e95793643fa5bf96a7d0f5b1799d7978d84fdea62ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-64d8-4715-9a1f-408f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fe531c3f1db56d1ab6d8294ab3753cac84e8becf8307023fac07d39d28a07e35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-0e20-46ff-9db5-4311950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '224de48dcea5a83a1315db1409372f3e9d72d9639ae3883068dfc55d60c75ce3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b084-0118-4aa9-b8c6-43d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:56.000Z", "modified": "2019-12-11T09:01:56.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eb4387cfd0d30be5e985d58f7dc3935cd3bd5a7dca193699aaa9971bda082229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-ac24-49e5-9af1-4a0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd864793695bea272f2c43877db5140cfa18e348e6788f2b5d3fcb189db868fb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-1290-48fa-b54b-45d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1f4a92061c1a2d3f19d1e4f127395cd056f699b1db2f1ed8648cd406fb973b66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-5a58-48f9-aa1b-43c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2b89009a51eaea0a277359651ab9097d44370f0829545a59ec5f63358e71e913']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-85fc-4d16-b422-4b3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dfbd3927e48c1772fcd2f57baeed5f5292a12540cc0c061fa0e576ac37d38350']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-f784-4929-84ae-4dfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ad573114b70a99dc487ad50eed634303c4acea26c0b26e456599971aa8607d42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-a4d8-4c1a-ba00-4e01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2bf45addcc29bc985a90492f5364af1ff8386de6d0de1dc10d432fa6fd7a2829']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-f2a8-4083-8727-4d9d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bf01e71dddf875a6e1b9df0a9c672d267b21556e83ebb50239b7d4b83a695721']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-4d08-48b2-90c6-4431950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ba68ac8c05da97e6cfcb6853a92232b5443ac43c1e11c14e4d4a15b684a6dc8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-76a8-4753-b991-4490950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4b87e402b89a0ab65ab8bc89c95cbcfe7c08358e43d18cc1b04ebad1823c8e00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-a254-4f3d-ace9-4496950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f21d9a07d47f5e9e68f76084f09e7363bc9b5b4a7de3700d478f2b1bbe6e829f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-a434-4bab-b981-4ecd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '16685887e84613e8b69bea67feaeb7115d3c403623dcb1689ac12c5c59a98ff9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-706c-4bb0-8041-4cad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a6255ce706db85a4ff427ec9d34dad32c59baddec430f32f99fa957a145fde9b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-d840-4bf1-81eb-449c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f27e019ac525aa96c91de1861c4fc33d79648b0f7f04a8b881f52565ca4de20a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-5204-4d27-acee-497d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1fef6dba7c44624e4d7c3066cca2cf4fd4dd8ba6ba7f3399373e243c96e5a1be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-19cc-4563-8df1-44a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2f250c57106a44356f14a671e1f9d71c73444de0405da37eaa747128139958ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-1994-40a2-9581-43c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5e05284cb4efc45f8cf8ca3818bb9461f2a106285ecd2b23125046691a3839e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-2d48-46d6-ae3d-4fea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9aa74d061e986ac65dcf4243d6229122666d1ebe5e5c8c278f109d5d8a74ae80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-1988-4452-b4d0-4e15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'da6bc58ed98b2b1e9c79502248409a6041e10f04d81411f7ced305e589c03618']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-0074-4cdf-a384-45bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8d320161b1278bc09135b76e07ed5c4ec833064cc061bed97daca4485177ec73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-f22c-4d65-8a73-4bc5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '687f47552ce1cb3df741abfaa1a16113e516751bf41be3d10f49c93d26e49c45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-cc34-4cb0-9095-45f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eff68eb29c3efcdcbc71a3094cc9b7105cce0d53c9b066995c35ef0c31f5acba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-6d80-4061-918b-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '43bbf8b4bfa3ead1ceac9c7813c1d848f446886c83274dcd1c98ff2240249684']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b085-571c-439a-bf20-4d7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:57.000Z", "modified": "2019-12-11T09:01:57.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0eb5a08a148269bfe5967ebc6175c248fc4ea4fa2f9f29127bfa4420cf7163e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-6490-47e2-b17a-4267950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '87416ee1c0634db27523e23e9a62a0d934dfdd328b0e0a1131cb44007326859e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-8ac8-42aa-bb5b-4963950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'efff02b0d3d86d0e27d7854f382cb7e4ec25fcbdc50276bb3d181b02750fe2f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-f0c8-4c94-8337-4bc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a5d257e59a105af5c7002665a87c96c9c50b849d6fb7e0de686d6bfadf11cdc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-71dc-4e53-944e-4487950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f2887e2d29564f6a7ba1e0138b907fac713463a5906ff38a2819c6bc4f7e82fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-2f60-4811-b8d4-48c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2cd85602d84cec93946952f095113774a4e00cce2f8211275b7fa86392598fc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-65bc-41dc-899b-41b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ae7d2ea6a9157f27aafa28d73808b959326bfb14597bdc4d52060b4fc76b8304']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-3024-4880-9167-4d4a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a2188ff2dcca659807db8898153c88520d41033b8f446ecb932957abb6237abb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-4f88-4c59-a695-469d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd00379abaf3060b9848ba406daa5948978df60429bbb447d629a0b233e60d112']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-1874-47fc-9f4e-45af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '41ac143274f38597ad8cd849b40194a9ce8a340f2ac3ca81b00d03f78393c01d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-9b88-45ff-afca-4273950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'aa5825680d7438a8a58f6361cafce56c333f7857e9117c027544008895b5dd31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-9078-4fc8-adb3-4a84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '68443a2fb7c7e5aca2209a3955cf39c716c5f5a915173746e4b27a9c4d70cb1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-50a4-4c89-8aa3-4806950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a90dd65add6ecbeab7382101a28fbbb818f696731bcdf2ee83cdd51987ab45af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-c1d8-4163-ad56-4fe5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9fe0f0fe473163b358923164a9d1f3287bcfe48f54b9b52aa2712a3f8a8e9ca8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-eeb0-4e6c-98e1-4bad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c3e1cd68273ab34264ed21f73247d10d51086bd65f8dc3dbf8e6c155b3aa68fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-e7c4-4755-a0f8-4f67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '057ac9e82be5accb71dcbc4c98c370600b931c3a49c24351659d8e051b7ce686']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-82b8-4b95-bece-4649950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'def6d7b27b2c5411a53d44b5cfde7be57d9d72f0fac36c639d830bb9eac1c174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-c8e4-41e9-878d-49d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '84fc44d957d32757e27bb509c32d7cba01768a7510b2fbac950e602aec9bceaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-ecb0-4607-9bfc-4b85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0d6de4ced4581620ad4da96c8b885b74ae31c987426da8e31e5d680a0f515b96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-1bdc-4269-9cca-40e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '39f9d63667821d7b12267a250b84e6979eb7b88b1c7573e82da42dcd162b81ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-3c6c-44ce-8580-49fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '91f7de5bb9002d63e079bfa3998a6ee460d2d496ec412d1a19e6ad0ce416c22c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-f080-43a7-a251-4ee9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd0a85bfe1329577c7d16bb6a52f6b051b1db4eebc4a1a18948bc8bc4b324f653']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-96e8-4ea0-8423-4d76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e1d6dcab11869cb619a173440c998f0957162ca36e2b43f1e2757e11541fad05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b086-4dd4-4ffb-9a7e-47c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:58.000Z", "modified": "2019-12-11T09:01:58.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3ab1d7b7e41a79c7147027fb2f8e921ed35167322281f1936cc321f1f916f3e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-4ce8-4b3f-b202-4c07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e728fea893b9018848a4e88764c64f22ba98b2e4a9904c11376e9e60c688949c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-d720-4bf1-b388-4ea3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '09941d4f793f4ec9f214aa2e27be77d43e775adfd8288646f58157744cde5c5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-0494-4222-bec1-4393950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0da7ebb8576f1ff0989c85b370bd8113bba622619509f64570dcfcc751bbd5eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-e364-4843-bb8f-4214950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6f38d55197506412ffb4e1563d1a4255000da0b125b6be7112c92555776c34bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-c760-4d58-bb00-4ce4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0f3bf370122c4d1ebcad5f2dcb6f4b60486953427ba8c95176df3298d1b5db85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-1674-42c7-9ec6-4204950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '63a1f51893b65e59c233fc62194c6cc9508e780763d6442cb4b8d48248d3bb93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-1894-4925-8585-4178950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '98e70fef469167aa28027be07072243d4bde148f8af364d245b761729fe735de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-fbfc-4707-b8d5-4bde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '61c523739188d42e8061ec5727f86be931bef90078c1195e9d7cc126db4aaaf6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-dae8-4042-82da-4cb4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '52a1dc7dbb067a3c37b3ee776f56e97b926fcf419d7dac3b1b99576ff1095fbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-0310-42c2-a148-4861950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5eab9b8af26b1508575d42c95661f41ec0aaffd794f307fefaaa6306ed50fb2b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-9320-4cbe-9a3c-466a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ab1db2fad7f75fd1fa2eb742d92e1a4d35e81627fe5fff55444956e5260b81b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-ce00-4716-8985-4a4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '28496862543b5f6201b033f7ab19e390b3a7915b7d3557629f3d2f2f8292a586']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-6dd0-4d9f-96bd-40f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '10079b5bba74566cd2daec9376f14acfd3ffaeed56f9a79d45d87ea795c21e33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-d290-48b9-8ac4-43e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6c083b167fbd3ed5290c6dc8e31c11e9b44bb8fd0e8386bde654cce5151ffd8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-cb50-4b9b-9441-40ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1eb43cca04f207dd7a107c81496a9dea67c457827c593ede89e75b4bd5b317f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-be0c-406f-948e-4d13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e805efb48554e98574bfb9cf2de17610d46b6be0f68d5c0a267e5b3e2ed3264b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-1f18-4b44-a0ea-4458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'aaab37892423fd94d199cce24360c53ea240a0a81b63b7d7169c7b7595c2fcd3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-aa6c-4ba2-845c-4fa9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '31e422b17cd0cce5cbd49cbe452772c16693fecd97f05558db60b5a331757bcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-86a8-4cb2-8bff-4dde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f74ea44f76af2e9c80dc50ef39c99b802f1accb0d94258d5595e6805999137bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-bbf4-426d-858d-4ea7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2c579f40cb18b3b9a207ca0598b5cb88aadbcf6c892bae840fb6c8098b011075']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-96e0-4cf3-ab86-4d3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bbd1ebcab780a0d5018b033a89b83ea4216aad07c8c73e41c86e878d77d8a8a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-53dc-4ffb-909e-4013950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '98dcb64b12c9a0cb858adf937105f53525786452c63a67986458f4bf091ba804']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-b1a4-40a9-93d8-488b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd6a3834a9368528d2d6d49a44f44dd4a6f25318d44af7c5072f0621a14373e75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-4514-493f-8056-46ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0fb2fd7fbf71ab39078aa16528e06cd88e9a3e541c9e93721cbaeca081794bdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-8c74-4219-9057-43bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c7baf739c5a78fda1d3aa48f71cefe7cec070c71ece8940566b398ab135e71b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-18b8-4cfa-8f4d-4c2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dd55cbf28ffb502bb38398c03f454a361330902c3fc4e465eb8865c8432d6b4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-1fe0-40a9-9cde-435a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '41e02e68c13e610488e285a5df79977a807974e9b7cecccc1bf8036aac2eafa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-2ba4-46a9-b973-4b0f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '800636f452b0dad4e1b48e925463194ebb26ee2bb2a7d30e263766ae05801f13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-676c-4247-b47e-4287950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '29d157f73ce559467d99ba16ca2d867eb5abc086c2ab0b92373d6adf91f77683']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-6850-4d8d-8632-4862950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6b74139432e8eb9cfa5d695952798be4dcc2930e0718ff1e5ea9fbed0e9fe15b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-bc28-4d18-ae8d-4f1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '444a564c7466ed4b60dbf70c215067ffa99ab773b8c8c1b0a383617777bde650']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-5d68-495f-a27f-4fad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd902651a98c1f0d139bb18d2eff730e2b06af7b5813c3d170475a284cb25b04b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-bab0-4007-9441-4d12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '38d39eec91474ab3b6fb64bfc0880539e47351b9ac2a907bb8722e94c516088d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-8ad0-405c-b122-4971950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4889ebb5f02c520e57a9f417df2d53cf415c9fc67d2ae3abab8b604e275df23c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-4d44-4dde-abc8-4f98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '83dd15c56492c897da410681b15890e7b760a95aae1bd6981bceed56b66124d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-7d7c-4a70-a417-44a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '336ee5f4b81ae7d30a17c6251b78af87f1a9815f19f732f78961584f268ddb0e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-e8b0-489a-8dfa-4c9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5a7b1f75b6082530340c4cacbc39341ec9c259f78297194fa0d6143cdf67c92b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-eb34-483a-8bb4-4b8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3777619b23c946d08a275d374bcaf3add3e377722f9e24157cd2cac3861532c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-67fc-4df6-958f-46c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '305cf6af8c1e6d52eba30a3f826d9b0439b80d9fc78c194ce50559321d62df1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-f0a0-4e4f-a462-426c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '71d895e3bae4d180e9ea94e8ce1bc6052a25fca48b086d78c1c14e2186ecf09f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-d42c-4a1d-9608-4995950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '904f9899b4b829c44d8238d9510c487a16b053d38617d701c986438fc479e7d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-8e08-4618-b1cc-4994950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '885ee30a74554d4d5009337cabf839fe5c4ea16d5a4e4a799e1041ebd709f243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-13cc-469a-b646-436c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e746313a774296e024bd6cccc4d320f2d8d10d87caaa79afaaf5076138e89ea7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-7518-4bd8-843d-4bac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '849dcba27a0f40c293c2ccf9c08cedbf7e8547c5be20b3c398df896bb9b343e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b087-380c-4c6f-be3d-4cbd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:01:59.000Z", "modified": "2019-12-11T09:01:59.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0ef0ca713cef3958447c81d34d78ab8f940111671878d66a56a3ce73fc7b3d41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:01:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-64a8-4a4e-84c7-45f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1ecd294c05fbc67ab487162c4c55992821f3c9dd00cf7d4e29750cc70e6b7552']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-ffa0-4e67-a000-499e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1e67614d79d390bc8b2ceb10744b3015d545ca15bcaa688cffe1e066f227f776']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-2fec-4a95-9a6a-4256950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dfa71ba3111d266b909ba4e3c8b0e165f0741b448f8dd4c582cd2c6a92b1ff26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-948c-49e7-b821-4e6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e375336fb2bb058946e20c09411545ce280ef5dc6b390df3a480145789c4b119']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-eb28-4975-bb16-4bf9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '673eba40a6a1d012467081271d749eef31bdbac99f4033c737bca40cd71dc66f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-82cc-4da0-bf89-42da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '218cdf63771e1d0481456f26bf130b71cd22c578631e2c2759e940b854bd54b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-8d88-4c48-bc6f-443b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd96e18f786de1a4909c6bb5ca307b459918278bd6dd5aa2660ea48268233386f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-1b1c-4708-bbbb-4581950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3b64aeca320d43d6622a5e8ec421db4ae4be75a73440454b0f128403670c2622']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-d72c-4527-86ad-403c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b6e6975a76b305c753c8e85b854fb759622055f71fcc109f5d2074b394e0bf24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-7290-43e2-934e-4737950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a0970b9addb86c5dca18c5b4e155b93b6f5a5d45106568014de8310367433d78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-c484-49f5-b8e4-40a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1765ebda60085d53187e136384a6badff0a6041b6ee4761ced2f11e20b060802']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-bda8-4981-963b-49f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5ab0950fef12f8ffc21e6484750821405dc522e9b8c48ae49d9372904cd0be80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-86c0-4298-804e-40bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '53af038821cde1f915bf0168cf1e459b7e32219d7a8798175f521dae6ca6fb49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-b490-45f3-8310-40a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7b88bba3162b7ea96d9a93be491de293a856ba4d69449a0b37b14d924bdb963d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-f830-49b5-8fde-4894950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0f3c3ba71c343b83234ec64f5567072b0c3104cbf042da63f1b250fec52a3193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-a3d8-45a0-8b97-4d40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'efd75086b9da41dc65da3f002610280f83a7a9a188dfc2cd3b43228b3107cd46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-b3dc-47a2-b7d7-48fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '88684cfaf2c29fd61382af8577f660767504de6236d8a98a087b4745c958e494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-6520-47a3-93b0-4490950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4a03361f7f8e42e62ca7e0d6bb843c67547e5f564d9bb484c326a10d70cf868c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-e03c-461f-9d88-4028950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '86856ae49b89dc11ce60764c5cc099cacb3d86cca312ecf1b4a911f74e81f75c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-2bb0-40bb-8dc5-42d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '16931d251d5a0eec6f7d5f9440836ed897092905d9b4fcf92188773cb292a586']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-a450-4235-aa48-4ec9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '00c4c679f1423f01284223a150cf45130f69ed14c847ed63862cc43fe6f27857']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-04b8-428f-a0bf-41f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '136d1366ec76a9e1ecc49c1020adea68c416c6c8696925ef50f549dd3564bcf9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-4238-4d2b-91da-427c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9a5986bfc4ae1e3436813670e1ce3924cbd950aae3045c965295fb33853d1232']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-9300-4067-a8d4-4b59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b16a89db2c9a766ac32fdd3898e5ca24b1bb755ace6c7438585ce72f5239f48a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-d76c-4232-806e-4138950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6f381faf83806ecf983e0325b130994760f6e058d55bb367237e46d5be70d1cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-33ac-496c-8d46-4b92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd347250ecf7a9209a2f3af83ad1be9ce2f48ac5f2af622a7385c3e6e0044b29b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-2a04-4ab0-b6d7-458a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '778f10e44ad76087857af1f4168a4f6fb3a5f03b160d19ae02c467e98597fbac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-102c-4b37-9ec0-41d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '46ed1b8f223e4eebcda42b873dced8e19e25c769214494c785a762bb218ffa5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-4ef4-44f1-8824-4c6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8ad4e1140aa7ad266673028013858417d24c302e8103fc8eac538d14e06418e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-4ae8-4b30-90c6-4065950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '237ef9a6a2b26b732e37978d07b9e4866eabc0f18a2eeebb7290db2ab348482a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-8320-45b8-942d-4abf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cb61c4f9d662a99ad9a28e9e269d86eaacb35359fc8aabb870690c4551900782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-caa4-430b-b290-45a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1460eb328b914d30935452587a558641526c89282b63290a231712d6c1a3c1bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-11c4-4b72-9623-453d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '528c6ce5c450d901c81dc9bf8eb5b7023cd153303f3c3cb4d43396280d932b9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-7ba0-4ec4-8cc0-4f55950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b6fddc15d6a0857ad34f4bcbaee7daa007aa2a0f042eaad8be7c5bc422daa8d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-7950-4be0-9c09-4c5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '71d10f273af4861dd0a8844f92370c2982470a0e5f8c16ea85a901e0d0cf0a65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-25c0-4af0-ad1e-4b82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b99ae37e732f458040573ceef72314171ee8e84ea1072719deb79a0d957d748b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-7c80-46d5-95be-45ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a841bdaf836ef681193d2affef3c586ed5f98589e470da5f3b4ffb2e98a292b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-a654-4a16-9408-4191950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4d05c434412dc66eac7a44c20421ac7ab4567aa378330b9fbdb4196a5d0b1198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-35e8-4036-849e-4bdc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b2aaeee604cc6cd5084d2f953fd191c4184198adb5d65800e25a5a288dfd07fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-f3ac-4ce5-99b7-4116950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f09818b84326d48a0b7984283679e999111b47aa06e5ae5647e8b28c06256ce1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-f310-4673-8b92-4177950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '328152999c4b148033dc91e85e068419cff0d51614a0ffb81a851b9b61032940']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-078c-47ab-96fe-401d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e9b23b87a3d7cf6c408c0eeb588ff11f73c6e3ac8a2496550a3c0481758178c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-851c-485f-a81e-4888950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd2ae0171b71d401548bd41dd28a7aa9a4fe5f32a92fbce9cd860bfad79d3eb21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-152c-4429-9c0d-4d5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f0c4aaffdfaed2db209a76aa99bc98518f489f1c62bec0be7584cd210bc0b31f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-78f4-4186-83ad-47a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e0be60f48d6e3e9517be583678b1b4760e021bf77a6502782c66b2581c044b1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-d634-43be-8598-48e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ce1f1342c2da8446fdf6b79267cd4ce15d00fbd890c6e59abf5d7a90f988cc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-0c48-439d-abb1-42bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ac35b8b97c10bf93965ceaeea0f6ec47342a74427f97836a3805973be69e24b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-6300-4524-b7a0-4a29950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fb951bef895718adf17a3be416c9d56d6685e9faff8399dd80c36d98a98a9db5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-0160-4cd9-8092-43cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '84efdb78987a8fdbe3df5b927fccd2ab184ea905e29e3ac98176dfc0584570a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-1af0-4d50-8260-43b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e9f6f49c3ca9a3eb7a4007b42b14c0621e5a01af78c9cdf2994cdc4c3333c4ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-acd0-4ce8-9330-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '49c92940302ac4222b5d21359b50e30517b3b9cb05b2143d7f4384864652bdd9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-60ac-4360-9d35-41ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd4adcac6c4bfe7c26bd8c17ada5cebd9fafdbc970a75ac5f5854b9e4204325c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-29e0-4626-bdc1-48ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1b1f610739b3bf0f89349bf5ef1c7ce25331817e59a88912f3a8b2c465f71a6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-a300-4d21-be73-44c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '503fbb210c018225ffd88965de25b23c3a9e9daa3ec78a41171a32ac9cc19e05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-55f0-4efa-8048-4e28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd7a483de1fb445fbdf5408875f2bd1694e8a746a3b0e9dbb3b01a63714ce5729']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b088-badc-49d8-b964-4a0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:00.000Z", "modified": "2019-12-11T09:02:00.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e50a761781915101a0fec4e4b7c2c6d8c8baf89fb70060580f09a07a8e1eb846']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-b590-4c4e-9d52-4bc9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '135e78b23deb6a4d01e151ad0106036a8db5df2b92e4b44ae096a5f1150a79ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-12f4-4611-823d-4d1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd39c4d688026e814136165c76b8f4406c620353b9ff9c048a083b40293067e2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-adc8-498f-99b4-4e24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a3ab8979ce82e86793b9be5501419fb31a8ca98eb05f9a22b06ec8a0bfb692f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-13ac-446f-bf3f-411e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '887176ece756575c44404450f80ede32fe518222cc0a45935b788128f23619e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-22e8-4265-a283-4f96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '98a7b6c06daf06711cca53955d7b4f74d18197442c426d745421bdbd802d8ee4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-f4f4-4351-90c8-4b9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ab7ed7cb1a0f80f7d9cb639a9c18273f7ba349512a5f759b72c892593cb65ef1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-ed18-4943-af3a-4b9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '795b69184e3d8ec1d998340d21299168172002966bfd74a7960e8d084d95c119']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-eb18-412a-91e7-4fff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'df8a6067c650113f0a29bd137711f49edef29df0d8f1ed83c9489b4c0abdc17b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-c71c-43fa-bee1-4255950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f5597cc223eede583bf1456658c951873a6bb69c38940c0f21d607eb7ac8cbb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-840c-4a13-8f31-4bde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1918956aafe716e3d2ef05932b268bd1a876e96eb79dbf9a0f03cbdda00ce6e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-c610-4a8a-a441-45f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e359a5f605e68745f421fd4cbe5c8c00c7ee33b3f0a99772a89ed0057503a134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-55f4-491a-8747-48bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8ad3156593ffbf173177d099cfcbf40b356d4bef42ac6a5a70e6481785fdabce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-1b20-4f58-b9c5-407f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd7687e1d98484b093e8da7fb666b2d644197fc3ea22b3931a6150c259479b0c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-1410-429f-a340-43bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd9a3b5323039595bca3956fafdb14c8bcf0e5c1d141ab17e92cae7cb9b1dfc2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-825c-4423-9dd5-4812950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6a91f4c4488e921e7bd8a23b41581724bafb311148ced9f756e89c5a2efa3839']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-bf14-4f7d-970a-4267950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '479829dd230f643fa72f422b8a213e09cac7b4eed7fa74fa661a429d4140b996']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-d070-4bb7-a56f-4059950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5d16bc98c17eb578f31fae02b4e615aff6e92d02f376ad1f4e6cff4c9a2e24dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-26cc-4b80-96a4-4905950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '84bf972975d42aef02354cb837e8d9f9773d9d44fd74cb97766b11bcda77c0e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-3ac0-4ace-9ba9-4d2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a356e9801614f1ca6b131a4b71e170450591987cf45697f065a4c9ebb3541234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-8c74-464c-ab2a-42b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3d3cabf08d58a73648062ef0c821cec69ef3e3678a05694ae89dc1da3e12f493']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-7e2c-435a-bf14-44ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '04fc7a5e9d0f158883589a5fae04898457e45b1954c0ad1a258a23e2868b3b56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-7640-430b-9553-4080950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b3660101d3c25aded77d1a9694b16e311d8e708e1d586e9baf0bc988552a378f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-f6e8-4991-be76-4ee7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2b8cafac06fc630b469df01db694a4616ca31fdb32b4ffea56ff514618fb6103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-c44c-48f8-88ca-4787950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '94f064392a539b996c0b823d2c25ba7e0e852907c3925864e82eed9522939269']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-2f38-4e9d-ad65-4f21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '588ec943d755cc0fd2c699c069e5328d49a6fc87dca234134a1a8b51aa18c93a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-af60-48f7-86bd-4a05950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a4713a5f1a12aa6d564656c9c155cc1a6b0cb5e91771840d8f4acca519e0ba1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-09e0-40fa-be5c-4882950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ffa4c0875faf1a430e725da129b5abaf874fe769dcfa88764554f53f866b9529']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-1c20-4771-bff0-446b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4e3ce5e255d3f1134feacc559bac6e4f8f838af09432943cb8acb2b112258811']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-240c-4b6b-ba05-4016950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b2df333204745a0780d5253a4e0a25f3f6fda445ac38f916b42e8b8498302058']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-2398-4cdb-b184-4c52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '051e3737e6b617a96ae1c2f74881c1a32296073a6a351230942f1d07c1f8ba4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-2a2c-473b-ba2a-4208950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e849704aeebdba473d11c4f0dc330b369b0b2183034387d550ebca1d8225c901']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-b4c8-4e6f-90db-4b38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6647c194037558aaf53a09179f1bb428f27ab19136120a2e6758271e474df252']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-8fd8-4e3d-8e90-4fb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'efcd94f8097416dfb0ea84d289f1500ab75ebfd13e31203ea5e72a48a5ae9f8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-7dbc-46d9-8998-4540950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9f0ab599f89caa081c5f65e1666092da42759d27a6e272508ee2d3b416659e7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-d070-483a-b689-4930950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f968ec20bedcf27c4e559af7e2118adb30673355e2fe459d6a2b1fba8d747956']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-c540-47a5-9ec1-4d7b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6ac70aab719e8da3d49dab3c45609235f2090f24a40d05717e6e2afa5b95fca2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-2b20-4679-963c-47ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '281841ed84abc658c8b77a2a284d4a95f5e82cd3990135f463cd2a45c719bfeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-f944-4d5b-ad5a-4890950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '680b265bd7d06936857966f5dd5f01c3100eb74d858f1d9916c9ee4a34974633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-d96c-46a3-aa59-43f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1b0181a41f948f21dcaf76fbdc79f1493e355ea2dd99d6c586de600ac45f2fe2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-81d0-4073-90e3-4f2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2582b2898823e26096b851f130d38745d1680253f4cbc162044220b803c39a0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-cdf4-4c78-8708-434f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3889af36e1225cfe1771ce732032bc02885ecc5cc25808693ddd8b9bbad585d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-c258-4808-9d78-48af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8f51e9c67c3eb7abb83b6bcfd35da0d71b256f3f00aaaf2cce8dc06a346158de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-7b00-4985-a13d-48aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f653d73237175f1ac319de0af0395bf4ffa82c2eeaed813f978cc68ee6e9ac2b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-c1a0-485c-8959-49dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd1e0902fd1e8b3951e2aec057a938db9eebe4a0efa573343d89703482cafb2d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-4ec0-4527-9f0f-4317950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '78caf93f28ed33a68d9c877e65d3329438f222c4069277fbaae540fc7912f6f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-efd4-4776-bf0a-433f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '07c10a199a1c93afcebef1eea12333b4fb7e1847b707ee55b5c7b7dbe4db8f57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-82a0-4584-bb49-446e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '4d97d7a9db51f6ccbf1f21d1282bea23291e8842f1d3425968d1c2b3bf0a548c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-b6c8-4031-a282-4db8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '566882637c84946f59d0126951dc19bed5d6c6c0ac8bb5ad157c398bc0b4d4b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-3ea4-48e1-85e2-4938950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2610797b258f6fbc974c389f2c76ae291197753f8f67ad74eccbfcc064760279']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-1208-4179-b2b2-4fda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '39f51f64194d852bfbe3d2f56d44943d98b94b7b9b6ae8072d96bf43c5f2ed3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-b9ac-486c-9b63-4a4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cd6247e8d69ce5e882e8efc8a4201ac3e3a61bd358a4501ed7ea23b5f95a7f39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-6dd0-4e7b-91e4-4767950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '14baf0bc72990bb2cc414f2384825a5985be5cce2bdec55e1f3fc1c3c404490a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-cab4-4409-ae4a-402f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e8e600692047c465576edff769cf9e5f82fa277de9ebc0f962a64317984573af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-8770-44bb-9216-426d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eae7fa17ec085510884e359794e7bd645ea09a541f8056c364622fb972b83e7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-7f8c-4fd3-ad63-4464950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2437a58d064633e57b32149b711ff16b3b55902915b7711d6cf9e855ac08ec41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-e9dc-4a76-861a-493b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'efda6986f9c71d4bb89efe56c1a5c0b12c88e2f88e42e941668df5f8f95a56ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-4748-44cb-8956-4f82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3b164c0b2ac9e86fb24e32cb0ac1a1d6087372c644107e4de4aac9dede085ef4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-7de4-4940-9431-4390950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f19871a464a805925b8df6749bacf04657f788bfe3fd9f09a9b0f26082b216f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b089-a224-474d-baa6-4311950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:01.000Z", "modified": "2019-12-11T09:02:01.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c839355e4a53b4ec4a7cc4267efc78a9d7ddc429cb76b3aaa38a70857810d846']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-1788-4f8a-8018-407d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5171299ff98c0d226b12a2a25bebd1c00099ce90ec8545cfe461f250c9876b93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-69e8-4085-97b3-401e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'b2a3431fc7c46594be458f821eb4ecfcdb3417a0dc30d20c933c0c753adeb44e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-97b0-4904-b78e-47a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f888524b88358c2f1bd11a7a98dfcffab0997d13e214116d73d23d7d905c8df4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-6a04-428d-a46b-45d5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9ec4804cc76160ed4915684a2d4328fc3e87e01f84d0be78cb4c6179cea97c0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-1a94-45f9-b5fc-4c12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3bc7c49d2b4bc9caa3d54c884679ff2b278df3a3821c80186fe258bd1cbd4eaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-4798-4594-bfb8-4812950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9756df0c33af1509974388fc6f1c01ba737ff750a010fe33f6b310c29232bd99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-dff0-4772-a23e-45cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c04d8b1efe722ffcc7d6e5e8e0757be9fa8f529bbd74c2dc25790e1c9e078b2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-7e48-41ed-ae75-4956950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '71c60050983f8b37c3be0b0da31521992ed69d60a89e6fe97de67c437fd22302']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-b4e4-4964-a9d0-4523950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a8b4a2bd90274affb16e5c551ea2d4c8da0356b83d20595078ffe619eaf4bbdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-aeec-40a2-b69c-4eb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '69093a5cea07689d44aac2648c80a2e934f870615bd1d85d8aad480d7e559452']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-62a4-48c0-a05f-4439950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f75316d27f864577b461e88b4797e3d00c87dfd6f729fd519353ea7cb2d06858']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-d4e4-4192-a23c-4071950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ef2a74ce32cdf501f3b83be8f3de48c80535f160ec0830effddfb4f3d3d61ee8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-cf74-49d2-8539-4c1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '20394dc816db696f7a9fe41ed1d6b581f91616e8de94b9810b580738fcc0baa7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-ac9c-4f58-b9b4-4194950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e5b4d4e579b38b110e44004c3b35eb8392b71224755b6a2fc45cc56359bda2b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-41b8-41aa-8d26-4603950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '83206a7a5354107957375b1d37c0f87c5013a06a7e7b6bbf4d9a02cec2f2c199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-b800-4357-b724-4091950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3665c04c797a7effbc3edd7e4465e2728e81b0d7f0fbc9fe478f03063bb1bcfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-c278-4271-9385-4001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1658cf5e21efd05d7111da50b954a0bfa0818e983e12935eb78d0b1df251edb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-b134-447e-a310-4c71950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2f283ad12fbd85f295a46dd108d2b9f7c59bf49c617e26c4f996931c93ecca8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-2970-4243-be2c-4f39950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6ef46a0abeae802a3517a22ba0d5e2cfee6edfce2c1ee135747d8d4f2983d100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-9050-4575-9d43-4712950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8a9229d7fc1e81bcd9d53c944d7793fa69a17e3d83349619023e0c125c04d741']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-457c-43ee-90d4-46a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '066ddec8d79ef08b41456395cd8dbb8a1da013ca6d9f027eee434e9d78135fbd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-7994-4fd9-abf5-4f74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c8c4724ed20a2372df3243eddbb613af1b0044a60493697c3ae4283c59710f30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-5adc-4387-a2e1-4d2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '85cf5eb76db2ab29e5b4e54752af88ef2d3d6e5d6581a7d82212aa4e8f474da2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-37bc-4256-8415-4d12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6ce6f2fa87d52c3249d5ef7bc51a1ae49975d3779f9ce028d5f35cb1990e7778']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-d6c8-4265-971e-49eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6a968202cd64d7a276ea438f50cb2e4d7d72a6f23791a9d22a4c0024c0083fb5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-4cec-414d-933c-4fe6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '63973fd565c7bc589131ae1f97f14b22efecf71978b0c9e2a124f22bfde24d11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-2f84-4835-b5b9-4ef4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '79b831f0284eb1611f2c033f3e442f9ec164b57771b07551ac1bfd7a29014c56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-0478-4b61-baa0-4fc0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '34263bfeb6a3f4e19e1eb0f3ea9ffe8640284171bfecc3b71b7f45a118e2d059']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-c5cc-40d9-8be0-4b2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e94e057de1101fcfbe72a6fe891083ef7a94a06e6159bceb23790495a9343565']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-f4d8-4f33-8801-42e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '624a84231a82d8bffef81bedbd711d6adbc176861874691f13743e90b804698e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-1274-4f9b-80cf-4193950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a572358457bb15ae137df1c26dcd82345cefc50832b63417b9d57f4795534c07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-161c-4c21-b1ec-4b85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f8aaf313cc213258c6976cd55c8c0d048f61b0f3b196d768fbf51779786b6ac6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-9030-4374-bdc4-4c1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9df13782a06a77cffe00501500a6c75edecf37d04bd532eb3a1c7995167e087b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-6e74-41b2-86ba-4ed8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1583e4d2966f0eab80c3defc26dd95d0020759b5c6024840d91a18cf14c999ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-78f0-4aa1-9150-4cf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ed59f8ffd000d1d80e56d402de6fc6d4cd18eb259586172f90a7ba056f5a85dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-5328-466f-982e-4a50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '08f45213adedd2a8d89b2b5ec74288087cef2c7a90b214f00ddfa0d7329f098c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-d1a0-457b-8440-40cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6b98f3a7e0c7ed16b5cedbc2017f43d05da15776e7a51b0fcd8a3f01eb785d80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-c9ec-4746-9449-4438950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ee7aa5f506aea586027a892f3142b0e63a69493356a69f47fdd020ea7e681c65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-32e4-4adb-bff6-4f50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '792afe6ffd358114c28e78aa2a93ef26b1e482cdcc7452cd9dc717282d867a7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-760c-4c20-a55d-45e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a34cf6ad6f2360d699f96d8b825f6d99469f3a922586e7492f2f5fca982cd9f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-ecb8-4b99-a5f3-4877950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd36a49ecd072c2df8db9f25ca792f545227219d2310efcd5cbf9c08c7cb62db7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-feb8-4df9-8a0a-41f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ca543b40cfd9041fc4a3a4774e8b809c1fb0c1d9611e63cb12c375433902903e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-a7d4-4ffc-a6f0-4d93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '32cec4a49f598adebc5858e6b6514968a5b6e367b6b0434361371e65c45bfe21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-b570-49c1-b836-43a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '131cdc02a4abf3ac05609389d1f1391fbe2340831ee105b80ecd88877dc83d1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-374c-44aa-baea-40b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bfafa8be3980f026bc1a0561f7a376f83b2c4dd0594654acf3499df18c84c29a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-1ea8-492e-ad4a-4f4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'afe106ae1b74031acfea1585c78a8db20fe3b99ae1f099e9a1812945f8008498']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-22a0-4b81-8893-4793950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c746410a64aace77d16a6dcd054f9a54b011539764d35286840148eaf8c75869']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-c554-4520-95b8-46cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dc440fdd3bd43d22a0da4928055c62e62d58dd0b13d96fccf125d47a00cd6aac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08a-e9ac-446e-8513-4c6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:02.000Z", "modified": "2019-12-11T09:02:02.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '80048f4537854c73c3a77a4a746e436e60c75956a3823e979658c6dad919e47f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08b-5cdc-4191-a12f-483b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:03.000Z", "modified": "2019-12-11T09:02:03.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c6aae9ff530d3b869029e23338429e3baa8dd477e4733d06c5fffc4775f7f1ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-bd54-4938-8403-49f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f590bb5912105c0a4a8668dd7a88565c7dd7af5a4efeb1592d386337126f0af9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-fd74-466a-a568-4f21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'fab5fa63e2e623ae86d7ba93b938b0ff6f796aa1ce57cea300570c57139db602']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-8cd0-4e66-b94c-4ec9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7d6ff8baebedba414c9f15060f0a8470965369cbc1088e9f21e2b5289b42a747']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-cff4-4486-8d33-476e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e782789646de1f1b58323d2961870f9aa574c59901a560396cb72f7a7ceaf6d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-8a8c-4d47-96c4-4cd3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd49247bd53a156dd0c9f89240ae41dcda9b393ed204f5656735cd2079dd2653f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-660c-4a42-a94f-4853950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '1338c13050d672e0728a0b2db6d947a6c64387832e8ea6b4b575bce0a3833582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-fc58-4a65-a8a0-4ffd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '356805e9fc94bd5ec769e2d5b524e79b1c3fba43a9011fa338da3e10bb67fbda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-ace4-45c8-a481-485d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eaa2f84bc0a4f2e5c7e26c2ad49bd253a71c9bd7d6c445051e2b15f28f87e164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-676c-4147-9352-4ef1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f64551a882617ff5f18e45a8f26b2df9142526bf8dd534a02b1d193ea5f4c33d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-132c-4d52-8044-47e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e0872aaa02e58960f1cf16e0933afe8fa78aab35a60d155e831bea544baddfa8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-a744-4d7b-8d72-4da6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '42a8ffcdc95ad1316e981227c7a7aac64a38bb6ee624ded5d6833f34e5c81bfa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-ac60-458d-885a-4f1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '27439f0ebb4e6d9820e5760a24fb649a05838c37571e6a5d2d8c5ca9d7d5cfae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b08c-9a84-4962-b689-4f7c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:04.000Z", "modified": "2019-12-11T09:02:04.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eadda694198dab4fce48663094b3cb700b1fe8ac4c1f8d41bb100645d1a51cdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-cb14-49c0-8fcc-4734950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'afbf46d05691370ebdeff78aa5eb1aa362b7787fc4c68efa979ae344b9a328f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-a2e4-4765-ba59-4529950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a0ac7a6dbb4f8703f3e02d54413cbb78ee88bb4764eb0d237c3a90fcca688be9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-e4f0-4359-afe8-4d99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cba36d8c367d5b0aa85a0f08cdd899d09f97f22640865258fc73074073f78f61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-d73c-49e2-96d4-4387950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9c5c4c15432a28b801e3089ac6f1e3bb8bb69d7fe701d24c064bac4164d172ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-1ff8-4109-9588-4a30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2807b45cf41bea348f00df06ebb82a983261e3fabe4ee6342246e0203fead610']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-5cbc-41a0-b4cb-4c67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5a029e225cd1e877ac6907bac15b0d9ca8a523d8641c40b56c7e06959f2285bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-5dbc-4369-bc68-4a2b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '05fb0930b553e7c3c5e8e2da59e56191e22b887dcd2d9da5b91b4927aef326dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-26f0-423b-8190-4db6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6b960d2ff0fe601cc1223a275110f3195cc82f789db9c3225a06d27e24bc4349']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-9168-422b-9f5f-4af4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bdf0e2f23087864019f07a05a071efc3d0d5a6d8932adfcd7102ec9646d9f433']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-8f7c-463a-9111-4370950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '95123b3142be5d6c9a3cdbce974d10cddc4b2796e243d2f64ea9f909cb00eb29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-8af8-4916-9075-423f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '98a23704433cf0aea9d340f2e420faa867e9f3961de7639be17b15c1af6a1265']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-35bc-4748-b23d-4bf7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '41cd33e04e6884ec3b47ca09f0621589fd7f2be3b4afbb5b64aa21dc2e9433a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-ce88-4850-8de7-46bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'ffbf659f15435ab3b684d61fb766ff8000819c2d2f48d29bc0b195cbf38db76f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-8c94-430d-b46e-48b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '95dbf1fdbdf2fb01923966504c378d59c4367f5848196ebd50a91e8acc454d4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-c508-4848-ac0f-409c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6bb35ab59734e874c72d8142ff21892ecf003e0341ff689f0bee003ff8bbc324']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-ff70-479e-9617-4e77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c4ddc6723d9bd47512558929a7e39f2fbbc997f0bda8221f2349990efd52cfcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-8d30-485d-a965-4f7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '567ed308ecd24dfd17bf249ded1d13cef9dcc5f28426970615f5dfae4e2faccc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-d4b4-4877-bce1-41cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5868d46bd51c706f79a968ee4020810bffaed8a85a8c67a37d0c656a10a9eeba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b098-6414-44c4-a73b-4484950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '737444d7942052e791619adb10261afa045159ea0873ad75d6389ebe60e1325b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-e654-46c7-86fa-4e46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:16.000Z", "modified": "2019-12-11T09:02:16.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '08089df5cbab72ed79c09600280ffd9b54ec14f14caf87f4d67b21f683d6c2e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-c96c-4a8c-925b-49ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '09701e1be1c1d055eaa2e910e8f0086f911ff2d83f8e52c0c56c801bb65c436e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-cc94-43ae-a490-41d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '392bd63c5da49944fed61c27f75c421e5be112584b3bf3e44dd11e30a1447eab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-06fc-450e-bb94-4188950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7a9f153171d49dcb8e605447c7139f12020a3ed811cdd4c138473fb7eed4d450']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-fd74-4a77-b749-4ff2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a1dce29debeaa91c77b2b14915408550d6ea9f56fb10ca17066d348759f8df20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-a0d8-4ac2-9941-4605950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7da8d79c254cc1b61ac5dc49c74fcd85f6dc505e0c58bf298f757d94b03c0a4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0a08-40b8-bbe8-43c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3281a69666a207a4badc2a0a7344bcc94123df12f04f41191cfd5c8f1872159c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0fdc-4143-8d41-418d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '606941e440a5e3c93654b8e66e697ee644582afe3bd183de8eced61219e31ac7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-4410-43e4-802c-4916950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '3b16a2c27a1869216641d1ae2fa122d1d62b7b2c03ccbb98b92a35c91231b561']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-64a0-456f-b401-48c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7618269db455d174aa8854869da9a02cb85f53aafa61263e8192e0abb66e36c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-f080-4352-aeb5-489f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'd420aa432177c790f7bd9b9b2227df18098654e3e44f6042e826ce6c8ee295e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-b334-4dd6-8fae-4e6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e9fd22631de9c918ac834eb14e01c76aa4d33069c7622daafcd03b4f1574aad0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-2c14-4009-8dff-41f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'e961b4444035266889c97a282c5cd8f36a43bde005abce430362567314dba99b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-82f8-4d5d-b473-4e0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c792044608784e566a7d45a5ec30ea21eba7b2df2215e3f679c7564b983ccf04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-a714-46b9-b85b-49d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '8264b7930cd796ac0665159e87568b3d493449815a3a38fdbbf36ef4a732e046']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-798c-49c2-bfd0-4cac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cdbf681278068a588e3ee47089a271e8166c6c65e8d74d0a69ebf8f7d7101acc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-e24c-452b-b0aa-4d57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'c8f6852d0e353fb1ed5137c0ddcda3c662b0b0d00c749c960bcfb14ea2169a97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-22ec-4756-aebb-4ad9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '117025363854052272e557414b646281517e452b228ed93ad3cabc94736215c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-18d4-49e4-aac2-4958950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0b0f8310ce0800bf70fcb4b4d365066ca4080d2028a16db72b13e0682bf8f754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0834-4bb0-bcc1-481b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'bd1ecfc118a0f0c5855f28ddbda840ec5c10e138d7bd26e98984a0d17bf96fab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-6eb8-48fb-85d4-4c1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '35bb15b3e22620842ea33c5e89614edc5fe641529374c780c06c7f573c508782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-19bc-4d8c-9a5d-4ddd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'cda99d9277b3b982db98b7896280ca67dfb7e7434ef99b1a31f4de8e3faf4d81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-12a0-4df3-a0e5-4d1e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eec5855647c376dd2e363d18cdc499d5cb525ee2ca1f62335336d5c13711443c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-1d7c-4274-a177-4682950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2e780ffa83a09b488f02216b24c69b89b3bf8b7401cbd7551f10e3e082f1711d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-91d0-4623-93c9-4b39950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'f0c31f19ca1159657e2777c50ce5e1c6c4247b50da33300694bf4f2c7287f01b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-d870-4924-91e0-4312950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7e2655a5c74222e7699ad465b71cd960bee5cabb40059000128c9f669be95fd0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-3514-43af-95db-49d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '5c12654e62f6b7038e594dfa85c75e5be6bb55010c29ddf16f37fa6e525a832c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-b948-408c-b7e1-4da3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'afac782d2ac572e3763afcda9f1aa61074b2f74b08a2db0fe6d539462873e81a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-9e80-428e-88e4-4655950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '19c9a16ba965f9ee777c8364b59cdaa21a82d69b742474023954d4bb43f78710']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-5434-4897-bd5f-4d0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '22f85d3891c4d59ed5276852118311c54779f86a4cb0a10fc98eadae96cebe20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-eef4-48c5-9e3b-4aa2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '09e6f6ef125c7ce41a07b72f6bb16ca3036de4c309d864f2fe1d5eebd4a01b4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0dc8-41b6-a2a2-41dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '46f95e54a2156bc1109e824ea098af8a7495d00bb7375fb183d384ce23e12915']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-8154-42c6-99d4-45e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '67d6299bf2670476be5dddff75af12aa5151f94f7544334dba5ce5bbe8598f35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0cd8-4516-9a36-4be3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '0e33e8bc0c064806d70900b210d5590393a3fd3e6450720f137adaa55366ec68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0718-4afb-951b-40f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2dc1d4732a00142eabecb7d91bef13580620210e8376114dbe5d4ae1e67a1052']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-2e38-4c0d-8799-4930950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '75b9d0e27a84949cab71ffe158f026f88afc72abeb7c1fa25d8e78bd7a13c6ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-160c-4f4f-9e5e-4a2a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '6013c5cdd7fe8b15004ba4646b453faa61fd313ad9a00bf7d82ddbda658058d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-0980-45ff-a721-45be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9be8d48ac5d6d49b306802ae9f5fc4a1e2de1feb453f4c1c49f64002548b0c9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-1884-43ae-b171-461e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dafad7a4563e41c8b38e000508a54d7189246bb50a1bd021dffab164bfa79876']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-585c-4ac3-a65e-4a3c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '320e2d51ca5e8c806b798a6024cf56fa07978536ffe90fbe1c24c3e8715bb935']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-20ec-4349-80b0-4ea3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '66b07500943b483ace74a8d7a2da84d8b80ed3bd176af7ade8fde076b3095604']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-adb8-4535-a824-400b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'dc0c06608a9d7c44ed27d16bc64d75ae72c31d14135440208d36fafa5220a76e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-9b38-4e0e-8ab7-4447950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '2533737ccf2178f94a0b69666d5194343b09786e046134d58f047913169c9444']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-5c78-4703-834c-4807950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '24e3fa3fb1df9bd70071e5b957d180cd51bcf10bab690fa7db7425ca6652c47c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-8d54-46a1-b2e6-44d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '611cea5f84c2c74b0e6261ffe4e2fb4bc138ad16a526a618f7b68956aad54dda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b099-8a40-40f1-ae5e-4daa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:17.000Z", "modified": "2019-12-11T09:02:17.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'a9b0c8015f4447c5df40240d10bdbc79ea7380f7d6ebf8020b0ae03e4a0a708f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b09a-7004-4ab6-9515-42e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:18.000Z", "modified": "2019-12-11T09:02:18.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '9abc76cbab014199ecb4282d0a367017779ffdb76ba826d37efd2eec2f037bc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b09a-80d8-432a-8c8a-4766950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:18.000Z", "modified": "2019-12-11T09:02:18.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = 'eec7aed0cb872dbd71dc0f372f1794ae7f43daada3de62e3e6a221919ebaf220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b09a-19c0-4371-b268-4ec9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:18.000Z", "modified": "2019-12-11T09:02:18.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '039440d34b6c33b0bd94807103670232b93b4660d5b0e7a3762bfb6876bb5f6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5df0b09a-7428-4036-ac5d-42aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:02:18.000Z", "modified": "2019-12-11T09:02:18.000Z", "description": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "pattern": "[file:hashes.SHA256 = '7bbd5336a9e203070e55890136006d4c41d4b87fa89986600b11669a15c0dad2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:02:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5df0b4ab-fe28-468e-ac6a-98e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:19:39.000Z", "modified": "2019-12-11T09:19:39.000Z", "first_observed": "2019-12-11T09:19:39Z", "last_observed": "2019-12-11T09:19:39Z", "number_observed": 1, "object_refs": [ "url--5df0b4ab-fe28-468e-ac6a-98e1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5df0b4ab-fe28-468e-ac6a-98e1950d210f", "value": "https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53843aec-5e04-4543-94b0-bb3fa5395712", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:30.000Z", "modified": "2019-12-11T09:08:30.000Z", "pattern": "[file:hashes.MD5 = '831dce08e00a9548811e039bda14599a' AND file:hashes.SHA1 = '00247401fca046862139359be9defe3b6f7c2cb4' AND file:hashes.SHA256 = 'f91303fcbb2e2397529987732c7922911381169d16f113752cb1cd9e1382794a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b406bf9c-4d7b-47b6-a576-ebdbb551bafc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:30.000Z", "modified": "2019-12-11T09:08:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:40:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f2f5ae0e-fce8-452a-8fcb-519341748f5b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f91303fcbb2e2397529987732c7922911381169d16f113752cb1cd9e1382794a/analysis/1573425651/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "674bdd80-bee1-4fae-85fb-7a21e6a213bf" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de6cbab4-30e9-4065-b210-3c20eef779e1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45873b32-efb8-4b5f-8a53-212212b36a39", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:30.000Z", "modified": "2019-12-11T09:08:30.000Z", "pattern": "[file:hashes.MD5 = '54d8c20c40830b3affca7541bf4aa536' AND file:hashes.SHA1 = '8e622d39e79d9316032f03cf571099f101bc4d09' AND file:hashes.SHA256 = '48dfc838c038dff2aef79334e74f1da28d92166ef03f46df2bead9bdd467d307']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c3b3b92e-5eb7-4d9f-8337-11db8eb78ea8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:30.000Z", "modified": "2019-12-11T09:08:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:23:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d12dd26-bd2d-4705-be6b-7c4c1a0ba807" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/48dfc838c038dff2aef79334e74f1da28d92166ef03f46df2bead9bdd467d307/analysis/1574612598/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "456718a5-9704-4aeb-9ce4-26463f4c5008" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d83bb7db-c2ae-42a5-87df-a68f328b2224" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6af81f2d-c191-482e-bdf9-3a203e914d02", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:31.000Z", "modified": "2019-12-11T09:08:31.000Z", "pattern": "[file:hashes.MD5 = '7a791f712de9064777ca375678700eae' AND file:hashes.SHA1 = '5551bddba448769ac841f52a6f748f8ce5eb1b5d' AND file:hashes.SHA256 = '8ad4e1140aa7ad266673028013858417d24c302e8103fc8eac538d14e06418e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e67a5294-4b42-4ae7-9990-7a8a00e63c15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:31.000Z", "modified": "2019-12-11T09:08:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:21:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e6f1bddb-e277-4519-94d9-4cdafe88347a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8ad4e1140aa7ad266673028013858417d24c302e8103fc8eac538d14e06418e1/analysis/1573824087/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb199f1b-f7ec-498d-a350-e6ec46ea7d4a" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93d13cc0-1bfe-4048-9bef-452eb5aa1b92" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3f8e0b1-5829-46ac-9a3b-b18e4bbab0c2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:31.000Z", "modified": "2019-12-11T09:08:31.000Z", "pattern": "[file:hashes.MD5 = '3ab6cf21b0d7273bec5d7f3b2a0c7c53' AND file:hashes.SHA1 = '338a11011b8ad329bb6f4f7ca84705d334fab58d' AND file:hashes.SHA256 = '3c6e8b9cadbf7611aab1fbacfd54053a78bdcf49265eee02394c17bdcaceb5aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--085b8738-a4b2-48d6-932f-9d31960d6f2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:31.000Z", "modified": "2019-12-11T09:08:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T05:21:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48db687f-cf36-421e-a17b-1c6c0899036d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3c6e8b9cadbf7611aab1fbacfd54053a78bdcf49265eee02394c17bdcaceb5aa/analysis/1573968102/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "43a09b07-7f6e-4987-8ec9-4671bb56dc44" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5533fe22-9dbb-4156-8561-2c5c9cbb6fa9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f42c00b-7637-4194-ac20-42251320a11f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:31.000Z", "modified": "2019-12-11T09:08:31.000Z", "pattern": "[file:hashes.MD5 = '142f7785c2e28fd6454b367f918f7ee2' AND file:hashes.SHA1 = '6d0831ef4dda029f3edd3bedaf6c3f7aaaec8752' AND file:hashes.SHA256 = '0e33e8bc0c064806d70900b210d5590393a3fd3e6450720f137adaa55366ec68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--70aee2bb-57f7-4a3a-adfa-e0f9c7161010", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:31.000Z", "modified": "2019-12-11T09:08:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T16:20:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "489cfe00-8c7d-4b71-a80e-d2921facf603" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0e33e8bc0c064806d70900b210d5590393a3fd3e6450720f137adaa55366ec68/analysis/1572970811/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ef955a3-c3cf-4694-98bc-b22ba5fc29f3" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cdd93f13-9d6b-4b7c-b382-1708051c685d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57218619-38a5-49ec-866b-28d99faec70f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:32.000Z", "modified": "2019-12-11T09:08:32.000Z", "pattern": "[file:hashes.MD5 = '8a97f2838cfacac27a436c8e5b972b10' AND file:hashes.SHA1 = '8ef0a73ae5b34c615fbc37983382d883fe2baf80' AND file:hashes.SHA256 = 'c72f5072c7aea97e0bf562953dbd10743bb5a981d6a0baf88ccf28c881ad1435']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--464709b0-9fd5-4f9b-a968-04d1f3e133e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:32.000Z", "modified": "2019-12-11T09:08:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-09T12:54:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a66c75c4-82b8-48d2-9754-8ba6acc89471" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c72f5072c7aea97e0bf562953dbd10743bb5a981d6a0baf88ccf28c881ad1435/analysis/1575896060/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8bc1d41a-f349-461b-a89d-dfe436a711d4" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8b0502a0-b6c2-42fd-825d-2e9afc6394b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50f17323-e87a-471c-8d6e-de6e49ec3832", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:32.000Z", "modified": "2019-12-11T09:08:32.000Z", "pattern": "[file:hashes.MD5 = '81699cab7013b21e81596d8f2b8a1b3d' AND file:hashes.SHA1 = '17d561ce0944e7b96d749b927b3550877fbd24e6' AND file:hashes.SHA256 = '87416ee1c0634db27523e23e9a62a0d934dfdd328b0e0a1131cb44007326859e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0bd39994-6fa8-42ab-8327-3ac615d55235", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:32.000Z", "modified": "2019-12-11T09:08:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T05:27:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "76e7c5f8-9c4e-4a51-893a-86f18d0bbd92" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/87416ee1c0634db27523e23e9a62a0d934dfdd328b0e0a1131cb44007326859e/analysis/1573536462/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f57c487f-80d5-4051-bf5c-f3d8e7150f62" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fcf3ff7f-779e-4dc3-af3c-4fae7bf75792" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad04c4b6-3c89-40e1-8311-010c91a8dafb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:32.000Z", "modified": "2019-12-11T09:08:32.000Z", "pattern": "[file:hashes.MD5 = '0266136b6d57d493aeb25bcf6f977367' AND file:hashes.SHA1 = '2ddac7d27f6d197997df4930b8532f627ae23f08' AND file:hashes.SHA256 = '1490120495ea192eda1987907729197bbcf56f3826e0f0406b545e52a8c69373']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--760bc727-d819-47ad-a487-f06db213eec0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:33.000Z", "modified": "2019-12-11T09:08:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:42:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05501ea3-13da-4941-86ae-6a96102707c3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1490120495ea192eda1987907729197bbcf56f3826e0f0406b545e52a8c69373/analysis/1574332925/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8cadf61b-ed47-4c07-a189-a421ca0b8fb1" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "84be4bcb-1c60-40c7-b8e9-64581031b513" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5286af70-d331-4220-989d-b7ad41f09013", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:33.000Z", "modified": "2019-12-11T09:08:33.000Z", "pattern": "[file:hashes.MD5 = 'fc5684422aa14dde50f4903a5d48e21e' AND file:hashes.SHA1 = '030cc677d648be7f2c9d91099c84570f1461cc50' AND file:hashes.SHA256 = '46ed1b8f223e4eebcda42b873dced8e19e25c769214494c785a762bb218ffa5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--93bac262-1ef6-43de-99a7-a78933bb4cde", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:33.000Z", "modified": "2019-12-11T09:08:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:26:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22838e9b-c327-495b-849d-23bc7c1b177b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/46ed1b8f223e4eebcda42b873dced8e19e25c769214494c785a762bb218ffa5e/analysis/1573824368/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4310c059-a177-4c4b-9ffa-162f863aacd8" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7eb162b4-13df-4cef-b5ce-bdf4a388da51" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--027e0da7-33d3-4dd0-8368-8f321e6b1172", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:33.000Z", "modified": "2019-12-11T09:08:33.000Z", "pattern": "[file:hashes.MD5 = 'f7df083c28f35bbc8e70b7cda97f366a' AND file:hashes.SHA1 = '32c64363bc9d0a39b41cbc132e1089f517112be6' AND file:hashes.SHA256 = 'f506deabc2b7589292aa8af68f7dd8de7326cbfa529d4a8f260dbdc0dd7126a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--067e4870-d444-4651-b5df-a2b914aa08d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:33.000Z", "modified": "2019-12-11T09:08:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T09:22:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8463d595-0fe4-469c-b7ce-d64b0b62d994" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f506deabc2b7589292aa8af68f7dd8de7326cbfa529d4a8f260dbdc0dd7126a0/analysis/1575019320/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ff0108b9-6744-47c5-b9bb-ff7134e571a9" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e9133af-4deb-4687-ba6f-2c8886da32f5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--155337eb-25c5-4eac-b29f-97bac3db5c2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:34.000Z", "modified": "2019-12-11T09:08:34.000Z", "pattern": "[file:hashes.MD5 = '362272c10984c2e7eed26b2a964b9d92' AND file:hashes.SHA1 = 'f5425e9f92e8a098c1765022e7f2a9f936fa6f08' AND file:hashes.SHA256 = 'f590bb5912105c0a4a8668dd7a88565c7dd7af5a4efeb1592d386337126f0af9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cc9f22a2-f853-4d5f-947c-d4942c4eff15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:34.000Z", "modified": "2019-12-11T09:08:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:02:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2034327d-10b5-4a45-92fb-1db612dae527" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f590bb5912105c0a4a8668dd7a88565c7dd7af5a4efeb1592d386337126f0af9/analysis/1575176562/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "95eb90ce-c49e-4507-8dc9-eea56d81af77" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "52377067-50b2-432d-85a0-f33789a07273" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c874f5bb-748d-4b33-961f-21eb9c2d12fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:34.000Z", "modified": "2019-12-11T09:08:34.000Z", "pattern": "[file:hashes.MD5 = '6187a7a3b40287a78b46c079cb019f95' AND file:hashes.SHA1 = 'fa7db7e8128b6dbe4ce4dc863ad066df16e5c020' AND file:hashes.SHA256 = 'b91401f6ce92f63e1994669b0446261f10cec30633a57e6a14c583c52f16507b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--315bbda1-95cb-4da9-9452-f9cc93338e8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:34.000Z", "modified": "2019-12-11T09:08:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:40:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9007bb42-e839-4a9c-baa7-e34739f105c2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b91401f6ce92f63e1994669b0446261f10cec30633a57e6a14c583c52f16507b/analysis/1573893613/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ea872ee-a6fd-425f-a5ed-dbd2b6e0c72c" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dfb1674d-ba92-441b-a96c-fa0ac0fd0f46" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01a37991-491c-4dac-ac7f-f843b2467e3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:34.000Z", "modified": "2019-12-11T09:08:34.000Z", "pattern": "[file:hashes.MD5 = '966133c5121cb6d568da42adc9f1df3a' AND file:hashes.SHA1 = 'c8f563c44c580dec4e4c47a9c363167ea48eaa02' AND file:hashes.SHA256 = '20f68227ad461fcff097a135fe39b6c1a9fcb5711d7b9e94830a3233e1ea3fdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--163a4d7b-ba77-4981-980e-8223237f08b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:35.000Z", "modified": "2019-12-11T09:08:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:25:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c74460e-ee19-45dd-87f0-d4938fee9525" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/20f68227ad461fcff097a135fe39b6c1a9fcb5711d7b9e94830a3233e1ea3fdb/analysis/1574331918/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a73f5039-796c-4784-bc6e-cc45891f5d6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d4b95a1f-41f8-4206-aab1-707b707ff763" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70891908-cfa1-41b1-b79e-44d3aa835e33", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:35.000Z", "modified": "2019-12-11T09:08:35.000Z", "pattern": "[file:hashes.MD5 = '5798fe99feb2dee41138a4fa75bfb34b' AND file:hashes.SHA1 = '2a6c0d4238f28321f08e914fe299cd582eb19a74' AND file:hashes.SHA256 = '19ef2012b0ef2026959bb8eb5f921238d42b7e82dd298443ae21debf1e3e85d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--49c2af30-879b-40e0-bb29-8c7c4f36a98a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:35.000Z", "modified": "2019-12-11T09:08:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:42:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "64dbcb4d-7dec-4c01-a5cd-204b5375dfae" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/19ef2012b0ef2026959bb8eb5f921238d42b7e82dd298443ae21debf1e3e85d6/analysis/1573425738/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2cc838ae-8590-40eb-b701-538416e9c5f0" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dc3ddc2a-6de4-47fa-84a1-2152c3117b0b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1ff7bd52-ba3a-4e0d-98d8-1d1fad5c169c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:35.000Z", "modified": "2019-12-11T09:08:35.000Z", "pattern": "[file:hashes.MD5 = 'ef32bf654c7fb763b9c34b8d6f86f24c' AND file:hashes.SHA1 = '72a1346d6df379270390bcc968c5b5ab939d2f45' AND file:hashes.SHA256 = '257c041313c04b2dcf175ebe5cc874d0ce9aa4bad93e817279f4dc332aa09420']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8e6ae9bb-6a42-45ac-8a6c-463adb7b41ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:35.000Z", "modified": "2019-12-11T09:08:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:29:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "763b1c1d-babf-4a5d-bf69-a43d621dc54a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/257c041313c04b2dcf175ebe5cc874d0ce9aa4bad93e817279f4dc332aa09420/analysis/1574332193/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "13e0190c-2ec1-41b4-b4e4-358c583acc32" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "25b98736-62ef-4b5f-b811-8028cda6f6fd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02ca4e6e-8ca4-4d3e-a582-9f0c30fcacba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:35.000Z", "modified": "2019-12-11T09:08:35.000Z", "pattern": "[file:hashes.MD5 = '14ef7bbe014798d557fcbc5dcde68543' AND file:hashes.SHA1 = '5351b12f784e26e62062968a057cf8ce324afaa4' AND file:hashes.SHA256 = '6c083b167fbd3ed5290c6dc8e31c11e9b44bb8fd0e8386bde654cce5151ffd8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8e2cbb96-0ef2-4953-a62e-2b6348c450f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:15:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c5b385b7-feda-45e3-97fe-81a680e9d412" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6c083b167fbd3ed5290c6dc8e31c11e9b44bb8fd0e8386bde654cce5151ffd8a/analysis/1573985719/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "af430373-49ab-4204-a390-699fb4e8d6f8" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "243629c1-5c51-4d3f-874a-21f1fb75728a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6492648f-3b49-431a-b533-f9672d741ebf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "pattern": "[file:hashes.MD5 = '9ab7540ba4e82c25b2732c062f0aaba5' AND file:hashes.SHA1 = '21e3f3ce763e96081e9c3233d1fe9a6cabfcf1e8' AND file:hashes.SHA256 = '65eeca9512dd349debcb48151fa859e1b3c02d1e533d07fe6d4b6cdc465aa43e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ea818a51-b19b-48eb-b3ef-3e7471105ffe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T00:58:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c834309a-cf86-4e23-be9a-0818eaa7efc8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/65eeca9512dd349debcb48151fa859e1b3c02d1e533d07fe6d4b6cdc465aa43e/analysis/1574384316/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06968159-f42b-4e15-9ac7-b6dcec85f96c" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "af7820fa-3157-4ace-9c00-0f2a4a65452e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c656aef6-991d-45da-821d-0e7a06b83a6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "pattern": "[file:hashes.MD5 = 'd28230a17424ece4a447fa58a87dd2c0' AND file:hashes.SHA1 = 'f05f0257b7aaa62d0a4f469e632ed5b7b2d66236' AND file:hashes.SHA256 = 'f41ed53c0c864b4d60da5f6a8e31a1bad43d48fad76f39f36c7d351c401eed5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--061414cf-10d9-4cc7-a728-49ae97e09078", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T06:40:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6100c0a6-d720-4e98-b26b-466d1864043e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f41ed53c0c864b4d60da5f6a8e31a1bad43d48fad76f39f36c7d351c401eed5e/analysis/1575009633/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2c87f06d-1697-4019-bbd2-1169952bc28f" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7efba4e8-0be7-46a1-8f7e-ee942f4ea47a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8200800-2b59-457b-9fcc-51aa49b1140f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "pattern": "[file:hashes.MD5 = '6237f17efaeba1906f5a8c795fb72103' AND file:hashes.SHA1 = 'cafe1943851a7d3b55cc81983997b9e672f51a91' AND file:hashes.SHA256 = 'efd75086b9da41dc65da3f002610280f83a7a9a188dfc2cd3b43228b3107cd46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8f90af4f-a996-4a90-b933-4f22270b2ee9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:36.000Z", "modified": "2019-12-11T09:08:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T19:48:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48b01ed9-2b9d-400a-8bf0-e7345d557c32" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/efd75086b9da41dc65da3f002610280f83a7a9a188dfc2cd3b43228b3107cd46/analysis/1573588128/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e2e8c235-f436-4af7-810d-096713ce878a" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8b2db87e-3d4e-4aa2-bba5-1b2843256b6a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d48c1dad-ab04-4faa-8840-925beae7eabd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:37.000Z", "modified": "2019-12-11T09:08:37.000Z", "pattern": "[file:hashes.MD5 = '9cd5457b99dc1d8f584725a611d34a05' AND file:hashes.SHA1 = 'b8f7e3b8e5777bcef1b96cc274d241b296f307e6' AND file:hashes.SHA256 = '8d32f91d955cd2b85d657cab932431097edc4b52aadf51e5e25d5eccc761132c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--242c1ceb-f1ec-419a-8003-5c4d20c7a000", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:37.000Z", "modified": "2019-12-11T09:08:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:20:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "628f0bfb-3984-45ff-87df-8cc7bea744cb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8d32f91d955cd2b85d657cab932431097edc4b52aadf51e5e25d5eccc761132c/analysis/1574612423/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d321ce00-264e-4194-a10f-5c3da77ed21a" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f52f2c9c-2f32-419f-bf93-c5235d24b455" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89372313-0fe3-43a5-8330-72763405d433", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:37.000Z", "modified": "2019-12-11T09:08:37.000Z", "pattern": "[file:hashes.MD5 = '85bc7b1a2a3a7608c6a0906c06592a34' AND file:hashes.SHA1 = '82900010aa9585ff008b2f1bb038b81dcb8b1914' AND file:hashes.SHA256 = 'aa4e6432312438a82dd9e4bfe897f915a2766ceb9dceee6c24ceed5bde6b4416']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--56af0e8a-886b-4f36-9fad-f8ea6169b387", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:37.000Z", "modified": "2019-12-11T09:08:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T02:04:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6caa3306-9696-44e1-beef-ddae9bfcb846" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aa4e6432312438a82dd9e4bfe897f915a2766ceb9dceee6c24ceed5bde6b4416/analysis/1573956285/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d90cc7e5-e8ab-482e-83dc-5d3d3f7d9a5a" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f7590821-9c36-408d-88bf-dffe00e5c38a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d361394-c14b-40be-b1a4-1dce3e6fc98a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:37.000Z", "modified": "2019-12-11T09:08:37.000Z", "pattern": "[file:hashes.MD5 = '80926b5e1a00d0121f2fd4e4a09b4a06' AND file:hashes.SHA1 = '180cdbcac354e49137e522fff02af63e913f0860' AND file:hashes.SHA256 = '71c60050983f8b37c3be0b0da31521992ed69d60a89e6fe97de67c437fd22302']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ceeffab8-c4fd-4b76-a34a-6c1cb8f713dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:38.000Z", "modified": "2019-12-11T09:08:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:35:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6e8b6db-ff5e-44d5-9bf1-8d6a24c43850" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/71c60050983f8b37c3be0b0da31521992ed69d60a89e6fe97de67c437fd22302/analysis/1572888953/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2346b48b-88b0-4e20-903f-44fd23885066" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "87b45a40-1b7b-47f7-8051-c4e3b994f33f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d462d433-a3a5-4699-bb8d-843a484d999a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:38.000Z", "modified": "2019-12-11T09:08:38.000Z", "pattern": "[file:hashes.MD5 = 'ee060fb16502ac82e82e3c7f77c514cd' AND file:hashes.SHA1 = '65ed88ec7879d9ed11cd1a580a3c78178357be11' AND file:hashes.SHA256 = '0ae75dac0dababdb13ebf9efadedf18c5bae3c09d919ea956e578b60e25725a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--38ac9306-a074-4133-bb49-8d893dec7e1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:38.000Z", "modified": "2019-12-11T09:08:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:00:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "08b8e379-7bbc-4084-855f-f64a3757cef0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0ae75dac0dababdb13ebf9efadedf18c5bae3c09d919ea956e578b60e25725a5/analysis/1574780446/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "362f9535-f31e-4515-bcbe-9beb825eb200" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6a1b48a8-c4f4-4bb9-ad18-e2f26274041f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f3fb18a-fb74-4e6b-ad53-544f17fd557c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:38.000Z", "modified": "2019-12-11T09:08:38.000Z", "pattern": "[file:hashes.MD5 = '8996b98d4a0217d2f2a39d7e1396d52f' AND file:hashes.SHA1 = '5caac908eb60db938dca24f988a17be9c2ac5964' AND file:hashes.SHA256 = 'e258a486f192d62e58b5cb4dc903579ca62f5eea504962892869b479de7ba71a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9e2f72ad-7487-4fb2-86fa-3e9e22d31800", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:38.000Z", "modified": "2019-12-11T09:08:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:32:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53d7b6fb-0643-4d3c-bae5-0f013ff013fa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e258a486f192d62e58b5cb4dc903579ca62f5eea504962892869b479de7ba71a/analysis/1574332377/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a921579e-1892-4c0e-9ba0-00303a457fa8" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5b61dcae-6947-4215-8388-718580dd34a5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8262582-33c8-4944-93fa-479041980c74", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:39.000Z", "modified": "2019-12-11T09:08:39.000Z", "pattern": "[file:hashes.MD5 = 'c9833227d4938f31907ec02af5cdfc84' AND file:hashes.SHA1 = 'c1998d45f11e717667311e972d15d2cf3acb9ca1' AND file:hashes.SHA256 = '79efc9b5853a3beacbcc3e183e810d34b2745e3cbd74dc6533cb595a09d1ebc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ce967ff0-32cf-48aa-9880-d6e42b44c466", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:39.000Z", "modified": "2019-12-11T09:08:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:40:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5036613-aad1-48cf-a658-6cb48d60251e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/79efc9b5853a3beacbcc3e183e810d34b2745e3cbd74dc6533cb595a09d1ebc9/analysis/1574332850/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "87f6520c-362b-41cf-b8ff-6448b591103f" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "04996484-1d0d-4b49-b547-aa460b18b270" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28d13118-1a57-4449-be04-397881739a86", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:41.000Z", "modified": "2019-12-11T09:08:41.000Z", "pattern": "[file:hashes.MD5 = '87fcf1fd834a3476de7b191e0df9de22' AND file:hashes.SHA1 = 'f83e29de6ce2017ff19817a969aa180c2ee678ef' AND file:hashes.SHA256 = '46f95e54a2156bc1109e824ea098af8a7495d00bb7375fb183d384ce23e12915']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c037b8c4-36c0-468d-8a99-21a5b6619a15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:42.000Z", "modified": "2019-12-11T09:08:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T20:47:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a5defd29-7dcd-427d-8a4f-28a9ec747581" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/46f95e54a2156bc1109e824ea098af8a7495d00bb7375fb183d384ce23e12915/analysis/1572900476/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "896be694-0cc1-4d9c-897f-59927c84e87f" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0d29426b-1f77-4d84-b972-149efb858cde" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8f76e09-c13b-4ea3-86f0-2335a83af33e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:42.000Z", "modified": "2019-12-11T09:08:42.000Z", "pattern": "[file:hashes.MD5 = '744d05f56df84c987dba70cbbb52e80c' AND file:hashes.SHA1 = 'ce98cf7ae112d31036d19cc1c02f22f1d8ecabf2' AND file:hashes.SHA256 = '3b164c0b2ac9e86fb24e32cb0ac1a1d6087372c644107e4de4aac9dede085ef4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ced1cdcc-ab25-4e5a-bfc3-18e04ed4e89a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:43.000Z", "modified": "2019-12-11T09:08:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T14:30:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3d5d5448-dac5-4ace-91f3-4d5a22c07fd4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3b164c0b2ac9e86fb24e32cb0ac1a1d6087372c644107e4de4aac9dede085ef4/analysis/1573569045/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f25fddff-66e7-42c3-a5f9-0d0c3fc557c7" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8ef8f229-f54a-4bae-9c98-da9e328ee7e7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc2a2628-8010-4d98-bad0-f6925aca44c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:43.000Z", "modified": "2019-12-11T09:08:43.000Z", "pattern": "[file:hashes.MD5 = 'acf3b6d4ab647ca7358bc06654a3eb30' AND file:hashes.SHA1 = 'd55d72b31631708bc5748105f157b89609b454d6' AND file:hashes.SHA256 = 'f4802ff60ac9e87c230e21ea0909bbb0930390ac51cf97dacea41fd24211d5c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d719e1e7-4515-470d-a2ce-ab8acad3e7c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:43.000Z", "modified": "2019-12-11T09:08:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T23:37:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f5c5f97b-5f69-444f-81db-a4021989639e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f4802ff60ac9e87c230e21ea0909bbb0930390ac51cf97dacea41fd24211d5c7/analysis/1574897864/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9f042b61-c82d-4b59-8478-4b355b7bcc14" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88c64bf2-7d6b-494f-b032-286a2056a59e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1dbb3a84-2b1a-4a57-9b17-8f0b7ca1c525", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:43.000Z", "modified": "2019-12-11T09:08:43.000Z", "pattern": "[file:hashes.MD5 = 'c1158e9ac01987dfc9ab6f49adcebf0d' AND file:hashes.SHA1 = 'ec27aace27722653f24c7eb3a1d470926df7d676' AND file:hashes.SHA256 = 'dafad7a4563e41c8b38e000508a54d7189246bb50a1bd021dffab164bfa79876']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--341993c1-a49f-475a-ab50-aa56dc25d7df", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:43.000Z", "modified": "2019-12-11T09:08:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T09:44:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3f1b638-be55-4763-b4a7-c0a537b73e3f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dafad7a4563e41c8b38e000508a54d7189246bb50a1bd021dffab164bfa79876/analysis/1573292650/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22f3cf80-1f4f-47b6-98f7-95fdbf61bf17" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/61", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "874658a7-8751-4b71-9439-caa8d094dcee" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef192623-cc91-4453-885c-8ed4cfc7baa7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:43.000Z", "modified": "2019-12-11T09:08:43.000Z", "pattern": "[file:hashes.MD5 = 'd854cd4d47104e469350cf137ba2c3e7' AND file:hashes.SHA1 = '2c28542118e3d68a64fbd1769c9afedc3e9ae520' AND file:hashes.SHA256 = '6f06ed65b8e0314d12bd54d861c9a7fdaa2c1409f3b91afc0ccb8bfabbfe47ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--258e9e08-24e6-4022-8dff-046060944c15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:44.000Z", "modified": "2019-12-11T09:08:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:15:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "84b86863-1d43-4087-8a96-876d394ddd7a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f06ed65b8e0314d12bd54d861c9a7fdaa2c1409f3b91afc0ccb8bfabbfe47ff/analysis/1574547309/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "afd556a7-9b30-4b0a-9027-9585545269e0" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cdaec7ec-30ce-4071-a208-bf47939eb79d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41478f83-05cf-49ec-a1c8-1cacbbc09e33", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:44.000Z", "modified": "2019-12-11T09:08:44.000Z", "pattern": "[file:hashes.MD5 = 'f390eebc238b2e8b16e03d8d16dd9135' AND file:hashes.SHA1 = '88615dee93b9c2f4cbb67c890de85d80010f2b31' AND file:hashes.SHA256 = '588ec943d755cc0fd2c699c069e5328d49a6fc87dca234134a1a8b51aa18c93a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--608a6e2a-f326-4619-b78f-aeb942b24638", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:44.000Z", "modified": "2019-12-11T09:08:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:10:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d53fb65-5c7f-40bb-9585-50c2f16808f5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/588ec943d755cc0fd2c699c069e5328d49a6fc87dca234134a1a8b51aa18c93a/analysis/1573467018/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6439fe6f-53e9-438d-9c94-a98dd6a9d9b5" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81ff42de-fad3-42c6-b77c-0f0ce5f92b20" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed93e93f-413b-43b4-96a6-7abbf8040d75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:44.000Z", "modified": "2019-12-11T09:08:44.000Z", "pattern": "[file:hashes.MD5 = 'ccd6b00241fd3c432097fedebfe73160' AND file:hashes.SHA1 = 'bfe13495e3112c75a7287ab3bd93273292ff503b' AND file:hashes.SHA256 = 'c55de9da7945deccfcd284a2516938a287d503218e5c7cceca8606a93e00cfcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b36bb45-fff1-497d-90b6-44c336c6348e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:45.000Z", "modified": "2019-12-11T09:08:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-09T10:13:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1cce200b-3298-4d95-b4c5-432c53c94e83" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c55de9da7945deccfcd284a2516938a287d503218e5c7cceca8606a93e00cfcd/analysis/1575886411/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5174822a-d125-4a39-ab7e-3c1273bca542" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ed63eadc-be9d-4ce6-b4cd-d5578f725655" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcf29ec0-d5b2-474f-9b47-a009302fffd7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:45.000Z", "modified": "2019-12-11T09:08:45.000Z", "pattern": "[file:hashes.MD5 = '60c021825cca7fa302bbb5c71031f445' AND file:hashes.SHA1 = '5a7d92d6c670ed1a34d035d57e9beece4b34a2ab' AND file:hashes.SHA256 = 'a0df4633a022ba93d73a75ad7e6b8e01c369407107c27aa8650cb5f5fc878fb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9acdff64-6582-442b-b72e-400c5de70d40", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:45.000Z", "modified": "2019-12-11T09:08:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T14:05:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3457ee26-8d4c-4558-8fc7-4e24186cc307" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a0df4633a022ba93d73a75ad7e6b8e01c369407107c27aa8650cb5f5fc878fb4/analysis/1573653910/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5a96c3d-e189-4615-8d6e-5d5e54d6001e" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d08fbc9-6650-45e5-b6d3-9d1f7f2119ad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6aeb3879-bc39-4994-bc04-600eb8dd6fe3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:45.000Z", "modified": "2019-12-11T09:08:45.000Z", "pattern": "[file:hashes.MD5 = '38a67d0a11c0e0167ad98d4c5f82b5db' AND file:hashes.SHA1 = 'ac9b96162efff24694b1b163cd89deb2cd49e18d' AND file:hashes.SHA256 = 'eb4387cfd0d30be5e985d58f7dc3935cd3bd5a7dca193699aaa9971bda082229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9ca20ea2-6e65-445b-9676-3f62af9b5df3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:45.000Z", "modified": "2019-12-11T09:08:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:38:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "682bff3d-4d94-4aaf-8c29-dc9b1bfd9c0f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eb4387cfd0d30be5e985d58f7dc3935cd3bd5a7dca193699aaa9971bda082229/analysis/1574782702/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3feed01-0cac-4096-80a7-8c1ec15e4407" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "474942ca-9b06-4c5e-a797-90480de55bb6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e18c6e2-bebf-4581-a657-dcb4782bcd69", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:46.000Z", "modified": "2019-12-11T09:08:46.000Z", "pattern": "[file:hashes.MD5 = '88ab73e555ecd13f470c1960aa0a766b' AND file:hashes.SHA1 = '863e84c2510b469030c3fbc74833900f83f6b618' AND file:hashes.SHA256 = 'e06ea82bd1fd49ae05791148c9e0fe4f327146911f434fcd3cba4db52e5c372f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2eeba3bb-9a78-4ebd-bf31-387ae7ec7c35", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:46.000Z", "modified": "2019-12-11T09:08:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:32:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "69c8fb14-5d17-4880-be14-04f72f6b1b85" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e06ea82bd1fd49ae05791148c9e0fe4f327146911f434fcd3cba4db52e5c372f/analysis/1573824764/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "14d956ae-a4be-437c-85d0-4e7a8a91f30f" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3cff82e-ad6b-4581-87e5-dcb60f7a05a3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae856592-4152-4ad8-8d72-3af1f275d7b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:46.000Z", "modified": "2019-12-11T09:08:46.000Z", "pattern": "[file:hashes.MD5 = 'b09347260c1a6689ebbea2912173ebbb' AND file:hashes.SHA1 = '00c96a6aa2d613b71ee4195412cfea0adc6f0133' AND file:hashes.SHA256 = '96beeb7236cda9ae1fdbb692c03626f40e57ff55014838d5143ad461a3461770']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--13f496f0-29b7-4a37-896f-1ce2ec1e7286", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:46.000Z", "modified": "2019-12-11T09:08:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:55:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c0329c84-c2ff-4400-b9fe-664d419e5ce6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/96beeb7236cda9ae1fdbb692c03626f40e57ff55014838d5143ad461a3461770/analysis/1574546111/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c35f0ce-895c-491a-b3c0-a48424f877aa" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81014be0-8078-4da9-b7f1-ee790ac84606" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--680d2e52-6fb4-456a-b196-07825f047910", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:46.000Z", "modified": "2019-12-11T09:08:46.000Z", "pattern": "[file:hashes.MD5 = '9635d575f7b5f451f4c74a0545e69b66' AND file:hashes.SHA1 = '3a9272fa645b358f9bc1efe441b9789d133c2bc9' AND file:hashes.SHA256 = 'fe531c3f1db56d1ab6d8294ab3753cac84e8becf8307023fac07d39d28a07e35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0cee6148-5413-41c1-809e-5906a5637c40", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:46.000Z", "modified": "2019-12-11T09:08:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:50:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c120c696-4f9b-4c2e-830c-dda791e70dfa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fe531c3f1db56d1ab6d8294ab3753cac84e8becf8307023fac07d39d28a07e35/analysis/1574250625/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b924dfa3-574a-4fe5-9f29-1a7b5abb0845" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8db21400-ebc6-4bd3-bb14-f805453b4956" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b29f7eb-dbaa-416c-a4df-cff9599465f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:47.000Z", "modified": "2019-12-11T09:08:47.000Z", "pattern": "[file:hashes.MD5 = '6516598c9dde3d1459a4a94d42e239b2' AND file:hashes.SHA1 = '947100254dd39a254dab1fda9044f9b1a2d4c703' AND file:hashes.SHA256 = '136d1366ec76a9e1ecc49c1020adea68c416c6c8696925ef50f549dd3564bcf9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f33804ac-e880-46d4-8e34-0f25bddc3a72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:47.000Z", "modified": "2019-12-11T09:08:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7bd1db5c-9484-486f-83c9-c95e2d390f75" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/136d1366ec76a9e1ecc49c1020adea68c416c6c8696925ef50f549dd3564bcf9/analysis/1573722648/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce540686-d018-4458-80e9-9b333982aecd" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "af1f6067-7102-452c-ba37-88ac36cb89b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f007ef4b-7c49-463b-8140-0e7833584ee0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:47.000Z", "modified": "2019-12-11T09:08:47.000Z", "pattern": "[file:hashes.MD5 = 'd82f5076682cc387843414f7593de093' AND file:hashes.SHA1 = '3e73cc41cb034ad013f3ebaeb757e155f8b5e0c2' AND file:hashes.SHA256 = '9767c10a00326f9f167178d813afb963021e2f58aefd174a211978c4aa1a95f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2969123a-0982-4b37-b0ce-d619dab67a7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:47.000Z", "modified": "2019-12-11T09:08:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:54:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ef376af9-f25b-42bc-8aeb-f7deed01c361" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9767c10a00326f9f167178d813afb963021e2f58aefd174a211978c4aa1a95f3/analysis/1574546053/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d193ba11-d389-4b75-bbb2-5d891d0d6397" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cbd2b51d-8aa3-46ca-8c0b-064bb8cd40f0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--733a51f4-bfaf-445e-b9d1-6f2aeb3e9e13", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:47.000Z", "modified": "2019-12-11T09:08:47.000Z", "pattern": "[file:hashes.MD5 = '8b33d01fe5b6d5a325be4c053ef6b172' AND file:hashes.SHA1 = '48e49c53138699c74ab26799fef2df4c98f9f305' AND file:hashes.SHA256 = 'b2739c0042bbff812ef3d9106fdb32a6554a4ccaad94253b79f280506acb61d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a2d4eae7-25dd-48d5-a73c-17b0e3be9fd5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:48.000Z", "modified": "2019-12-11T09:08:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T13:57:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d839ff83-c23e-43ad-b1b3-33294452b542" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b2739c0042bbff812ef3d9106fdb32a6554a4ccaad94253b79f280506acb61d8/analysis/1573394270/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "07a20227-11d7-45db-aa62-a7ece11ccaab" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/63", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3a6a55f9-5e4b-40de-a444-7c7a8f850461" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc339a82-4290-4b72-825b-86c8e2ad63cd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:48.000Z", "modified": "2019-12-11T09:08:48.000Z", "pattern": "[file:hashes.MD5 = '78840a16d291a181aca187f667606eca' AND file:hashes.SHA1 = '3b8c2e33c0dcc0671aeaf396b4b8181e4ccdd63b' AND file:hashes.SHA256 = 'c52f02602bf5945fd62bc86c992f4d37e51857af76b67fd029f715a6fa695b3a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--566796ba-2887-481f-883e-5b87f2c294f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:48.000Z", "modified": "2019-12-11T09:08:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T20:49:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b9e519d-55b3-473a-b86c-5092889be176" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c52f02602bf5945fd62bc86c992f4d37e51857af76b67fd029f715a6fa695b3a/analysis/1575060549/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9faa3923-c160-4812-a630-cd560311ad6b" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3eb71f15-1a11-4a92-9271-15b8f568e2f3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94d47416-8a94-46a9-b15b-072940dad7d0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:48.000Z", "modified": "2019-12-11T09:08:48.000Z", "pattern": "[file:hashes.MD5 = 'eef2d389e54d1b2e6704adcce84c8b09' AND file:hashes.SHA1 = 'df967b977a2f0864bd85fb5a836710710cde48cc' AND file:hashes.SHA256 = 'ffbf659f15435ab3b684d61fb766ff8000819c2d2f48d29bc0b195cbf38db76f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6694a7e6-ac32-4aa8-b716-1e85b713d64e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:48.000Z", "modified": "2019-12-11T09:08:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:39:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "638ec20c-8781-4751-95ae-1a5fa630a019" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ffbf659f15435ab3b684d61fb766ff8000819c2d2f48d29bc0b195cbf38db76f/analysis/1572889158/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d03ffa46-5818-42a7-ab56-10f383a82fa6" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c417f81-9ffc-4de7-83e0-e2ceb1811a64" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed520552-6513-4917-95ca-c0d15f0d74cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:48.000Z", "modified": "2019-12-11T09:08:48.000Z", "pattern": "[file:hashes.MD5 = 'dbd6e92d9f5217484a9a47edbd48464b' AND file:hashes.SHA1 = 'ac8198a51f57e8f5ee90a78f8d62b12a1e8daa47' AND file:hashes.SHA256 = 'a0ee7213974daf74c1940dcaadc9c729cfc3e2a5a2bb4e2a73684fc4037e49ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1f2f93a1-eb02-4b87-a2d0-c8caeca58406", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:49.000Z", "modified": "2019-12-11T09:08:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T09:06:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6df621a1-9a67-4b47-a8c8-c99b036d6e5a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a0ee7213974daf74c1940dcaadc9c729cfc3e2a5a2bb4e2a73684fc4037e49ca/analysis/1575018406/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d505c356-28fa-4572-bff3-52aa63f458d9" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ce56195-81a6-45d9-89ff-777b03c65470" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ad6514f-d7af-47f6-87b0-372df8ea3b16", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:49.000Z", "modified": "2019-12-11T09:08:49.000Z", "pattern": "[file:hashes.MD5 = '0bfdd08f3d632d0a64cecec3e021b6bf' AND file:hashes.SHA1 = '47fda71bdbb29b585d528e3538a10eb3df9d14c6' AND file:hashes.SHA256 = '3c705f31d7165350245d3fad4db9ab7a0b85475b10aa1cbe2030bd23458495d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2bba21b9-106d-4208-a5d6-0bb9ac801ca1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:49.000Z", "modified": "2019-12-11T09:08:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "10967b81-692e-4cd0-9d83-403cd6f94045" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3c705f31d7165350245d3fad4db9ab7a0b85475b10aa1cbe2030bd23458495d6/analysis/1573722652/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "41446938-e561-4a79-8f90-fe2e5753ec14" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8e9b2b45-d027-4804-91cd-80b5d53880b3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c1d78a4c-9ab4-42df-93d0-24cc1963f3e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:49.000Z", "modified": "2019-12-11T09:08:49.000Z", "pattern": "[file:hashes.MD5 = '1eccf3fca2e926ece305faafc1456918' AND file:hashes.SHA1 = '176f9bf97309ca84177cf88990bcfabb2b681f21' AND file:hashes.SHA256 = '723be12af49d00743b25237e0411053bd6ba684ed6026f91fae6c88e2b3736c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9f576870-69ac-47d0-be4f-e77b9436dc99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:49.000Z", "modified": "2019-12-11T09:08:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d756b1af-6393-4b10-a0e7-b35c2c7ca78e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/723be12af49d00743b25237e0411053bd6ba684ed6026f91fae6c88e2b3736c9/analysis/1574062646/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3f2ccc8b-2c50-4aa9-9a63-297173066486" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "414159c1-6ed4-49c5-b691-0da59a1b8d6f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d5d7a8c-c996-4571-b8f9-f03d18a95bd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:49.000Z", "modified": "2019-12-11T09:08:49.000Z", "pattern": "[file:hashes.MD5 = '1913ec9f3b82a0be9cf93850a5fcbb1a' AND file:hashes.SHA1 = '3413768f2dc50c584fc01cd3b41c76ecfb82f07a' AND file:hashes.SHA256 = '0b30436a70da6328b82022c227c7c3912ab0d1f998dde4ea0c846bc97099459e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0e5a61b8-b5b2-4a86-8ed3-eebb7e258896", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:50.000Z", "modified": "2019-12-11T09:08:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:27:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3cb3592b-016d-4388-be14-a0002f1057d7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0b30436a70da6328b82022c227c7c3912ab0d1f998dde4ea0c846bc97099459e/analysis/1573824433/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "417eaf12-4e74-44cd-b353-de093bdda913" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "56edc041-63e1-401f-a2e4-beb50d0c7049" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb13fb99-e9ea-45e5-992e-595fa5379eb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:51.000Z", "modified": "2019-12-11T09:08:51.000Z", "pattern": "[file:hashes.MD5 = 'ab245fcd7da855da68b7c2e2e96e7899' AND file:hashes.SHA1 = 'f1ebea52684ecfcfa7fb4ae8bb3730135a7c7b9a' AND file:hashes.SHA256 = '1f4a92061c1a2d3f19d1e4f127395cd056f699b1db2f1ed8648cd406fb973b66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--827ce421-4c33-4102-a38c-9a82d7ad034c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:52.000Z", "modified": "2019-12-11T09:08:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:50:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d4ebd0bb-957f-44d4-a0ef-981cf597eb10" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1f4a92061c1a2d3f19d1e4f127395cd056f699b1db2f1ed8648cd406fb973b66/analysis/1574776216/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e813df8-bfd4-4287-9bb5-12e185e50ab7" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d945cd12-3012-4afb-84fd-191d79657289" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39a79b60-8c0c-4d11-bca2-38537491f6b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:52.000Z", "modified": "2019-12-11T09:08:52.000Z", "pattern": "[file:hashes.MD5 = '748fde5a990b5506a201fe256cca2153' AND file:hashes.SHA1 = 'd2fb9624c339423cd4f9edcbe1b343762fba27e2' AND file:hashes.SHA256 = '8ed575d654411a68e86fe7794c96c9061cb2d79e08d83160085b15eab3443721']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af12b4c0-e8d4-488d-876f-2d49989eca09", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:52.000Z", "modified": "2019-12-11T09:08:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T18:38:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0d7c844-6714-40da-9f69-eeb273771c98" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8ed575d654411a68e86fe7794c96c9061cb2d79e08d83160085b15eab3443721/analysis/1573929532/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6dc10297-9e7d-4697-afd5-0d3fe4454e08" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0c2d9697-87bb-4f05-8179-bd76a868b80c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--096eb58c-0bbb-4b98-8f29-f478d1aaae37", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:52.000Z", "modified": "2019-12-11T09:08:52.000Z", "pattern": "[file:hashes.MD5 = 'c75dead19c38895887a5905858d38ab7' AND file:hashes.SHA1 = '9de09647879a1479760b4c384f7ce244ca2bfdf1' AND file:hashes.SHA256 = 'be6cbb6d2c42472006c1c3f093a1015830e4fd45bcdf50bf89f5eb8a234d2c1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fccc7090-fbf3-4298-a67d-83a1c81e2dfd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:53.000Z", "modified": "2019-12-11T09:08:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T04:06:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ab648fb-b310-4d22-8b23-2eb55a8a1046" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/be6cbb6d2c42472006c1c3f093a1015830e4fd45bcdf50bf89f5eb8a234d2c1c/analysis/1575000398/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7d4949a-9c1b-47b2-9f46-c58fb6b51b40" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e585d032-8528-4914-bf0c-6ce583b52d61" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91d86c14-5d8d-49d8-85a6-62eb1f6660ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "pattern": "[file:hashes.MD5 = 'e1f2fc2dfdb403f769eee148bf86f8f2' AND file:hashes.SHA1 = 'e4368fd43348ad0f8b6df73236b59b6d6aad8d89' AND file:hashes.SHA256 = '69b5a1582c4398b3367c6fbb40c51eeda0deee719b9830c55c946da564fc737f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--28d1f5cd-035b-41ab-8939-160f3e815c0f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:27:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0d106555-2247-456f-8fb0-ec01ecf9a1d3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/69b5a1582c4398b3367c6fbb40c51eeda0deee719b9830c55c946da564fc737f/analysis/1574936820/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "98472b94-c0f0-4d34-8f54-17cfc8b6d1fc" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "75b535d7-f889-42c0-9836-2ff318b1448f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75f113a1-ef9f-4310-bb5b-989dee8f489c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "pattern": "[file:hashes.MD5 = '1996a7531385cbd60397b121aeddee27' AND file:hashes.SHA1 = '0e2b7ebca07e1266c01c92959f1413af10dd6bf3' AND file:hashes.SHA256 = '9d5a0edd97c0689ca40a7ae9519f4992a538ff81a5d4c5a47e327afa192cac76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b05cb70-d19a-4aad-aac6-551661f56eb2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:00:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7bea0322-b782-4c84-ac8f-e3aa5954c4dc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9d5a0edd97c0689ca40a7ae9519f4992a538ff81a5d4c5a47e327afa192cac76/analysis/1573394432/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "faba88a0-db00-45d7-b8cf-a5e9719b4031" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/56", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "602eff93-4437-485d-9ecf-2327bd272d47" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc8fd229-2908-4983-a730-d85c9e352575", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "pattern": "[file:hashes.MD5 = '6afa5f757ea642df8b2f036cd8f78a95' AND file:hashes.SHA1 = '3982b7d37b75a501cde3ed41d11e4ee4ebbcb7a8' AND file:hashes.SHA256 = 'b12737e22992e76fb0b07481696395ec69d92ff79e592d5d553a22f6825163f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dad20706-fc2f-4dd4-8d9c-f5796f819c6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:41:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c8d9d83-8c4e-4a99-a4c6-308dde3773ce" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b12737e22992e76fb0b07481696395ec69d92ff79e592d5d553a22f6825163f7/analysis/1573425708/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8505e4b4-df93-4642-8505-d13ba1e45516" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0f5fdf9c-4557-493d-bf22-cf1894d4a60e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b8383e3-acd4-4fcb-845b-5cb36e10a7b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:54.000Z", "modified": "2019-12-11T09:08:54.000Z", "pattern": "[file:hashes.MD5 = '8c7c901e8f69577bb9cd71efb0e3a905' AND file:hashes.SHA1 = '62499aeeff6defd15f16716ca08facd3078ce638' AND file:hashes.SHA256 = '57933d84d9e4d9fedf9496972ac23510feacb2a4c867568b1b7ed490234e348f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a1937f9b-ec9e-409a-bef0-adfea851fdee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:55.000Z", "modified": "2019-12-11T09:08:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:20:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eb1ee3da-5bbc-42b5-ad1c-9572470e27bb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/57933d84d9e4d9fedf9496972ac23510feacb2a4c867568b1b7ed490234e348f/analysis/1574612420/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26264c92-6922-4f66-bd33-0b5e24c62294" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8300b448-ef0b-49fa-ab75-38ead4a6aab2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0eb9d16a-03f0-44e8-843c-b8df2c4c083b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:55.000Z", "modified": "2019-12-11T09:08:55.000Z", "pattern": "[file:hashes.MD5 = 'ece6331e2a979e5010d2f7b4efa182a0' AND file:hashes.SHA1 = 'd114344d9fbe8bf07d75540a953fdf07c77f0c82' AND file:hashes.SHA256 = '307792eb08705f14a9b31a2718fcf07bcda31bf21b147f69a8287d6c57362680']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9e66898e-3b53-4951-a5de-b420a21476ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:55.000Z", "modified": "2019-12-11T09:08:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T19:06:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7f00614-6654-4ec0-816f-f7ef1123e304" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/307792eb08705f14a9b31a2718fcf07bcda31bf21b147f69a8287d6c57362680/analysis/1574968019/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1186d92b-94bd-484f-bfc7-7456d9133ca7" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "121c9c40-1b86-4521-ab2b-873b167c18fa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58bef497-df6f-43a2-a37c-3739ec6982a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:56.000Z", "modified": "2019-12-11T09:08:56.000Z", "pattern": "[file:hashes.MD5 = '3ead006e34a88f6295346c923c50bb2b' AND file:hashes.SHA1 = '5e8c14737e2714d06e13bf2837709d5776877173' AND file:hashes.SHA256 = '93533608231aeb71e1b7f96f0c5b37b8e781b525def4e3c21b6379a55b55cc11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9fd11823-de41-477c-a350-c3e601be0c4b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:56.000Z", "modified": "2019-12-11T09:08:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T02:01:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f9133c33-c9c5-47ac-9d07-30a61a553bb2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/93533608231aeb71e1b7f96f0c5b37b8e781b525def4e3c21b6379a55b55cc11/analysis/1573956071/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99c17235-3bfd-451b-a196-eedfab61e554" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "01d9f2bb-8426-45dd-8947-34b5cc12e49a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--454ad45c-85a9-460c-a56b-9ddb03bad44d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:56.000Z", "modified": "2019-12-11T09:08:56.000Z", "pattern": "[file:hashes.MD5 = '5ef185037fe608067da2e91dcb62f54c' AND file:hashes.SHA1 = 'f7a6f5a66ef937bb357cf258b8ac22c1363cd558' AND file:hashes.SHA256 = 'd350d2d326c205e4a93442bf7b2f29683888d8a1a77023da769e8ce4d2cbd94e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f2bc0b22-e168-4e10-8055-c642cdbad347", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:56.000Z", "modified": "2019-12-11T09:08:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T01:28:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aaf68cba-371b-47e2-be45-145532877f31" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d350d2d326c205e4a93442bf7b2f29683888d8a1a77023da769e8ce4d2cbd94e/analysis/1575509316/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "831fb392-09ed-4ea4-a8ba-63e17f032409" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "44d05091-1f31-430b-bd20-f38d8704087f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb3ec885-0bcb-47f2-aacc-6cc62f5df396", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:56.000Z", "modified": "2019-12-11T09:08:56.000Z", "pattern": "[file:hashes.MD5 = '4458c6a6e451341382b26f7402098efe' AND file:hashes.SHA1 = 'f79389888ab5b1d1e47f1827376acee3debc8777' AND file:hashes.SHA256 = '6212b6073077941c534fc23d482128165b8d5d0d9ec165abd0b4184353de9c32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7b9da427-bab9-46cc-b53b-cb15e0e7670e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:57.000Z", "modified": "2019-12-11T09:08:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T20:43:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f858f06f-e902-464f-a904-ebf056c798dd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6212b6073077941c534fc23d482128165b8d5d0d9ec165abd0b4184353de9c32/analysis/1575405794/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "77119f3c-94de-4989-b921-7125042ae016" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6640ee1d-79f0-436d-9a03-9e3f9f57073b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d70047d-25af-4bab-893c-1819ce2ee2b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:57.000Z", "modified": "2019-12-11T09:08:57.000Z", "pattern": "[file:hashes.MD5 = 'cd25c1a67ce03194a3d935069ae90e84' AND file:hashes.SHA1 = '124b049ca47677bdb488477c9ff09e17bc7d4f91' AND file:hashes.SHA256 = '26649e486ba1a9ad46837aa6e7c80b094b0b6e2af1f0a906310e1188afb35696']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--728bb84e-4c46-4cbb-b5b9-d61e905d206d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:57.000Z", "modified": "2019-12-11T09:08:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T08:52:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c014f37b-c88a-4b00-a1e7-b4b76775fd5b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/26649e486ba1a9ad46837aa6e7c80b094b0b6e2af1f0a906310e1188afb35696/analysis/1575276779/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5b53a3c-c1b9-43b9-a585-98ba59f8b888" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cee181ab-ba8c-4db2-b056-117a8e70d2f3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2f19e2c-8d0c-4282-8dd4-8717b98dab76", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:57.000Z", "modified": "2019-12-11T09:08:57.000Z", "pattern": "[file:hashes.MD5 = '4cc387caabaa4a3a685ac8afbd9fe170' AND file:hashes.SHA1 = '2a575949698530a5d6f564420326ba313579b17c' AND file:hashes.SHA256 = '484e8e202934f502bb1b0a944721845ff81879b4e91656d30c5fe4c490cb781a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--583eed35-20a2-4f3a-9c33-e2c329a021b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:57.000Z", "modified": "2019-12-11T09:08:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T10:38:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3d0ca14d-09dc-4217-9b62-0a565082503d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/484e8e202934f502bb1b0a944721845ff81879b4e91656d30c5fe4c490cb781a/analysis/1575110320/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc8c8b4f-506b-4a78-8490-5cafc30258a1" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "54c9ed2a-18f1-49ad-a555-c8c4f03526c0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18f0a394-59e8-44f7-bef4-e629c8e2d48c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:58.000Z", "modified": "2019-12-11T09:08:58.000Z", "pattern": "[file:hashes.MD5 = 'c0aca5fa5b1c1d5b3ef4c3e3e61af458' AND file:hashes.SHA1 = '8e791ccf0383b826fc13b966595b209f571bc0f8' AND file:hashes.SHA256 = 'fad8f8c03505c21664bb6841de7e6dc7a19338ef2fb9400d832776365d258ac7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5f4bcd14-cb63-4b73-9f04-0cd48d621451", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:58.000Z", "modified": "2019-12-11T09:08:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c9b2127c-f661-4c3c-996b-bae84b97f4e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fad8f8c03505c21664bb6841de7e6dc7a19338ef2fb9400d832776365d258ac7/analysis/1573722645/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f0303de3-7a74-4810-8e8d-533d44ba9e2b" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3d7f71b4-bdc6-4362-89b2-e946925b675d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--844f9804-c3f3-4cd2-95a7-cd42db3561a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:58.000Z", "modified": "2019-12-11T09:08:58.000Z", "pattern": "[file:hashes.MD5 = 'e249c9c6c07d5f10f44856bd59206da8' AND file:hashes.SHA1 = '8410e4613411c2b2c9a0611259f9f2ff690de2de' AND file:hashes.SHA256 = '04fc7a5e9d0f158883589a5fae04898457e45b1954c0ad1a258a23e2868b3b56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--11e37e76-d0b7-4f98-a663-7e1deaad4dde", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:58.000Z", "modified": "2019-12-11T09:08:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:32:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9cfc71ae-b411-4be9-8d98-78c55b7a7d8a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/04fc7a5e9d0f158883589a5fae04898457e45b1954c0ad1a258a23e2868b3b56/analysis/1573421521/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d6546ed-35db-4364-850f-6431fa194a64" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2cb26945-5c38-4a33-83bf-505444da3353" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--505c4912-ec7c-4bd3-800b-f96b928d60a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:58.000Z", "modified": "2019-12-11T09:08:58.000Z", "pattern": "[file:hashes.MD5 = 'b3f57312145e96cd6b3dfc4599e7ee9c' AND file:hashes.SHA1 = 'a67844a80ab94767a4cacf5caeaab391151921f7' AND file:hashes.SHA256 = '20394dc816db696f7a9fe41ed1d6b581f91616e8de94b9810b580738fcc0baa7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--37a3479c-7016-4207-a0b5-e1871d62918e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T10:48:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc3d95c9-a088-43d9-a73c-feb9f8b5f3e7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/20394dc816db696f7a9fe41ed1d6b581f91616e8de94b9810b580738fcc0baa7/analysis/1572950915/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a650431d-0ead-4329-9293-4fff73c017ba" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "23195684-ad82-490a-8b16-fcddad2d142d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19df27ac-fb3a-4564-a333-92b694f65766", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "pattern": "[file:hashes.MD5 = '6a7de11607a272c5a4d9931e0b768c62' AND file:hashes.SHA1 = '4d9c9950349cf5c338de0d0e500edc8533abf1ee' AND file:hashes.SHA256 = 'ee008b9299dda630d5ff4217a43f7ca9a280001ed006db0008ef2716b6c7a5b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f42a3419-4657-42b3-b6e5-e947e0c25827", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T22:33:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd4d9a27-8217-4195-946a-e90769bf0165" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ee008b9299dda630d5ff4217a43f7ca9a280001ed006db0008ef2716b6c7a5b4/analysis/1575498802/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc22f947-5b41-410c-973a-9fe03884d6a3" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c4e1e08-dc0b-46b6-9042-3a4f301760d2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba3c7e43-259b-4b53-86bb-637a52cc5504", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "pattern": "[file:hashes.MD5 = 'c83079855879b80523e7392e8069afd9' AND file:hashes.SHA1 = '123fdb79167fab65752849572278fc3f9d71e644' AND file:hashes.SHA256 = '5f21b9e408d2fbc366e15204d4965cddbadefd113612a647987f9126961aec04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6a6d30d5-8af3-4c31-9b47-26cc1384e2a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:27:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1aae194a-1ffc-482e-ba12-f1cbf67c2772" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f21b9e408d2fbc366e15204d4965cddbadefd113612a647987f9126961aec04/analysis/1574612850/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3760809d-167b-4a5a-ae15-dfda40b254d0" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "288a0d0d-1fc7-40cd-9ec4-60cdc91e00f8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--801dda52-f305-4225-81ae-63a537e2d416", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "pattern": "[file:hashes.MD5 = 'd63ac5899ab35ac33c68213da4616ad6' AND file:hashes.SHA1 = '1302222e6bd61286833650f8ad50ffbaf06b28db' AND file:hashes.SHA256 = '47957ac381ddf4917b0ec2a325c6a68f4778196e4ace0035dd95d142858c4702']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:08:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ceda2ab2-2d4e-4f23-ad1a-88370c893d41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:08:59.000Z", "modified": "2019-12-11T09:08:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T03:40:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a1f8e3ba-7b05-494d-9005-681f812c6816" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/47957ac381ddf4917b0ec2a325c6a68f4778196e4ace0035dd95d142858c4702/analysis/1574826027/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d015ec34-3557-4df7-89ed-a4cc231c94c4" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6235dd8d-ecca-4e14-b246-9762b436ba79" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--738b07c1-e0e9-44e9-9fcc-7724e09a8534", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:00.000Z", "modified": "2019-12-11T09:09:00.000Z", "pattern": "[file:hashes.MD5 = 'feb89e1027dd2d4eb671f3f58478943b' AND file:hashes.SHA1 = 'b65567805fd9f09eeaec0e65557ee8ca9491f6d7' AND file:hashes.SHA256 = '4d2e86301278a9e8859857bbf23ae2604946786fb8046a97ff1102a0df8fa520']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0053d5cb-a02d-43a3-ba7f-5e5f5a645c5f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:00.000Z", "modified": "2019-12-11T09:09:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:15:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c49c2b7b-4ce7-4fbd-b9ac-06ac573c78ec" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d2e86301278a9e8859857bbf23ae2604946786fb8046a97ff1102a0df8fa520/analysis/1573985753/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf452510-8bb7-491c-b2ea-74e48c19cb23" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "068a9130-15ed-476e-8f1b-519a614acf92" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c78d4ad-76b5-410f-b769-8ac2de68cc29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:00.000Z", "modified": "2019-12-11T09:09:00.000Z", "pattern": "[file:hashes.MD5 = 'af553ac3f81444bbe01a6ad3c92a34d8' AND file:hashes.SHA1 = '79fad355c36a47adbf34c894590005f2af65961b' AND file:hashes.SHA256 = '7c6233499d1298c7cdac827e66e727c4b716cbfd3789e468f3e26693bee57467']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fe7b8b9b-6817-4f6a-8161-df3ec4b0a993", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:02.000Z", "modified": "2019-12-11T09:09:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:38:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9aabb1f-150f-428c-9276-c09f91a90324" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7c6233499d1298c7cdac827e66e727c4b716cbfd3789e468f3e26693bee57467/analysis/1574332683/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a4dbd07-46b7-4acd-901a-a09ea589a640" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c7abe78f-e696-4881-94fb-283aec35df67" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a07ccfc-b2f0-4a9e-8fe3-f56da0287be3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:02.000Z", "modified": "2019-12-11T09:09:02.000Z", "pattern": "[file:hashes.MD5 = 'e9f07e3b499b5c8ab039acd9855a7d6b' AND file:hashes.SHA1 = '1d3ed18b63e9ef2e62177a2463311c3c0c21f77d' AND file:hashes.SHA256 = 'f64551a882617ff5f18e45a8f26b2df9142526bf8dd534a02b1d193ea5f4c33d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aa2fa223-8f0c-4b45-91fc-a10098460bdd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:02.000Z", "modified": "2019-12-11T09:09:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T14:54:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d5de391c-74b6-45e0-99cd-8e924cb71419" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f64551a882617ff5f18e45a8f26b2df9142526bf8dd534a02b1d193ea5f4c33d/analysis/1573224845/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1596149b-a220-479c-b2d9-4348e6f897b3" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa84d7bc-62db-4dda-8a33-f1d651c93c30" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30ad66a5-06a2-4526-984f-dc929f8e78e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "pattern": "[file:hashes.MD5 = '300c8b56f0349af99dfa32a5452efa42' AND file:hashes.SHA1 = 'f72a7bbb4e9707c6327a6fe49d31765f25969d2b' AND file:hashes.SHA256 = '986620e9e27ddeefef746b3ab85da4ed3a8d38cd36245a76fbc0b99a119c537a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--18ffb939-9527-4c34-95f4-6863b04bbaf4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:39:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aadd318b-d47b-4069-bffa-392b20247d9b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/986620e9e27ddeefef746b3ab85da4ed3a8d38cd36245a76fbc0b99a119c537a/analysis/1574332758/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8e32055e-226b-407d-b2d3-05fcf25a8d97" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8b4b488f-b2ca-4bd3-a238-29a33079708c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68ddc97e-64a7-4d39-8f72-ecb926dc6263", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "pattern": "[file:hashes.MD5 = '06e1eff3f5eee0a655f5e05d03135cb2' AND file:hashes.SHA1 = 'c2bf75d2c10ffcae7b2c90e9e674240f39dd4423' AND file:hashes.SHA256 = 'c2232604d5247808d7be0ff297a17c87129824209d8b8f17a6c5ae9c8cf50144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8cc13a6a-0de2-4a47-8a0d-0884a02779ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T08:28:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b064a12-0a8f-4ca2-a7e8-a77d4481d254" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c2232604d5247808d7be0ff297a17c87129824209d8b8f17a6c5ae9c8cf50144/analysis/1575102483/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "caef533f-a0f7-43ec-850b-babb6440a309" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "51dcf886-8f7f-4a7e-9494-a2ef14c52013" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31e0b85f-066e-4c0c-bba6-5c67b4ef5cb9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "pattern": "[file:hashes.MD5 = '08ea2a701c83e68ec28b0503c454aaa6' AND file:hashes.SHA1 = '03f51aa3b1378dc7bff078df852450264612cfa8' AND file:hashes.SHA256 = '7b88bba3162b7ea96d9a93be491de293a856ba4d69449a0b37b14d924bdb963d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a8e16593-8a35-4cbe-9a7d-27a011ab0aaf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:44:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "28743e54-4be7-4252-957f-979238f0ac8e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7b88bba3162b7ea96d9a93be491de293a856ba4d69449a0b37b14d924bdb963d/analysis/1573469056/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "820c9963-ae65-4a63-97a8-f3b0fb278891" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "97a798bd-0af8-4cc4-9422-c31fe02f2fbf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88c85dbb-b9e8-4798-aa8c-afd1bb83ee3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:03.000Z", "modified": "2019-12-11T09:09:03.000Z", "pattern": "[file:hashes.MD5 = 'cf31fa05089797c17d2d9477d074ca1e' AND file:hashes.SHA1 = 'e90eee91e82ba6b30adcf9692b62b7557743941e' AND file:hashes.SHA256 = '22f85d3891c4d59ed5276852118311c54779f86a4cb0a10fc98eadae96cebe20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dc6d7328-3b68-4028-8355-b1e4af009420", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:04.000Z", "modified": "2019-12-11T09:09:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:42:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cdcbc596-e155-4eaa-8b91-b3b214f9a85f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/22f85d3891c4d59ed5276852118311c54779f86a4cb0a10fc98eadae96cebe20/analysis/1572889339/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81bfe07c-0c34-43e2-a556-be8795431a69" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ce6047a-eb0e-4555-86d2-21348a32a9b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ddfa380-3b6c-40d6-b390-266f76f1ebac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:04.000Z", "modified": "2019-12-11T09:09:04.000Z", "pattern": "[file:hashes.MD5 = 'c284078d2eea8fbca84988b52be2425a' AND file:hashes.SHA1 = '769cff1eacc90b7d810676274194480bd6c091d1' AND file:hashes.SHA256 = '5e044a65acb4d8faf7caab4375a7fb995806691135ebd20cb3e199e9b2f29aed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--871c3fde-844e-44b7-a6d6-5e987c48076c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:04.000Z", "modified": "2019-12-11T09:09:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:08:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fadad4b9-e240-48b5-a875-2731e197ea8a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5e044a65acb4d8faf7caab4375a7fb995806691135ebd20cb3e199e9b2f29aed/analysis/1573873728/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7c36d27-a608-45dc-b642-2f1e4c4ab0fa" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a751b87c-ad1e-428b-9462-c598af5f4570" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04e865d4-f9ab-4eb3-bb87-ec890c68e194", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:04.000Z", "modified": "2019-12-11T09:09:04.000Z", "pattern": "[file:hashes.MD5 = 'c1d5dd10de4512f4e884cd5d3c0efc16' AND file:hashes.SHA1 = '1c6a13852d9dec0feec378422fb07da905029e38' AND file:hashes.SHA256 = 'bf01e71dddf875a6e1b9df0a9c672d267b21556e83ebb50239b7d4b83a695721']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--483975a4-7d98-4a54-95a2-8cca2a3e727e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:05.000Z", "modified": "2019-12-11T09:09:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:30:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a923d494-0ece-4874-9391-3a17f8f64d7b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bf01e71dddf875a6e1b9df0a9c672d267b21556e83ebb50239b7d4b83a695721/analysis/1574782259/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bc21adff-4674-473d-8f5e-abc5e3531481" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3e1aeea8-f9ba-40a4-b472-1ac5a8fbe324" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7033e3d-da01-4bbb-9f21-4c5a7d34da3c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:05.000Z", "modified": "2019-12-11T09:09:05.000Z", "pattern": "[file:hashes.MD5 = 'b4be22327086ac1d5053079d417af35f' AND file:hashes.SHA1 = 'e3529c36cfe3680759880ca5042c78b57d544786' AND file:hashes.SHA256 = 'df502a4069b889ff8e73741352e7c3c07fb4a33478c92325d11b7fca3bfc1732']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--18688fc5-95c7-40d9-b6bb-f6ac2ffad357", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:05.000Z", "modified": "2019-12-11T09:09:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c627be43-57ea-4cc4-85e1-280e32a119c7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/df502a4069b889ff8e73741352e7c3c07fb4a33478c92325d11b7fca3bfc1732/analysis/1574062638/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ba778009-2078-45c9-a343-b1165cd54102" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8cdbe7fb-faa9-47e6-af68-599341337704" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02663258-e7f5-4809-98ab-835c3dff4272", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:06.000Z", "modified": "2019-12-11T09:09:06.000Z", "pattern": "[file:hashes.MD5 = '8d050967d1b70081ff9dd75d4076ff87' AND file:hashes.SHA1 = '7a286f740687c4582c8ebf63693ad1e0fbd7901c' AND file:hashes.SHA256 = '0fb2fd7fbf71ab39078aa16528e06cd88e9a3e541c9e93721cbaeca081794bdb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8f2a5a0a-2756-4cd4-bc4f-22a7245eac25", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:06.000Z", "modified": "2019-12-11T09:09:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:03:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88500c21-d267-41b1-b438-827c14a1bd7d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0fb2fd7fbf71ab39078aa16528e06cd88e9a3e541c9e93721cbaeca081794bdb/analysis/1574251430/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a641ee8-179c-4d64-b954-2c3e44db9e92" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a6130208-77e8-4330-9649-ffb9f97d0d28" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2e8a416-c2cb-4015-968c-0984172383f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:06.000Z", "modified": "2019-12-11T09:09:06.000Z", "pattern": "[file:hashes.MD5 = 'a13cd0d2c5ffac903b03784af87a1e25' AND file:hashes.SHA1 = 'c53e91f88ead48896e87ea148853f38154804195' AND file:hashes.SHA256 = '8ad3156593ffbf173177d099cfcbf40b356d4bef42ac6a5a70e6481785fdabce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cfcdd3dd-5638-43f1-aee0-3bc1577d74d5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:06.000Z", "modified": "2019-12-11T09:09:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T05:32:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2b790f4-3695-4b36-9599-a3451f4a42a0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8ad3156593ffbf173177d099cfcbf40b356d4bef42ac6a5a70e6481785fdabce/analysis/1573191126/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "450a4a30-ba6d-4472-999b-b7c0cb7f846e" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3eef9403-dd31-4bde-b441-74d3ae25423d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9604190-10c4-41ee-b981-2871bf53e73a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:07.000Z", "modified": "2019-12-11T09:09:07.000Z", "pattern": "[file:hashes.MD5 = '971f652c059ba8d1185d387609f0d7cf' AND file:hashes.SHA1 = '2d41ce41d54558b2052915c36e03ed3460562f3e' AND file:hashes.SHA256 = '96689f58b3f9f44ca9c5bf133b1c880c03dfdada3b0c28cbb9cc6ee160974ce2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9e983312-376f-4ab8-9881-e110e5c4fa30", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:08.000Z", "modified": "2019-12-11T09:09:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:32:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b2e5c51f-1744-4db6-ba25-480ab18cd48e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/96689f58b3f9f44ca9c5bf133b1c880c03dfdada3b0c28cbb9cc6ee160974ce2/analysis/1574548374/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "874ea461-ed17-441d-8cda-ed0b5330351d" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9bcaff2a-6bda-4e32-96f3-64b42888332d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9eeda890-927c-464e-b272-333ccb1d3058", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:08.000Z", "modified": "2019-12-11T09:09:08.000Z", "pattern": "[file:hashes.MD5 = 'bdb047644336ba19af0dfa6057e807c2' AND file:hashes.SHA1 = '8d49d21566513de1a70be762e20db3142635bd40' AND file:hashes.SHA256 = '60a0d505ed7870300d7f47928f551d39526a735f074bae05d163e2a62389f9fb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6e50a755-b8dd-414c-b623-07ff6a2ac065", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:08.000Z", "modified": "2019-12-11T09:09:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T03:39:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1704928-c648-4d57-883b-8611e6241e77" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/60a0d505ed7870300d7f47928f551d39526a735f074bae05d163e2a62389f9fb/analysis/1574825971/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4e3ddd4f-49b0-43f0-86fe-68b76d451593" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "10a74062-a036-4bbf-94d0-d044254a5027" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b984b421-3546-43ec-8344-db330fd09d51", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:08.000Z", "modified": "2019-12-11T09:09:08.000Z", "pattern": "[file:hashes.MD5 = '7a4f86cf957f2e3c32cf12df3b8dfcb1' AND file:hashes.SHA1 = 'ae56a8149212a889286105e452f1937368576ca7' AND file:hashes.SHA256 = '143572af9a036032d8a0ff56a8dd828220d0ef3aa0469058261beb9cb687c30a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--79699cf2-b8f5-47d8-befa-6b82e9355fe7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:08.000Z", "modified": "2019-12-11T09:09:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:45:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "704dd2dc-9dc8-4ef1-9d03-f1439e131d6e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/143572af9a036032d8a0ff56a8dd828220d0ef3aa0469058261beb9cb687c30a/analysis/1574333140/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d68e1d3e-0d5f-4d84-84c7-33880c85f3d7" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b6aed8c-aef8-493d-9494-6578fdf6fd98" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fdac306-8c84-465b-8b79-04b0d475093a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:09.000Z", "modified": "2019-12-11T09:09:09.000Z", "pattern": "[file:hashes.MD5 = '6b875a69b552a94d4763122347859d5e' AND file:hashes.SHA1 = '295b261901c0ce65eed4f8cfbf23da7b78913892' AND file:hashes.SHA256 = '1e67614d79d390bc8b2ceb10744b3015d545ca15bcaa688cffe1e066f227f776']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ffdb3b2a-3c94-486f-a65c-987a2be986ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:09.000Z", "modified": "2019-12-11T09:09:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T13:20:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "abe073b4-d996-43c7-88b5-c599fad3c379" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1e67614d79d390bc8b2ceb10744b3015d545ca15bcaa688cffe1e066f227f776/analysis/1574256032/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ad4cfeb9-8e52-4e5b-b134-f29021d1e687" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2db6bc20-73e6-4ca4-9242-0386e16e7133" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2312244-516e-468a-8cdf-97d0ada59a51", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:09.000Z", "modified": "2019-12-11T09:09:09.000Z", "pattern": "[file:hashes.MD5 = '001f6bb8e9d2c4dd140bd69d1ac58ad0' AND file:hashes.SHA1 = '5f73628a8707e9ba6ae136ec3a3e8b6af37cd628' AND file:hashes.SHA256 = '95b4a039248c58c3886e6735ce41e3a2aa18ed7e4b9c60cfcf1ab0a4e013a275']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a639c694-9dd7-434a-bf7a-f51ad0e469d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:09.000Z", "modified": "2019-12-11T09:09:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-06T07:04:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "85de083f-ced4-4081-abc6-d5b08cd13899" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/95b4a039248c58c3886e6735ce41e3a2aa18ed7e4b9c60cfcf1ab0a4e013a275/analysis/1575615840/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "29aadbed-24b0-44ca-ab78-ff9f5e322c88" }, { "type": "text", "object_relation": "detection-ratio", "value": "60/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a9b1a5b7-d313-4b48-9f90-92c4a8834694" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e47e2828-2a48-4ee3-b3bc-de782c7ef605", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:09.000Z", "modified": "2019-12-11T09:09:09.000Z", "pattern": "[file:hashes.MD5 = '2f583ecc03d2944bf4ce1b0f3bad439a' AND file:hashes.SHA1 = '1613ded85b175277f5f62fc48f596f504b584681' AND file:hashes.SHA256 = '0f3c3ba71c343b83234ec64f5567072b0c3104cbf042da63f1b250fec52a3193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c768ca64-4061-4565-8b5d-f720aa735f96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:09.000Z", "modified": "2019-12-11T09:09:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0c5f54f0-2397-41b0-9fd4-d6c2a5153cee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0f3c3ba71c343b83234ec64f5567072b0c3104cbf042da63f1b250fec52a3193/analysis/1573722651/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6f14c46e-a700-4852-b1ae-9401580bf410" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bd08fdfe-1b18-4284-a799-513093042182" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d137df9-f16c-44a3-82d8-f2f77bc2fe37", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "pattern": "[file:hashes.MD5 = '078563a69f3ce846dd39e5567e16cb4b' AND file:hashes.SHA1 = 'f98159f23f4f0945c30d9fef2dbc80926a9917d9' AND file:hashes.SHA256 = '8618e3362f008deddb91a883b943bc250651d45016ecf8f98160c1ee30c31376']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4cef0992-a69b-4bc0-8e3a-608234f1d26e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T17:22:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d16bad28-b241-4b00-954e-38eda8eff154" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8618e3362f008deddb91a883b943bc250651d45016ecf8f98160c1ee30c31376/analysis/1573492974/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d7b86bb-79de-4e29-9bd3-1658f2c46ba6" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4303e3d2-7816-47e8-bafb-c9c5601019b2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2f0df78-42f7-440f-8a3e-d0578ff2c69c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "pattern": "[file:hashes.MD5 = 'dcc6d47f3a8258b8d823ecac6f68b482' AND file:hashes.SHA1 = '189c97e30d132bb0ea78767fe2efc75a02d36b82' AND file:hashes.SHA256 = 'ff30ff65e97407715f6d03b6912ca42d87b912ae1e40b473e6738887aa1c3264']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9e0d7701-e758-4b09-a953-2ea4a67743a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:33:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bd8d59a1-1538-4d5a-be49-c3038433c7a6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ff30ff65e97407715f6d03b6912ca42d87b912ae1e40b473e6738887aa1c3264/analysis/1573979611/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0f7db865-3adf-46b8-93ad-237239d2d6f5" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce020a54-a765-4d77-b733-75cf2af32ab1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8cd6651b-a7bc-4da8-aa76-4698e77aaac1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "pattern": "[file:hashes.MD5 = '22a81d03840e37e11e49d7c4a2fcc2d3' AND file:hashes.SHA1 = '7e7bd195285117810963cd20975cfd8f900cc9bd' AND file:hashes.SHA256 = '95123b3142be5d6c9a3cdbce974d10cddc4b2796e243d2f64ea9f909cb00eb29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--14d365b0-f7a8-4e2e-a026-e564567fb451", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T15:58:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ef17cff5-1a20-4b5d-978f-33340f9e19ab" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/95123b3142be5d6c9a3cdbce974d10cddc4b2796e243d2f64ea9f909cb00eb29/analysis/1572883106/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c487518-ef0b-477f-9eba-ba597ae1d54b" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd0ee7cc-4baa-479a-bcf4-93cf4d37d8cc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52b2c640-0b6c-411f-8a0d-b194db9d6378", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:10.000Z", "modified": "2019-12-11T09:09:10.000Z", "pattern": "[file:hashes.MD5 = 'b598a4fcb7ad305756e5f0b96de9e631' AND file:hashes.SHA1 = 'a80a3c1a9e107be1b5d6e9fd83060e0164469561' AND file:hashes.SHA256 = '9aa74d061e986ac65dcf4243d6229122666d1ebe5e5c8c278f109d5d8a74ae80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2e9e748d-071a-46ba-b209-0fcf55b57f0f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:11.000Z", "modified": "2019-12-11T09:09:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:44:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e470cd76-9422-4d76-8f01-f6b43297962e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9aa74d061e986ac65dcf4243d6229122666d1ebe5e5c8c278f109d5d8a74ae80/analysis/1573425844/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "54593a66-8ea5-4d69-9bf6-3993f6ae82e8" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c51f3e08-b611-4bd7-a136-584b914b14d5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7df70663-58fe-4509-b0dc-d5d6315c08ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:11.000Z", "modified": "2019-12-11T09:09:11.000Z", "pattern": "[file:hashes.MD5 = '903b19da8406407bf8968f8fbd90eee8' AND file:hashes.SHA1 = '41989ff9bd710925298dd9f9d25dfc213419d57d' AND file:hashes.SHA256 = 'c09a454de3ee3b814d0ad8530ea962596dc66ebc7366d9d731e273ff9560e87d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--95da7e68-522b-4946-a596-37288c33b6c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:11.000Z", "modified": "2019-12-11T09:09:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:44:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3bd51b0d-55e6-418e-8b80-7776390613dc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c09a454de3ee3b814d0ad8530ea962596dc66ebc7366d9d731e273ff9560e87d/analysis/1574333068/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "afe6500e-6d56-4418-b25e-cd03288ed280" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f416b789-db97-42b0-8cd6-930ba4298ee9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6289f73-5f31-4dc4-86dc-fc9c8a4e4d2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:11.000Z", "modified": "2019-12-11T09:09:11.000Z", "pattern": "[file:hashes.MD5 = '191d1f7bed4ac6290d298ded5af9f549' AND file:hashes.SHA1 = 'ac66566ce0c40c0fcb725a911a63d2082273b3dd' AND file:hashes.SHA256 = 'ffa4c0875faf1a430e725da129b5abaf874fe769dcfa88764554f53f866b9529']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--747ff1d3-f9a9-4d54-8653-269224f4abe0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:11.000Z", "modified": "2019-12-11T09:09:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:21:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "805139dd-59a3-4dda-9d59-a83dfdd06cd2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ffa4c0875faf1a430e725da129b5abaf874fe769dcfa88764554f53f866b9529/analysis/1572888111/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c631b305-3386-459e-b35e-0ace443845fb" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8597073f-c82c-4ac6-9996-f9f2d16461b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73b0dd1f-f6ee-4dc0-b174-30a1d7645102", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:13.000Z", "modified": "2019-12-11T09:09:13.000Z", "pattern": "[file:hashes.MD5 = 'c560aa0ce5845ff01d0bff192582b4e3' AND file:hashes.SHA1 = '0341893c34440f6dd695c73f97eb850c81042737' AND file:hashes.SHA256 = '78caf93f28ed33a68d9c877e65d3329438f222c4069277fbaae540fc7912f6f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--88f5e0ca-db40-49c6-ab76-631672d838e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:13.000Z", "modified": "2019-12-11T09:09:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-19T14:56:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3434dcff-0ae4-4674-95f0-ddcd9eb7a38a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/78caf93f28ed33a68d9c877e65d3329438f222c4069277fbaae540fc7912f6f0/analysis/1574175369/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d2a7175-4b58-4dce-8b44-aa6707c53348" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4731d086-87ac-4f80-9395-5238f739270b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--834968d5-1a82-47c6-b38d-1d07cc666f1a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:14.000Z", "modified": "2019-12-11T09:09:14.000Z", "pattern": "[file:hashes.MD5 = 'ab34fd3745381d9ffa027dd95b6f330c' AND file:hashes.SHA1 = 'be2fb144d876df983c5385d81c968bb5a8876217' AND file:hashes.SHA256 = 'b6e6975a76b305c753c8e85b854fb759622055f71fcc109f5d2074b394e0bf24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ad9a99cc-55a2-4be5-aa2f-57485a1c382c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:14.000Z", "modified": "2019-12-11T09:09:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b80859a-c626-4a97-966f-5fcf5f27407f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b6e6975a76b305c753c8e85b854fb759622055f71fcc109f5d2074b394e0bf24/analysis/1573722649/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1cf37e3e-77c9-45cd-9c1d-3b658eaaa1bc" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5024a0a7-de99-45cb-8bbe-c07d5d5d18e9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af18f7b6-3eaa-4a20-8b94-16ff1fea68c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:14.000Z", "modified": "2019-12-11T09:09:14.000Z", "pattern": "[file:hashes.MD5 = '35dfde67229abf292d8545b8e22ec8e6' AND file:hashes.SHA1 = '7e9a48ea5297c37aa6a75fb133e4d522b0e99bb3' AND file:hashes.SHA256 = 'fd0014cc7ec0ba63e363f60e94870beace7e0f649d5609accb8d4cc83a559e20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--855313e6-0a4d-48c3-8c9a-651443069d81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:37.000Z", "modified": "2019-12-11T09:09:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T13:53:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d50fa2a-d799-4817-b99f-c32b467c80f4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fd0014cc7ec0ba63e363f60e94870beace7e0f649d5609accb8d4cc83a559e20/analysis/1575035616/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f56887c8-fbef-42db-acb3-cb1458eb18f9" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d1d5a03f-b002-4052-b839-ea009165320b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f621cf4e-e2fe-4191-baa7-bd7976d7e961", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:37.000Z", "modified": "2019-12-11T09:09:37.000Z", "pattern": "[file:hashes.MD5 = 'ed1f07046309c06fb0ad70141620050f' AND file:hashes.SHA1 = '49d509716cc497964951b8d0e38c666c83cb13ae' AND file:hashes.SHA256 = 'd39c4d688026e814136165c76b8f4406c620353b9ff9c048a083b40293067e2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6cce9811-cfdf-4980-9ebd-ac168212f216", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:38.000Z", "modified": "2019-12-11T09:09:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:41:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de55a884-51dd-4cda-b052-831e6c7b7fcd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d39c4d688026e814136165c76b8f4406c620353b9ff9c048a083b40293067e2a/analysis/1572889306/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b63d6733-2c24-4645-9b98-c71c22f968f5" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "823f07df-0437-483c-8c79-5e142a9184db" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ef008fa-8022-452b-bbd4-5e069fb5d1ef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:38.000Z", "modified": "2019-12-11T09:09:38.000Z", "pattern": "[file:hashes.MD5 = 'f6522e5b6952a9dbd399b1de16afce19' AND file:hashes.SHA1 = '9b585459a1a7c1a3bc73b5a2150f96b4840e397b' AND file:hashes.SHA256 = '3777619b23c946d08a275d374bcaf3add3e377722f9e24157cd2cac3861532c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4162df1-da6f-4448-b4b5-d6c6b8bf313b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:38.000Z", "modified": "2019-12-11T09:09:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T12:23:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a32e8218-3752-405b-85ea-4f3675ce3d9a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3777619b23c946d08a275d374bcaf3add3e377722f9e24157cd2cac3861532c8/analysis/1574770986/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4819f81-d8cb-4016-99ef-6579d1f7a739" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c2b70550-521e-46bb-aad5-8c918040f829" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--debf20d3-7b2e-4364-80bc-ce7d116f0901", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:38.000Z", "modified": "2019-12-11T09:09:38.000Z", "pattern": "[file:hashes.MD5 = 'e26edd7b1f318f4f44667bf915330180' AND file:hashes.SHA1 = 'e83c613556b8a4f1604f8aa5908152af7283555a' AND file:hashes.SHA256 = '0da7ebb8576f1ff0989c85b370bd8113bba622619509f64570dcfcc751bbd5eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ac2df624-1ecb-4b0c-ba28-8948b4203c6b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:39.000Z", "modified": "2019-12-11T09:09:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:34:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e49f6436-ad75-47d3-8342-0d9b021713e1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0da7ebb8576f1ff0989c85b370bd8113bba622619509f64570dcfcc751bbd5eb/analysis/1573961683/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a622d0c-c886-4045-a2a0-360a4a287a87" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8f05ddc-a7cf-47bd-9446-e5cacd279111" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d2b033b-9412-4234-ba79-ecc2b81ee7c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:39.000Z", "modified": "2019-12-11T09:09:39.000Z", "pattern": "[file:hashes.MD5 = 'e9b79d08fe6d48317ffb5f46b46cdf10' AND file:hashes.SHA1 = 'ee61162ab3dcc6fbe10a9f95d6616527db3c350e' AND file:hashes.SHA256 = 'ec8983d519b411aeef042ad15f794e817855421f0cf4d00c3e858c4e6817cedb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--32b4bfb7-fa21-471f-ab73-c2107993457e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:39.000Z", "modified": "2019-12-11T09:09:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T05:43:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5b3fa95-d8fd-4756-b73c-dbb8440de595" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ec8983d519b411aeef042ad15f794e817855421f0cf4d00c3e858c4e6817cedb/analysis/1573710197/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c81529ae-9f90-4860-803b-a980cb557cbf" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2a712caf-6426-4412-a63b-7c6e859ff3ef" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19cc2434-e10e-41ab-8507-f4fdafb4d98f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:39.000Z", "modified": "2019-12-11T09:09:39.000Z", "pattern": "[file:hashes.MD5 = '482e67212aea2c19178a77b958478d07' AND file:hashes.SHA1 = '51c73bc65b75cf273cc15d538ad2b489001f797e' AND file:hashes.SHA256 = '43bbf8b4bfa3ead1ceac9c7813c1d848f446886c83274dcd1c98ff2240249684']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ba0df8a7-c288-43c1-9721-e9471d8d902b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:39.000Z", "modified": "2019-12-11T09:09:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T17:30:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7d74727b-b0ad-441d-a958-7dd7ca602629" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/43bbf8b4bfa3ead1ceac9c7813c1d848f446886c83274dcd1c98ff2240249684/analysis/1573493445/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9ad8915-24bd-4388-94e1-a6c5f1527e3e" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "50bb23a8-fc5d-4323-98dd-e3f6cdbab1ff" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--990911cd-1546-4834-8afe-22d4f992f8f2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:39.000Z", "modified": "2019-12-11T09:09:39.000Z", "pattern": "[file:hashes.MD5 = 'e199264e51501ff1e7a28b02b974540c' AND file:hashes.SHA1 = 'b1924fd0fdb23aa2d16fcaeba718fbe3f54cb055' AND file:hashes.SHA256 = '9756df0c33af1509974388fc6f1c01ba737ff750a010fe33f6b310c29232bd99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f9578ad9-21bb-40bc-8fd9-a0c401d70399", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:40.000Z", "modified": "2019-12-11T09:09:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:32:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "51359e8a-ddb6-44b1-9919-87e9bde261a8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9756df0c33af1509974388fc6f1c01ba737ff750a010fe33f6b310c29232bd99/analysis/1572888725/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70a32908-65b2-49ba-a0e5-4ee4fe62f543" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "614c1d28-d3ef-419e-889b-49e321ac15a1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61649bc8-85ea-4a00-a42a-ab2733d534ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:40.000Z", "modified": "2019-12-11T09:09:40.000Z", "pattern": "[file:hashes.MD5 = '30d1e8ea9539ced99a9ac78163c23a88' AND file:hashes.SHA1 = '2e999fbfe02969863c801be20adcd6d8f606ec27' AND file:hashes.SHA256 = '64ecad0a55b2950a40af2c2c6b67177b54ccac3a97e417ca42d0c55ce4b365bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--03f94760-3040-4661-97dc-901931fcdba8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:40.000Z", "modified": "2019-12-11T09:09:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:36:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1e6d7bec-dcb0-4790-bf70-b25645223d4d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/64ecad0a55b2950a40af2c2c6b67177b54ccac3a97e417ca42d0c55ce4b365bb/analysis/1573961787/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71e745ca-c237-4959-a694-7db627254d00" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47b40950-2ff8-429b-8e06-8ac87f3d5a2d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4f14f254-78de-4214-bc39-c0df5a560d29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:40.000Z", "modified": "2019-12-11T09:09:40.000Z", "pattern": "[file:hashes.MD5 = '0524f6867de7c46bcdb40f8104d899e7' AND file:hashes.SHA1 = '4fcd95350adfde60b1ff4048c75d4061c3d24704' AND file:hashes.SHA256 = 'c7c31829c31467ef1ec99d169682c80a15ea6940249dd28e5d206a493e66b0a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--93e1d54f-78bb-4456-9ad9-20a0684a8c5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:40.000Z", "modified": "2019-12-11T09:09:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T08:12:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9b37653f-2cce-4196-99eb-275b5528f53d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7c31829c31467ef1ec99d169682c80a15ea6940249dd28e5d206a493e66b0a1/analysis/1573373543/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31567505-23e9-48e5-b37b-f345dfa48b07" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e29230a5-8361-4e3c-81bb-2f02e9c0eb03" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cc552f1-b224-4112-a745-d38d157a1970", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:40.000Z", "modified": "2019-12-11T09:09:40.000Z", "pattern": "[file:hashes.MD5 = '5525502305d74d0b9af894b97a7c58e0' AND file:hashes.SHA1 = 'c7bf167b27d0555d8fca888560484f316814fdc2' AND file:hashes.SHA256 = '3fff30a09c222236dcbbe2ba82d30222a391b6d6fc5e11660b5e32910990b097']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--011facc9-5dcd-4acb-9b28-35f8abb33b32", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:41.000Z", "modified": "2019-12-11T09:09:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5254b494-741d-47b3-8714-fffa64c7b053" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3fff30a09c222236dcbbe2ba82d30222a391b6d6fc5e11660b5e32910990b097/analysis/1574062643/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e6fb0ea7-602a-4a6b-8ccc-7b0de92c430d" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c10175a-cdd5-4a1b-a7d4-a2f769220a50" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6451bdc5-05f7-46ac-bb4a-2ebbe7779aa7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:41.000Z", "modified": "2019-12-11T09:09:41.000Z", "pattern": "[file:hashes.MD5 = '2177272c65f8e1795f4110e277abd0a4' AND file:hashes.SHA1 = 'a112102cd58e7c09df74c8d40ad382bac3b4222d' AND file:hashes.SHA256 = '28496862543b5f6201b033f7ab19e390b3a7915b7d3557629f3d2f2f8292a586']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1c344cfb-d472-444d-8ac4-89d0a9fe796f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:41.000Z", "modified": "2019-12-11T09:09:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:33:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6f9d2ca5-c123-4d54-94bc-2ff6af1b3de2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/28496862543b5f6201b033f7ab19e390b3a7915b7d3557629f3d2f2f8292a586/analysis/1573961621/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "700c10a6-5341-4e83-ae9b-ffad2c4bc9ce" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bee63a98-a27e-4ae8-834e-edaa1b41a97d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c830d89-4fd2-444c-b4e9-dee3d0c4c995", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:41.000Z", "modified": "2019-12-11T09:09:41.000Z", "pattern": "[file:hashes.MD5 = 'abec55126b258d3fc41c54f59b3f5da0' AND file:hashes.SHA1 = '702c200316ab16450d49b90664f197326f6e1517' AND file:hashes.SHA256 = '9df13782a06a77cffe00501500a6c75edecf37d04bd532eb3a1c7995167e087b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--993b393f-8537-40ce-98a2-0b9c885656ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:41.000Z", "modified": "2019-12-11T09:09:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T17:14:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "60b5f2b3-c602-4f72-b1d1-678d3b919c41" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9df13782a06a77cffe00501500a6c75edecf37d04bd532eb3a1c7995167e087b/analysis/1573751682/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0a0857f8-bda4-450c-9d27-65736dc4f279" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f206f0ce-9b7e-4b0b-86d1-df5501fc4071" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b69acd0-5b57-43b4-bb0e-8533ec34f7eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:41.000Z", "modified": "2019-12-11T09:09:41.000Z", "pattern": "[file:hashes.MD5 = '08e12ed3fc6fde77eb8da82f6be7c4ce' AND file:hashes.SHA1 = 'b92363b2f5f9ad7866fc540503aafd2e79f142c0' AND file:hashes.SHA256 = 'cda99d9277b3b982db98b7896280ca67dfb7e7434ef99b1a31f4de8e3faf4d81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4a5a3841-ab89-40a4-bd73-520e5c71800f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:42.000Z", "modified": "2019-12-11T09:09:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:30:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5730891c-a51a-431f-a1d0-31d1a505c0bf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cda99d9277b3b982db98b7896280ca67dfb7e7434ef99b1a31f4de8e3faf4d81/analysis/1573421453/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ee57ec0-cf50-477d-9e23-84738d1a0505" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "64ade015-1e59-4467-a30a-81b0499ca714" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--015ec164-a274-4459-a93d-7f10c3d98b92", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:42.000Z", "modified": "2019-12-11T09:09:42.000Z", "pattern": "[file:hashes.MD5 = 'c70ffa3be5016526a8e83d705d618220' AND file:hashes.SHA1 = '01660923057d7f7922b328fa9bb40c080c00c2b7' AND file:hashes.SHA256 = 'eae7fa17ec085510884e359794e7bd645ea09a541f8056c364622fb972b83e7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8bc83cd6-5f03-42df-ba44-f321406ab01f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:42.000Z", "modified": "2019-12-11T09:09:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:32:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8c867e12-4db4-42cc-85bd-8e695c3fb444" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eae7fa17ec085510884e359794e7bd645ea09a541f8056c364622fb972b83e7b/analysis/1573421540/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c6808a2f-1546-4b3b-ad87-89a6556e47de" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b4b8600-770e-4337-bce0-589f7368e1a5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa2a4eab-c640-495d-88e4-0c396fde1f7a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:42.000Z", "modified": "2019-12-11T09:09:42.000Z", "pattern": "[file:hashes.MD5 = 'a692d7b4287352419217323e6b1fec1b' AND file:hashes.SHA1 = '7680a46865358e61460fef09155690d1663adc6b' AND file:hashes.SHA256 = '6fad038452d694046a6040b37057598bb05cbd6d898b92da03d9af7d8bae9d64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1423a5bf-6b87-40a1-ba85-90cb015c11bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:43.000Z", "modified": "2019-12-11T09:09:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T11:39:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ef369b82-316c-4d1b-9674-8753fa274221" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6fad038452d694046a6040b37057598bb05cbd6d898b92da03d9af7d8bae9d64/analysis/1575027561/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd960e97-c650-4803-b5e1-69b0fb8f7a87" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4145de73-a2f6-4c29-83dc-d71a334becfe" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ace7defc-9735-4613-b3fb-9e31125f1eda", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:43.000Z", "modified": "2019-12-11T09:09:43.000Z", "pattern": "[file:hashes.MD5 = 'efd98b175d9920697712732364ec5114' AND file:hashes.SHA1 = '87895e1372a0f953d7ee7c8bfeaf6833ddf09b2c' AND file:hashes.SHA256 = '9e655561670e1d8c0b424a935b58d1b9e62dd507fdd177b7695bcbf47ae1e7a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--577481d1-9d6f-4c45-aa66-1db3601b5411", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:43.000Z", "modified": "2019-12-11T09:09:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:15:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71725104-3744-4e29-a3f1-a3b0f1161dfc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9e655561670e1d8c0b424a935b58d1b9e62dd507fdd177b7695bcbf47ae1e7a8/analysis/1573985735/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ec13cb74-b1f9-491b-8396-be670609583e" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71c15372-4d43-48ad-9023-20fff9d4ea68" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--675f1102-34a2-470f-9f12-3fcb2530b2da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:44.000Z", "modified": "2019-12-11T09:09:44.000Z", "pattern": "[file:hashes.MD5 = '92f6e45fbc289d7f8af63a9ebeadc175' AND file:hashes.SHA1 = 'df7d3259998b6b8d9a97d4f10c44e5e7bb984eee' AND file:hashes.SHA256 = '118c8b83363e1361c0e5687df0e6c8d4d5d265cd84ba778a6b7bd7a27f179c54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--81363ce4-7dce-4ffd-bd43-7f1056a446fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:44.000Z", "modified": "2019-12-11T09:09:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T14:07:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2eab96ef-b98f-42f3-8720-8bb5dbab38c7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/118c8b83363e1361c0e5687df0e6c8d4d5d265cd84ba778a6b7bd7a27f179c54/analysis/1574777243/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "11e17d21-c530-4e69-8822-5de2a8546973" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "adcb378d-8812-470f-a47b-bff3b76e0b39" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6db377f7-be37-4153-be95-4aa62e6fcd17", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:45.000Z", "modified": "2019-12-11T09:09:45.000Z", "pattern": "[file:hashes.MD5 = '7f570b96698db9352a05824272457c31' AND file:hashes.SHA1 = '015a87a15943cc7dcf1b1b4dcce55fa8839ae3ad' AND file:hashes.SHA256 = '1eb43cca04f207dd7a107c81496a9dea67c457827c593ede89e75b4bd5b317f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e05a9b63-89b4-45cf-b76b-cbde69e1641c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:45.000Z", "modified": "2019-12-11T09:09:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:15:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f166d8d4-3317-46be-bf98-a13329fc246e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1eb43cca04f207dd7a107c81496a9dea67c457827c593ede89e75b4bd5b317f3/analysis/1573985744/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "97a5ee98-0dc9-41ff-99c2-548fd3c315d4" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d1270a0-c2bd-491e-9b70-25736200d0a5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3b2ddaa-5eb1-4e4e-9679-718ef9d63591", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:45.000Z", "modified": "2019-12-11T09:09:45.000Z", "pattern": "[file:hashes.MD5 = '875aca73e60ec9be5eab257a24287bd7' AND file:hashes.SHA1 = '54afaf6f72c076dd1650a5ea2fce20e099aa3b03' AND file:hashes.SHA256 = '7a7c7d75c04c7a22240ee8223dd9161c4cc06d3f5f442ceba055af748aec487e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b38f14f9-08fd-4d10-88a0-a050bbb3de6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:45.000Z", "modified": "2019-12-11T09:09:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T15:11:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1800865-988c-442a-a001-b727f2fcf9ab" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7a7c7d75c04c7a22240ee8223dd9161c4cc06d3f5f442ceba055af748aec487e/analysis/1575040308/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7617fff-cf17-4d86-957b-896b141c4974" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26e9399d-d247-4d20-aaee-9cc1156fd35c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91cb5c59-36ac-407f-9255-7fbbd82f25a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:57.000Z", "modified": "2019-12-11T09:09:57.000Z", "pattern": "[file:hashes.MD5 = 'a9a638a304a5a6d3d25583e60c438b72' AND file:hashes.SHA1 = '02103ba4cda03fda90c51e453b4c238286f3a449' AND file:hashes.SHA256 = '6b74139432e8eb9cfa5d695952798be4dcc2930e0718ff1e5ea9fbed0e9fe15b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--59db51e8-4f1a-449c-94fe-e24d0a282761", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:58.000Z", "modified": "2019-12-11T09:09:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:07:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "41033cec-6172-4ea7-bf60-0b751774d798" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b74139432e8eb9cfa5d695952798be4dcc2930e0718ff1e5ea9fbed0e9fe15b/analysis/1574251620/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05bf3c87-f606-4a8e-ae16-97100b7ff822" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0f1dfaa-6781-48c2-8f15-fe340faedb96" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c706bcc7-088f-4f88-a120-ffc65a6a06e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:58.000Z", "modified": "2019-12-11T09:09:58.000Z", "pattern": "[file:hashes.MD5 = '8d733714b962d08709dea8b2fa6ba342' AND file:hashes.SHA1 = 'fda40d854a2ada108330a43a978922f1518ea2fd' AND file:hashes.SHA256 = '43ff3a3e53fe58d6b356a772b77df9caea2bb07e133a0bba78f64332b415d4ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c6d0459f-086d-497c-9855-c5447d1825d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:58.000Z", "modified": "2019-12-11T09:09:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T18:16:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1045087f-6144-4fd4-bc92-a2b7abb10a52" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/43ff3a3e53fe58d6b356a772b77df9caea2bb07e133a0bba78f64332b415d4ce/analysis/1573928188/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31670568-1a57-4176-8541-d992087d2122" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c09089a-16cf-493e-9f25-6d917e4e62f8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c7b7be9-c366-49d8-b8a9-754aa1b93f55", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:58.000Z", "modified": "2019-12-11T09:09:58.000Z", "pattern": "[file:hashes.MD5 = '556124dbf325a39c42c790fc035a76d7' AND file:hashes.SHA1 = 'dfbfe998648d375ea20dc6152e976ce361879125' AND file:hashes.SHA256 = 'e9b23b87a3d7cf6c408c0eeb588ff11f73c6e3ac8a2496550a3c0481758178c5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e287d0a2-e783-49d0-8410-7f42e413f841", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:59.000Z", "modified": "2019-12-11T09:09:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:24:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c39e090f-507e-4326-b65e-837e0cea9bcc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e9b23b87a3d7cf6c408c0eeb588ff11f73c6e3ac8a2496550a3c0481758178c5/analysis/1574781862/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c2d4181a-aeed-4094-873d-03c7f7fd4bde" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "52de6381-6c5d-4f43-a3ed-a3625cea8bb4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f6d211a-d796-40ed-bc41-c369ed217261", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:59.000Z", "modified": "2019-12-11T09:09:59.000Z", "pattern": "[file:hashes.MD5 = '0b05361bb9164460a23766bf077ee61a' AND file:hashes.SHA1 = '538a4370b9fb6e20ab09b715fb9298b45da176df' AND file:hashes.SHA256 = '0f3bf370122c4d1ebcad5f2dcb6f4b60486953427ba8c95176df3298d1b5db85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2aad3842-22c4-4221-b87d-12265d43a1b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:59.000Z", "modified": "2019-12-11T09:09:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:33:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a037844a-afae-43b6-abdf-9f9e20ac0bff" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0f3bf370122c4d1ebcad5f2dcb6f4b60486953427ba8c95176df3298d1b5db85/analysis/1573961629/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8c637415-d618-4fbe-b040-e727923ab0ea" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1dac213a-9d3f-4957-b8cd-c24acb663fa8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ea2d283-1a5d-4367-8812-0fa934532135", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:59.000Z", "modified": "2019-12-11T09:09:59.000Z", "pattern": "[file:hashes.MD5 = '4f7f584708193cfc5661680c7baa4766' AND file:hashes.SHA1 = '3a65b4728573c818f47284e3e06f7ad37de5ef83' AND file:hashes.SHA256 = 'e9f6f49c3ca9a3eb7a4007b42b14c0621e5a01af78c9cdf2994cdc4c3333c4ee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e0e2a5a5-ef08-4488-8570-06d814722566", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:59.000Z", "modified": "2019-12-11T09:09:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T20:33:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2a234ae5-2265-4c94-8ec9-da9a829134c6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e9f6f49c3ca9a3eb7a4007b42b14c0621e5a01af78c9cdf2994cdc4c3333c4ee/analysis/1575405181/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "56ca0025-2621-4e0c-b541-5e0eff0cbb3a" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "24aefe1a-58d1-4ba3-8008-b4edfa1806f7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8da2265b-d8b2-4191-9bf2-c7267078f161", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:09:59.000Z", "modified": "2019-12-11T09:09:59.000Z", "pattern": "[file:hashes.MD5 = 'b7b184ebf29fe761eb84074e143dcd29' AND file:hashes.SHA1 = '296e7eee893e6f590cf469b37fb9ca54822e8e5c' AND file:hashes.SHA256 = '9bc659247414c693997f6f7dae795f529a35ccd4bb21184b35b205a022f4985a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:09:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c3af7af2-ddde-4ee9-8d96-17be802ef8b2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:00.000Z", "modified": "2019-12-11T09:10:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:56:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bbcdb34f-ec1e-40e8-8854-5ada101f3c77" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9bc659247414c693997f6f7dae795f529a35ccd4bb21184b35b205a022f4985a/analysis/1574250997/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "469634a0-ddc5-4575-9f0a-70f56c8016d8" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0eb9c9e1-ada6-40a0-9198-789a0884a829" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a5b77d6-e8ee-44e7-b9c6-4d6a1344883d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:01.000Z", "modified": "2019-12-11T09:10:01.000Z", "pattern": "[file:hashes.MD5 = 'da538e50b129da152f58576f9bed0aee' AND file:hashes.SHA1 = '2d5b82194a5673726d22d46f7c8b19ef4d21982d' AND file:hashes.SHA256 = '98e70fef469167aa28027be07072243d4bde148f8af364d245b761729fe735de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a5e5117c-32e1-431a-80af-f302be915453", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:01.000Z", "modified": "2019-12-11T09:10:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5320cb49-7ee1-4ced-bf17-fdaad8bdc81a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98e70fef469167aa28027be07072243d4bde148f8af364d245b761729fe735de/analysis/1574062641/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "07af7209-f7b2-45e6-857b-98018eba1c92" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "138f5972-f202-4f16-8b13-307e4828a723" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8c1cd66-8313-44dd-baa4-e5d56c6cb036", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:01.000Z", "modified": "2019-12-11T09:10:01.000Z", "pattern": "[file:hashes.MD5 = 'eaa4a1e55fafdf295bdfc93e1e889304' AND file:hashes.SHA1 = '803873d38a16fa470a0d57706bd05029893d776c' AND file:hashes.SHA256 = 'f09818b84326d48a0b7984283679e999111b47aa06e5ae5647e8b28c06256ce1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--369fc7e4-6cec-4030-81a2-6ddab8cad305", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:01.000Z", "modified": "2019-12-11T09:10:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:09:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d966e3a-81d2-4d04-b10c-eca9a9e58791" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f09818b84326d48a0b7984283679e999111b47aa06e5ae5647e8b28c06256ce1/analysis/1574251776/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e6be2a4d-7cc1-4de0-9b2c-216045673ee6" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b33698d1-822f-4181-a3f8-b6d54dca45f9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c7bfd5e1-211d-4900-8e62-017d2241fa53", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:01.000Z", "modified": "2019-12-11T09:10:01.000Z", "pattern": "[file:hashes.MD5 = '94d017f2a9e6c649954237ef47ab3336' AND file:hashes.SHA1 = '4cf851b693768b6ec2905e4ae08b146fdc5574e5' AND file:hashes.SHA256 = '44e6c50c223f82ebd0700bfe9a0c1d4f9f9d95bd49f82e2a6f6d800e60c53bf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf234a47-3939-440d-a2b0-977f4ddc4990", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:02.000Z", "modified": "2019-12-11T09:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:59:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fdf122e5-1b40-4449-a667-20c2998d364f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/44e6c50c223f82ebd0700bfe9a0c1d4f9f9d95bd49f82e2a6f6d800e60c53bf8/analysis/1574546369/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "754376c9-4a54-40de-a401-c7643bdb73c5" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c70e2d0-3189-4c0a-ae00-4d2c1b4bd911" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47d1ccaf-3093-43cd-8a5f-abb12fef0733", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:02.000Z", "modified": "2019-12-11T09:10:02.000Z", "pattern": "[file:hashes.MD5 = '9bde0ec5506e44db25abfc0d5d8ba71a' AND file:hashes.SHA1 = '0930b4c9b578d25a0d782a8dc78a8edaee82bb7d' AND file:hashes.SHA256 = 'bd8bfa884d792afc2d037da121f3bf122b90a724d406cff50b9fa34739ab7095']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dadd1af2-cc8a-4206-bbfd-4b710a5a569f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:02.000Z", "modified": "2019-12-11T09:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T14:25:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "10127293-eeb7-45fb-984c-12314878457b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bd8bfa884d792afc2d037da121f3bf122b90a724d406cff50b9fa34739ab7095/analysis/1574778347/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "40a5e49b-6e19-4c37-bb89-eae74d272646" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f0177219-5f26-4cb9-8355-0984ad918dcd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e636c9f8-0933-4361-8337-e8098023cb5e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:02.000Z", "modified": "2019-12-11T09:10:02.000Z", "pattern": "[file:hashes.MD5 = '0d5166a4067b16696a520a5f7252a516' AND file:hashes.SHA1 = '08a66a288695b241ee60381c528a20e2453d7253' AND file:hashes.SHA256 = '7e1b9dc4c57c34e2c2acf28e6032cc7b944cd840de765c97cd6b1d936836498d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--16aaef18-7758-4ba3-9812-1ae52cdd54a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:02.000Z", "modified": "2019-12-11T09:10:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:01:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e31d8ba-aee2-4fa1-bc94-51f82acf5dea" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7e1b9dc4c57c34e2c2acf28e6032cc7b944cd840de765c97cd6b1d936836498d/analysis/1574334113/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd7b2178-1ba5-450a-8f28-20d8aac2e8ef" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "18a884fb-7599-4c46-a156-55fb1e2efcbd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--155289df-5fee-414c-aae6-246a6d8d67af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:03.000Z", "modified": "2019-12-11T09:10:03.000Z", "pattern": "[file:hashes.MD5 = 'ac931edd5585f89d011cf0487a64de16' AND file:hashes.SHA1 = '312d3dc9e588675cf0fcb83332cd045b18d32b38' AND file:hashes.SHA256 = 'ef5c29d77fd28e3263573cfd998650040d586316a37b82d6b7646872255ef3b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2498acd6-03c0-4697-8313-4dc82677d7af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:03.000Z", "modified": "2019-12-11T09:10:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T07:26:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0c546e3a-65e5-432d-9326-e8f4e66fd02f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ef5c29d77fd28e3263573cfd998650040d586316a37b82d6b7646872255ef3b0/analysis/1575012406/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2724ef7-c870-456d-8b6f-6ce35ab2a8b7" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a20c5ad8-6c7c-440c-8aec-df41016c92d2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a453afe2-b3af-428c-8bc2-7556df970d28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:03.000Z", "modified": "2019-12-11T09:10:03.000Z", "pattern": "[file:hashes.MD5 = 'fe675ec0daffce8776e0fde217d5cb29' AND file:hashes.SHA1 = '5e58c147a005af32f3501fa34d8c7d4f9485d77e' AND file:hashes.SHA256 = '305cf6af8c1e6d52eba30a3f826d9b0439b80d9fc78c194ce50559321d62df1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--40ee550c-f33f-416f-8062-f598e5df8cea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:03.000Z", "modified": "2019-12-11T09:10:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T04:39:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8e8edbd4-3bb0-461d-a1a9-6dbe98c012a4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/305cf6af8c1e6d52eba30a3f826d9b0439b80d9fc78c194ce50559321d62df1c/analysis/1574829563/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f16ba806-84a3-480d-8f0f-ef4796038a36" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2dd55813-f083-4eeb-9e90-ce22fdaf89ea" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d92a99d2-502b-4f2f-97a0-c29bb9d7700c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:03.000Z", "modified": "2019-12-11T09:10:03.000Z", "pattern": "[file:hashes.MD5 = 'c81fcd8f0cec4bc592ac8190b6ef5c3b' AND file:hashes.SHA1 = '2d44aa3d8183fb671239c3424ce1b0391cec260b' AND file:hashes.SHA256 = '964fd889c72bc6b5e553c6548001795d10c1d87cadcbfe248c766a5a7c931424']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ae563ce4-619c-4135-834f-765f58f1f407", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:03.000Z", "modified": "2019-12-11T09:10:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b91ce030-9228-4a86-92e2-7ae13898f0d5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/964fd889c72bc6b5e553c6548001795d10c1d87cadcbfe248c766a5a7c931424/analysis/1573722654/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5f4a997e-9261-4ab0-9e84-b5c52be912f6" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce49141c-9ec3-4434-ba93-9b98dcdaca71" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8aedd19c-eb4c-4633-9ca0-0aeddb3f9b25", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:04.000Z", "modified": "2019-12-11T09:10:04.000Z", "pattern": "[file:hashes.MD5 = '94482f0d86edaa499615c0692ecd26e6' AND file:hashes.SHA1 = 'c0fa7209f19b5659007cdac3ce97ab31233ce235' AND file:hashes.SHA256 = '9d7f87b56eafb20acf39a0be08e077c02f40e2f8f08cf661b57902600de78c70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--120de50a-2248-4f0f-815c-514de8b09acb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:04.000Z", "modified": "2019-12-11T09:10:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:47:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15ac9e54-89e0-4d1b-8ae1-514bbcea953f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9d7f87b56eafb20acf39a0be08e077c02f40e2f8f08cf661b57902600de78c70/analysis/1574333279/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc25bf91-b8c5-4e11-b64a-f641d9a9aafd" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7c1a5fd4-4f12-4334-9868-00c1669638d6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba5ab5ce-0a33-4542-a2c6-acf788063952", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:04.000Z", "modified": "2019-12-11T09:10:04.000Z", "pattern": "[file:hashes.MD5 = '18325c0cd3a99e7c6000fae5a30b7715' AND file:hashes.SHA1 = '84ff8afb5569b5af694eb5489f8e73a94c5da89e' AND file:hashes.SHA256 = '3e9666def4f1f0d096d02d0c15738e99da05da2a52b64dd5a4229d6548ad37e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3f175ab2-692a-475c-866b-75cdea27be4e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:04.000Z", "modified": "2019-12-11T09:10:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:27:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "55118407-b89c-4aa8-b88a-be1ff23138d6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3e9666def4f1f0d096d02d0c15738e99da05da2a52b64dd5a4229d6548ad37e9/analysis/1574332055/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be91c606-2b60-460d-bbd4-26d5b8553bc0" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "378e60c2-7459-4278-b906-2704e530e885" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9fdd4876-a0f2-41c1-8920-8c5639670d0f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:04.000Z", "modified": "2019-12-11T09:10:04.000Z", "pattern": "[file:hashes.MD5 = '36995ba1fb1f685d76f96c68f38f682f' AND file:hashes.SHA1 = 'a5278b409228aeb0add5c72494d9f4202b5fda88' AND file:hashes.SHA256 = '14baf0bc72990bb2cc414f2384825a5985be5cce2bdec55e1f3fc1c3c404490a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e1e38f60-2397-432a-a393-b1b28a3ba0ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:05.000Z", "modified": "2019-12-11T09:10:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:36:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47e4db4b-5ec9-45ed-87cc-5b5abb9a0805" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/14baf0bc72990bb2cc414f2384825a5985be5cce2bdec55e1f3fc1c3c404490a/analysis/1573421760/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ccbf180c-c1e6-4ac0-8275-0e48842c92af" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4555f483-a5ce-46f8-a6b5-ffac3a941425" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02377d96-8f68-42a4-aafe-e7c43db64444", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:06.000Z", "modified": "2019-12-11T09:10:06.000Z", "pattern": "[file:hashes.MD5 = '680cc92eb16fb4863d51c8d47304c6e9' AND file:hashes.SHA1 = '64c9ac6aa0c14e1f019b3010690b22ca91281e9d' AND file:hashes.SHA256 = '2843f7de1d188c9a2f962d64ab487c600c1d9ba38a9d3982f6d8fef7dcbd098b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--455b6ebe-18f0-4ac4-ac15-e7f2af8eb699", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:06.000Z", "modified": "2019-12-11T09:10:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:36:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd2a6c54-2618-4a82-b207-47beee49ee63" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2843f7de1d188c9a2f962d64ab487c600c1d9ba38a9d3982f6d8fef7dcbd098b/analysis/1574332577/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "98403f93-d643-488f-905d-985669f66489" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2eb854e5-843d-4292-8a45-da3842e797fa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--beb1e4fd-15b4-4f26-a4ce-4e4b33b11e04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:06.000Z", "modified": "2019-12-11T09:10:06.000Z", "pattern": "[file:hashes.MD5 = 'e6a4c20e92708fa52cc2c864e2e125c9' AND file:hashes.SHA1 = '53139df79067629035cdc9caa8ee3119d9b92bc5' AND file:hashes.SHA256 = '9be8d48ac5d6d49b306802ae9f5fc4a1e2de1feb453f4c1c49f64002548b0c9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--30c54480-288a-4424-ac2d-0072ec9b2fba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:06.000Z", "modified": "2019-12-11T09:10:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T17:25:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bfde81b4-9d5a-4c13-bacc-cd622c08c91a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9be8d48ac5d6d49b306802ae9f5fc4a1e2de1feb453f4c1c49f64002548b0c9c/analysis/1573061119/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15de50de-e084-40bb-a6d1-f03d247507a3" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5cf08dc0-1767-4b65-b898-3adba95ddcfb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f59feeaa-3635-48d2-8271-a8ba1ad32842", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:07.000Z", "modified": "2019-12-11T09:10:07.000Z", "pattern": "[file:hashes.MD5 = 'e2b2e3dc28849607f1506a882ff4a426' AND file:hashes.SHA1 = 'f65f7c83bf02c4657c92fc8a9781aecb737aa39b' AND file:hashes.SHA256 = '4a03361f7f8e42e62ca7e0d6bb843c67547e5f564d9bb484c326a10d70cf868c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--761365d3-43d7-4c24-a9a2-5f7f6c437746", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:07.000Z", "modified": "2019-12-11T09:10:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T06:05:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f4e76b9f-0b57-44c2-b71f-515089cdd7a5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4a03361f7f8e42e62ca7e0d6bb843c67547e5f564d9bb484c326a10d70cf868c/analysis/1573625124/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "efd08c90-e6d1-48fb-b854-85c0db0525a8" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9f4e0fa4-9907-4843-976f-7b9e512883f4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c380efd-b92e-4540-8b0f-cd6758f8b8d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:07.000Z", "modified": "2019-12-11T09:10:07.000Z", "pattern": "[file:hashes.MD5 = 'd38c25ed1bfa7f86d09a98ad56a07e2d' AND file:hashes.SHA1 = '00cfa9f7c6896a379ca547a577006ba61e6eee5e' AND file:hashes.SHA256 = '41ac143274f38597ad8cd849b40194a9ce8a340f2ac3ca81b00d03f78393c01d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--50513047-46b2-4b1a-9072-a647b4e3c329", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:07.000Z", "modified": "2019-12-11T09:10:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T09:33:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5aee9e79-3e94-49ef-a537-bc152f8bd00f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41ac143274f38597ad8cd849b40194a9ce8a340f2ac3ca81b00d03f78393c01d/analysis/1573637598/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "974cb84f-2bf9-4b78-b585-83594958243d" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb105ff5-cb97-43af-a9ab-f6eb61b00077" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1505983b-85d8-4be4-ae57-08b47195939b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:07.000Z", "modified": "2019-12-11T09:10:07.000Z", "pattern": "[file:hashes.MD5 = 'b28f24076e89b67f981ced42512e2d25' AND file:hashes.SHA1 = '02eae0fc4b0a8089e374670d5817562467b285d6' AND file:hashes.SHA256 = '32cec4a49f598adebc5858e6b6514968a5b6e367b6b0434361371e65c45bfe21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--69b4d08e-f41a-4e06-8e1e-ffe262cae494", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T14:03:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4aae916d-5e5f-4d1d-a90a-83abc43e93fb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/32cec4a49f598adebc5858e6b6514968a5b6e367b6b0434361371e65c45bfe21/analysis/1572962628/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0700249f-e3df-47c7-ac85-b264d99038f5" }, { "type": "text", "object_relation": "detection-ratio", "value": "15/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74c2ab5a-8433-490b-a7d7-7ee4c0645ba7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--524b27f3-92b9-471e-a88e-06274ac0bcdd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "pattern": "[file:hashes.MD5 = '327f6f19a638af19448aef2fc6bb93c3' AND file:hashes.SHA1 = '600722658b71097ec753466b00adc879a7b3d159' AND file:hashes.SHA256 = '5a0da68d7f847acdbc07bef59b2f6cefae83ba6d0f10686ec2fc37526c0f9c91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2761f328-46ae-4324-8cf3-e9aee76859af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:37:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99a8869d-46b9-47ec-8e60-810a74e3609b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5a0da68d7f847acdbc07bef59b2f6cefae83ba6d0f10686ec2fc37526c0f9c91/analysis/1573961825/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b3e1f258-ea59-4f0e-82d0-6a29ccce2a94" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "511f0f59-3ae0-42b4-acb5-ca73c79504d1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e014ea4e-91c1-47f0-8716-dd67fc7e1091", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "pattern": "[file:hashes.MD5 = 'ba1aa28a2b6d7359437e8d0db7a2733c' AND file:hashes.SHA1 = '731b4bcd385c1bf5336cd40b606390cf02866269' AND file:hashes.SHA256 = '9ab1db2fad7f75fd1fa2eb742d92e1a4d35e81627fe5fff55444956e5260b81b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--18b8939c-3f03-4037-bb05-bfa7cfa7b3aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:36:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "190bd1a8-cdb1-4580-88f9-1ebb17382ae8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ab1db2fad7f75fd1fa2eb742d92e1a4d35e81627fe5fff55444956e5260b81b/analysis/1573961802/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f9165177-9872-4b22-9dc6-b900e32bea2e" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "853effe0-41b4-4daf-b762-60e82fb9f703" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9985ce2-8055-475e-a517-a1a61e519d7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "pattern": "[file:hashes.MD5 = '46e9909b5483e52a87265eaef5e2b5cb' AND file:hashes.SHA1 = '55e353fc5958474a88c405c6a44236886e6ddd36' AND file:hashes.SHA256 = '20fead8a77400ccc5979691974048f9350cfeed23a6e5b2436ab0a9e314569aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a709d916-083e-40b8-84ae-e72053d94392", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:08.000Z", "modified": "2019-12-11T09:10:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:52:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "762d9860-876f-4263-b32a-20a351b1a93c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/20fead8a77400ccc5979691974048f9350cfeed23a6e5b2436ab0a9e314569aa/analysis/1574333522/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7ee13d20-6a8d-4517-852f-734d5c2842b5" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d262b203-3e2a-480e-b6ac-564c7d301f5b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9a0bfbc-49ed-4f12-95da-d2e7edfd20c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:09.000Z", "modified": "2019-12-11T09:10:09.000Z", "pattern": "[file:hashes.MD5 = '9d609151674a3e920b742974765c16f3' AND file:hashes.SHA1 = '5e375991421e260c5ff3b7186b3fe6ffdaf7bf03' AND file:hashes.SHA256 = 'f705030ef79d322bd6cfd6e08b53c2e62d5365d701df30a9fe3aeafe451a55e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ae2c2a2d-efb9-4a40-a0e7-01e923a24d31", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:09.000Z", "modified": "2019-12-11T09:10:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T09:16:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f10748fe-6ce7-4cc3-bb64-f07310bbc477" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f705030ef79d322bd6cfd6e08b53c2e62d5365d701df30a9fe3aeafe451a55e4/analysis/1573982180/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c8c2c69-060a-4b77-a89d-fc2a5cc2d52e" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "13fccd55-a4a8-43e0-b2a2-27b54d5231ff" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bea7e57-e22f-40c7-974b-33d10278a526", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:10.000Z", "modified": "2019-12-11T09:10:10.000Z", "pattern": "[file:hashes.MD5 = 'b9ded22c338dd45296e55b6995c62aea' AND file:hashes.SHA1 = '4898a509118e871c1a601751cc7a82f70f638714' AND file:hashes.SHA256 = '49c92940302ac4222b5d21359b50e30517b3b9cb05b2143d7f4384864652bdd9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7c0200be-0e96-40f3-b1f4-fd77050ea522", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:10.000Z", "modified": "2019-12-11T09:10:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T03:19:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0a75ac90-8305-4f74-b298-3f24a8ed0ad3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/49c92940302ac4222b5d21359b50e30517b3b9cb05b2143d7f4384864652bdd9/analysis/1574824740/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71ea09ae-0e9a-410b-b4bb-3b1a1ccf87f2" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d9915556-e426-42d0-b1ae-d8fd30d712fa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6288f9a7-f50b-4de6-ad89-3a208e06ff99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:10.000Z", "modified": "2019-12-11T09:10:10.000Z", "pattern": "[file:hashes.MD5 = 'd7ade5a254b8dd593ecddf2622509fc0' AND file:hashes.SHA1 = '4a0e33581a3fd264126968064f22a84aabcc237d' AND file:hashes.SHA256 = '84efdb78987a8fdbe3df5b927fccd2ab184ea905e29e3ac98176dfc0584570a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a801038a-da64-40d9-98ad-4a679fea56be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:10.000Z", "modified": "2019-12-11T09:10:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T10:02:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "77d3aaab-8d8d-4f75-b2d9-ed40975935c6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84efdb78987a8fdbe3df5b927fccd2ab184ea905e29e3ac98176dfc0584570a4/analysis/1575453750/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6075ef86-bf33-445c-af5a-6d86acb93222" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b779a103-0ae1-4d75-b928-fcab18cc2c9c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c134528e-87e8-4503-9697-134891ede3f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:10.000Z", "modified": "2019-12-11T09:10:10.000Z", "pattern": "[file:hashes.MD5 = '5e677d37d79ca042a793c4f3e482323c' AND file:hashes.SHA1 = '3a9293723063ce3a877e81fd4d64ae472da76edb' AND file:hashes.SHA256 = 'd5861e71eba45e19297cb1c120e37718e191c65c41478a50e5eed96b9cd4254b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b4b2203f-cecd-407e-ae29-2748c97aa26b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:11.000Z", "modified": "2019-12-11T09:10:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "555bd0bf-906b-4f88-a441-3df5cb3cca21" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d5861e71eba45e19297cb1c120e37718e191c65c41478a50e5eed96b9cd4254b/analysis/1573722648/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "294da1f1-4ec4-4f3d-97ae-a53c43ed0e29" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7fd23099-9468-4907-9528-3ec763744820" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22b3dace-f93e-4359-a836-03a21ca924d0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:11.000Z", "modified": "2019-12-11T09:10:11.000Z", "pattern": "[file:hashes.MD5 = '572b0b0c32ca640f24f7ed5b53700d09' AND file:hashes.SHA1 = '587b4e4a7f90e7b1a1b4c9340b21e3f0d138de27' AND file:hashes.SHA256 = 'a5d257e59a105af5c7002665a87c96c9c50b849d6fb7e0de686d6bfadf11cdc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d2dd428d-ad1f-4676-b67f-8de340cb58c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:11.000Z", "modified": "2019-12-11T09:10:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T09:27:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9f39bf10-47f5-4a18-901f-012f358c29af" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a5d257e59a105af5c7002665a87c96c9c50b849d6fb7e0de686d6bfadf11cdc4/analysis/1573550873/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "177d3b04-0a1a-4427-840a-cc2294b92b21" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "91dc0c4a-355a-4df4-9dbb-d5dc41aea997" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f780104a-9c5a-4335-930c-7d273716381b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:11.000Z", "modified": "2019-12-11T09:10:11.000Z", "pattern": "[file:hashes.MD5 = 'f5b63fb9de6d26300bf8457830a499d5' AND file:hashes.SHA1 = '8374284a7fa32f3909f2d34747dea43149165528' AND file:hashes.SHA256 = '34e500bbaf855bb4bd7208899b40a42a15d6c38ed09bffc1dcc64f481439ce15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4fdd419d-ea30-4669-8e1a-94000db3f917", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:11.000Z", "modified": "2019-12-11T09:10:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:22:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "89d201da-8e71-430f-9221-408bba7fcef0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/34e500bbaf855bb4bd7208899b40a42a15d6c38ed09bffc1dcc64f481439ce15/analysis/1574612530/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e506e33a-5d33-4244-9001-41518e5b4432" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ccefe73-5291-42e2-8f5e-6a3c2c4edf3a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f139ab3e-03f5-42e8-a2ff-a83a60d04010", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:11.000Z", "modified": "2019-12-11T09:10:11.000Z", "pattern": "[file:hashes.MD5 = 'f23199d68146eda90c1dd2b919ef0cdc' AND file:hashes.SHA1 = '376b7251d69813cb25ecb4d2db2415596d829c5f' AND file:hashes.SHA256 = 'd18604d8582e40a5b4dd358aff12f1ce422faaa204ef86264a5779ee2cedd0f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--68d7863d-3c4a-49af-afde-b71d15fe2078", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:12.000Z", "modified": "2019-12-11T09:10:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:01:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a2e57717-d95b-4d1c-a22e-f67a3d0d9be3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d18604d8582e40a5b4dd358aff12f1ce422faaa204ef86264a5779ee2cedd0f7/analysis/1574251293/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9af162a5-8ff4-4957-9bf8-d8302771e8e7" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "16afe49a-7326-4211-a4c8-f3965e40e8eb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83ac84b2-0bc6-4376-8c04-ac09e8e07d57", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:12.000Z", "modified": "2019-12-11T09:10:12.000Z", "pattern": "[file:hashes.MD5 = '676b2c8617ab25d7e355d7c668711412' AND file:hashes.SHA1 = '33ab975880d895d244cde1125d762fb6e284be2d' AND file:hashes.SHA256 = '63c4cce6d4abac25062b3826bbddf3fcf9920e86257bd0fbf32b78a1cea48b17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e7340379-0531-4697-bc6d-7d79e0c2185b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:12.000Z", "modified": "2019-12-11T09:10:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T06:26:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1f7d3ce7-2195-4486-93a8-c50a5f0df441" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/63c4cce6d4abac25062b3826bbddf3fcf9920e86257bd0fbf32b78a1cea48b17/analysis/1574922398/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "33be97ff-15f7-4816-ac5a-d1fdc53ae9c1" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "92baa110-ac9e-4e2b-9922-01bba25b1f88" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5b32bf-40e0-46d3-b152-78769ce84014", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:12.000Z", "modified": "2019-12-11T09:10:12.000Z", "pattern": "[file:hashes.MD5 = 'b1ccfd87caf7e3338615216377d49678' AND file:hashes.SHA1 = 'c06e85c2e165570c21b615c49dee16e2492defb3' AND file:hashes.SHA256 = 'd619f315ca6b1e9212d92e361a09ad01a2214326a435e25a33c20689343c6f42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--40d0eb49-b028-43e6-9060-8ab02e096e7f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:12.000Z", "modified": "2019-12-11T09:10:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:20:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a5c919b-851e-4dfb-b8a5-b98b2a334a3c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d619f315ca6b1e9212d92e361a09ad01a2214326a435e25a33c20689343c6f42/analysis/1574331640/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a24a3755-d0a5-406e-9463-bc4a8402b6d8" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e450b640-cdf1-40d3-ab58-cf824ee7557a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3c43005-5e8b-4a20-a478-2ab60bb3a0b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:12.000Z", "modified": "2019-12-11T09:10:12.000Z", "pattern": "[file:hashes.MD5 = '180cfbb40f697e852ab76e9d9ca0c4d9' AND file:hashes.SHA1 = 'b270db2f73db25a4e7a9ea66d350bd5f01ea5640' AND file:hashes.SHA256 = 'eab2961d1e43ebfe346bf69d1d424efa3553f9726299a40e45bdf2f743c101c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f1f0f739-5357-4e7f-95bf-487cc2e7e6dd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:13.000Z", "modified": "2019-12-11T09:10:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:23:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f42d7630-38d3-4a7d-bb12-a76cc9e5dbe2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eab2961d1e43ebfe346bf69d1d424efa3553f9726299a40e45bdf2f743c101c2/analysis/1574331782/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c8fc654-a7d6-4d39-9f2c-3f59cd7268ce" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2052017f-54fa-4e8b-afe1-84c6cb9207d0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9c1c6c0-12fb-4f2e-bf0f-bc2bf5a23885", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:13.000Z", "modified": "2019-12-11T09:10:13.000Z", "pattern": "[file:hashes.MD5 = 'f42fd153853ebfd4be2991c2235bc805' AND file:hashes.SHA1 = '3d065558c25f6dbbb5efecf94ee141eb1831fc72' AND file:hashes.SHA256 = '5b12baad329c9492712ab1c57b7e1e89ac507172d61d99da6f9fd2caf23be9be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--87c726c0-e744-44bc-9aca-2fb279195878", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:13.000Z", "modified": "2019-12-11T09:10:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T13:13:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "343839ec-3a59-44e1-856c-206085b034ee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b12baad329c9492712ab1c57b7e1e89ac507172d61d99da6f9fd2caf23be9be/analysis/1574082783/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5a64f5c5-a68b-4a56-9830-b3c957e3b6dc" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ddfcc352-0166-4ca6-9c7c-e0f8ddacf067" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e49b9428-97fa-4838-a129-b688d3c83d4e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:13.000Z", "modified": "2019-12-11T09:10:13.000Z", "pattern": "[file:hashes.MD5 = '0af99e4d7e439d9297eb9a4fb244dd30' AND file:hashes.SHA1 = 'f17f32b7870ec8930020dec871422ab21830f41d' AND file:hashes.SHA256 = '904f9899b4b829c44d8238d9510c487a16b053d38617d701c986438fc479e7d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5b535b86-7c4f-46aa-822c-2a6308169766", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:13.000Z", "modified": "2019-12-11T09:10:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T04:44:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ba713540-9e1f-4a8d-8921-062dbb0e86eb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/904f9899b4b829c44d8238d9510c487a16b053d38617d701c986438fc479e7d7/analysis/1575521088/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ff5d9888-0939-4045-a65e-f3eed4387f91" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "342f523d-d660-46b4-a0d1-f01a761fdb91" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e6120dd-95d3-4678-861e-06421dd709e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:13.000Z", "modified": "2019-12-11T09:10:13.000Z", "pattern": "[file:hashes.MD5 = '2c539838644f812d4a55abd29d54e05f' AND file:hashes.SHA1 = '27571c2ed8f1a68ea52b70913037c1cd70a7ac68' AND file:hashes.SHA256 = 'c8f3516e6579f1182c2387d42e28c9c26397b0ffb5819aecdd38e1dc60313ff4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4a0916df-a51e-4f95-9090-8237d80b625d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:14.000Z", "modified": "2019-12-11T09:10:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T06:12:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f1c06f13-3562-4e52-a9e7-daeb5beb9a6a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c8f3516e6579f1182c2387d42e28c9c26397b0ffb5819aecdd38e1dc60313ff4/analysis/1573625559/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7d6f8da9-b23c-4a97-8c6f-90fbe30fa49f" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7ed17f69-ae0a-46aa-acc5-e06a37593e42" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--640f6907-c758-4746-9a05-b0e07c7d89c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:14.000Z", "modified": "2019-12-11T09:10:14.000Z", "pattern": "[file:hashes.MD5 = 'fe8e675427b100aeb6dd744cbc4f33dd' AND file:hashes.SHA1 = '040425f9c6914e41ea873e4b1a336f072886210d' AND file:hashes.SHA256 = 'b264af7a7700b8fab2a66a501ae033728f9fc11fe4b4f9e9f72544c7a8c85646']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--203c3941-4c2a-41d6-be23-fea6313f70f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:14.000Z", "modified": "2019-12-11T09:10:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2063c21-3efb-4083-8856-297f6f85bbf1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b264af7a7700b8fab2a66a501ae033728f9fc11fe4b4f9e9f72544c7a8c85646/analysis/1574062653/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e8c5d061-8aca-49fd-b9e4-b393939b785f" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3991f2ee-799e-4822-9c32-560901a4a09f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--26b40d0e-f672-4efe-b54c-e6dbc07452e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:14.000Z", "modified": "2019-12-11T09:10:14.000Z", "pattern": "[file:hashes.MD5 = 'e9b4e6d169b5f92dbb4786f65d0c077e' AND file:hashes.SHA1 = '34978ad9ea3c41b9ee42d2467643d6527c1a7d32' AND file:hashes.SHA256 = '64eb9c3b8f0dc2bda117596f50c751bfb6d90b72b7096b59eed72b8ec4613de8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--131dfefb-6bc2-4c4b-a51c-13eb4b59ad44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:14.000Z", "modified": "2019-12-11T09:10:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T12:35:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6bfb3e60-6f01-4716-a58a-4373f55ed016" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/64eb9c3b8f0dc2bda117596f50c751bfb6d90b72b7096b59eed72b8ec4613de8/analysis/1575290105/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ee7adbca-396e-4be2-8a89-2b312c2ec087" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "76d04657-3238-466a-8adc-cdeaa9e723be" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9350a97-54b8-4b16-96d5-08b6546d09b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:14.000Z", "modified": "2019-12-11T09:10:14.000Z", "pattern": "[file:hashes.MD5 = '3f4ad319e1d4d1e16ccae5dd1ae50889' AND file:hashes.SHA1 = '1e1419a794ce402d961fc0d277412cd68e6c887a' AND file:hashes.SHA256 = '0ef0ca713cef3958447c81d34d78ab8f940111671878d66a56a3ce73fc7b3d41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f253f18a-314d-41f9-91ce-7267ac60bcb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:15.000Z", "modified": "2019-12-11T09:10:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:27:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3e9df085-9352-4d1f-803b-6538aaab382f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0ef0ca713cef3958447c81d34d78ab8f940111671878d66a56a3ce73fc7b3d41/analysis/1575178068/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "54c8f855-e857-482a-a0d6-1baa53d4ecf4" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "25d746c4-7a6f-4948-b238-1bd45d752cb4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1679843b-577b-4504-adf2-dee263fdf152", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:15.000Z", "modified": "2019-12-11T09:10:15.000Z", "pattern": "[file:hashes.MD5 = '6a49fd406f82b0ddaa4367fce8b5aaa5' AND file:hashes.SHA1 = 'c17837a5bf8be651798199f3aefeb47175231967' AND file:hashes.SHA256 = '9b2da6540c7d3d44704c115996d25dd504be05c6a3232746efe3b1d3ed3a0e91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--935eebfe-1960-444e-a06c-15246c5cb4dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:15.000Z", "modified": "2019-12-11T09:10:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T04:52:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1201feb7-6e09-4306-b9a9-d1a8824a2e03" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9b2da6540c7d3d44704c115996d25dd504be05c6a3232746efe3b1d3ed3a0e91/analysis/1573447942/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8527b081-a07e-4a63-b3ce-a64457ef1f38" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a77d65d3-f2dc-4f4c-9924-69bc1de596bb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cd2d9a6-7b0c-400d-8832-b0a99caaf9ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:15.000Z", "modified": "2019-12-11T09:10:15.000Z", "pattern": "[file:hashes.MD5 = '4a747fbed544ec5be547316e2efe9e6e' AND file:hashes.SHA1 = '13e0b9b487602409875207c175445dcb2ca702ac' AND file:hashes.SHA256 = 'b2a3431fc7c46594be458f821eb4ecfcdb3417a0dc30d20c933c0c753adeb44e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--74100cda-75a4-4cdb-87e7-f04b7faeb90f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:17.000Z", "modified": "2019-12-11T09:10:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T23:03:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e996a37-6677-4119-a4d1-7f62bfe78249" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b2a3431fc7c46594be458f821eb4ecfcdb3417a0dc30d20c933c0c753adeb44e/analysis/1574895809/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d2bd332-23ff-47f6-a7df-635069d38bcc" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab8730c6-5932-4c5a-a171-dec848c846a3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2aaba6d-0711-459d-9744-3e7289111728", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:17.000Z", "modified": "2019-12-11T09:10:17.000Z", "pattern": "[file:hashes.MD5 = '3d7164b071679ea1a1b52414fcc76a68' AND file:hashes.SHA1 = 'a4b78ca96438ba4a3d3ce417dc2f01a926844247' AND file:hashes.SHA256 = 'a8b4a2bd90274affb16e5c551ea2d4c8da0356b83d20595078ffe619eaf4bbdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--86d7fe43-b9c8-4f18-809e-389a95f58132", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:18.000Z", "modified": "2019-12-11T09:10:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-11T01:25:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e3053372-aeee-4640-8ab1-e90fbfef6635" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a8b4a2bd90274affb16e5c551ea2d4c8da0356b83d20595078ffe619eaf4bbdf/analysis/1576027529/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "857a686d-0eef-47ea-b0a5-37be55924d5a" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d0ac9c9d-8517-4805-a1a3-1512f2865d56" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--579b5a05-074e-4bbb-be13-b63f6858e7a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:18.000Z", "modified": "2019-12-11T09:10:18.000Z", "pattern": "[file:hashes.MD5 = '5039c17bbb3963c1851fa870487d8457' AND file:hashes.SHA1 = 'badd39b54c22294815b20abf63d06198f2ea4df3' AND file:hashes.SHA256 = 'a46cea0a797e51ebe1e29dada58a6fc7c8f119813ac76ff85055630f2ba7ca27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a91f6684-8fc2-4f39-b683-9cd4e2b9a770", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:18.000Z", "modified": "2019-12-11T09:10:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:40:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9eecd6c-f3cd-4480-b838-b492815dad83" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a46cea0a797e51ebe1e29dada58a6fc7c8f119813ac76ff85055630f2ba7ca27/analysis/1574332830/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "546acaa9-2202-4059-b289-bf8e21396369" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "77b4344a-0908-4877-99a4-e86c56535f51" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7e94977-9343-4e7d-a6e8-158e386489db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:18.000Z", "modified": "2019-12-11T09:10:18.000Z", "pattern": "[file:hashes.MD5 = 'aabc44ac469110fd4805597336a24c2a' AND file:hashes.SHA1 = '4e7efcd54ef2fa444c71f9c1b4508f871fd43e25' AND file:hashes.SHA256 = '5c2590abc22bdffa9a7ff469b6caf8b64c66242aeef5f6b6229b1ca600ecf387']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--093e6e02-6a8c-4617-b8d0-3c6b539ec3af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:18.000Z", "modified": "2019-12-11T09:10:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:23:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "539f2826-e8da-4c33-b6a9-af75eb38b801" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5c2590abc22bdffa9a7ff469b6caf8b64c66242aeef5f6b6229b1ca600ecf387/analysis/1574612623/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "154c864c-852e-4ac5-97f8-74f685fd3f8d" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "64c01843-6885-493e-b4df-025624079e16" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77089a38-652a-4032-8377-5951c6749eb1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:18.000Z", "modified": "2019-12-11T09:10:18.000Z", "pattern": "[file:hashes.MD5 = 'a41e39289f1fc02b1cb0e223b94c6d13' AND file:hashes.SHA1 = 'e5a368ed8e03187dc8cc38e933918186452f3280' AND file:hashes.SHA256 = 'd347250ecf7a9209a2f3af83ad1be9ce2f48ac5f2af622a7385c3e6e0044b29b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--26598531-087e-456f-acb0-81740dc24465", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:19.000Z", "modified": "2019-12-11T09:10:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0968703e-515a-4184-b009-07cb65e86d5b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d347250ecf7a9209a2f3af83ad1be9ce2f48ac5f2af622a7385c3e6e0044b29b/analysis/1574062643/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f8a200c-a742-4368-aeae-026d6c925d19" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "220581e8-015d-4867-a8e5-561770bc4903" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c72eee4-3ece-4ef1-8970-8421b8b49fd6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:19.000Z", "modified": "2019-12-11T09:10:19.000Z", "pattern": "[file:hashes.MD5 = '4dfcb4842f8f8081595088f573516f66' AND file:hashes.SHA1 = 'd9ca1b03087c3e1d40a2faf92644053f1936b35c' AND file:hashes.SHA256 = 'e728fea893b9018848a4e88764c64f22ba98b2e4a9904c11376e9e60c688949c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a50a31d7-dd93-4e57-82f6-8c2d86f02eeb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:19.000Z", "modified": "2019-12-11T09:10:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce874663-9880-412b-aabb-d1bc77e319cd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e728fea893b9018848a4e88764c64f22ba98b2e4a9904c11376e9e60c688949c/analysis/1574062656/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2f4ea6c8-7f5f-420b-bbcb-136c2cc46569" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7860f9f-13e2-44ad-8825-6a2f36956821" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d4316ec-22b2-419f-b8d0-2ad091d8fe3d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:19.000Z", "modified": "2019-12-11T09:10:19.000Z", "pattern": "[file:hashes.MD5 = 'f682e4b70c158c3080e742bb9279a46c' AND file:hashes.SHA1 = 'c206397290a5a6aa2d082eeb5d88b2b94850f39f' AND file:hashes.SHA256 = 'd838184152595edbd8093289a71d84670cad912010d07c309d1321295b1cad09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a3cef8c0-e867-4fcc-90ad-4560b0b862b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:19.000Z", "modified": "2019-12-11T09:10:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "79a9f40e-8d69-4195-a503-0b810bd78eae" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d838184152595edbd8093289a71d84670cad912010d07c309d1321295b1cad09/analysis/1574936814/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "af81e7d4-2202-48d0-8717-6a41e5ffbb97" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3aafa479-b6d0-4bfe-8026-804ce936a4cd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--092a4d19-c82d-4c39-9d3d-4c8a59684860", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:20.000Z", "modified": "2019-12-11T09:10:20.000Z", "pattern": "[file:hashes.MD5 = '0c83f163af8ef462a87fb7317c5109ad' AND file:hashes.SHA1 = '78e21aabd19fde64402f5b6d4bda0cd284662e2c' AND file:hashes.SHA256 = '09f3d9d701210797c5aac3e7f2825f7f17f186649474592f2a6ba6a2df5924a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef9876f0-2be5-48b4-b385-34c6e1a8b5bb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:20.000Z", "modified": "2019-12-11T09:10:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "454727a9-2d84-4078-a422-506a85be6f07" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09f3d9d701210797c5aac3e7f2825f7f17f186649474592f2a6ba6a2df5924a1/analysis/1574062641/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c6ede068-2689-4fa4-9a16-735b289bf4c1" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ea380a03-8025-4523-8b96-d68ffba26a62" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c83b4e3e-8a89-4a7d-83e9-e90305c8b85c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:20.000Z", "modified": "2019-12-11T09:10:20.000Z", "pattern": "[file:hashes.MD5 = '85abf7e2562a7ad455865a72b301f79c' AND file:hashes.SHA1 = '1f3b8036e9e287aabfe392a52a13952d6a6a1f5b' AND file:hashes.SHA256 = '503fbb210c018225ffd88965de25b23c3a9e9daa3ec78a41171a32ac9cc19e05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9e3681ba-3155-49d2-b043-dc95c8156bd6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:20.000Z", "modified": "2019-12-11T09:10:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:41:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d3615545-3ee7-4f9b-8cbf-20529f869886" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/503fbb210c018225ffd88965de25b23c3a9e9daa3ec78a41171a32ac9cc19e05/analysis/1572889272/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6550b015-49f6-429d-a5c1-ae79b994aff4" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c6aa5e1-7b9d-4374-8884-618e70f1dda0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32d80030-0d4e-482b-a898-803cf9bc334c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:21.000Z", "modified": "2019-12-11T09:10:21.000Z", "pattern": "[file:hashes.MD5 = '4e28b21b28416a2c79b3cb0f43c68995' AND file:hashes.SHA1 = '47f64bfd0a5cc634e36bd62eaa753673211d07e1' AND file:hashes.SHA256 = '5c12654e62f6b7038e594dfa85c75e5be6bb55010c29ddf16f37fa6e525a832c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ffe6a7bf-bd47-4cd4-b4da-eaf078136bf5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:21.000Z", "modified": "2019-12-11T09:10:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T15:50:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a679695f-0e3f-41cb-89b7-22071d669625" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5c12654e62f6b7038e594dfa85c75e5be6bb55010c29ddf16f37fa6e525a832c/analysis/1572882616/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d4720d53-0b50-43ea-a72b-c25b10b3ef41" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c6a24841-a719-4954-9dfa-4bbacb683800" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--554f48fe-4bf6-45ac-97de-d340b97dff19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:21.000Z", "modified": "2019-12-11T09:10:21.000Z", "pattern": "[file:hashes.MD5 = 'af44536e45135548fbdb259a91f6b309' AND file:hashes.SHA1 = '255f009b01531a26aff564a798523d1b7f089f02' AND file:hashes.SHA256 = 'd9e5d44db6bb8faf66be54b55986ee4c0597f2b5b31ea0683bb0f543adeb9d43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--30c7946f-9ae0-4d5f-80aa-8d898cfb3804", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:22.000Z", "modified": "2019-12-11T09:10:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:36:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bbfe57f8-e6fa-4824-bf9f-c2de0452aea7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d9e5d44db6bb8faf66be54b55986ee4c0597f2b5b31ea0683bb0f543adeb9d43/analysis/1574332600/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3ed74a6e-1c70-4d23-a19d-14d3df8a6060" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8e6c4589-647a-4321-8b0b-506b624bdc88" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--778ae72a-499b-4228-b976-7206cf015fed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:22.000Z", "modified": "2019-12-11T09:10:22.000Z", "pattern": "[file:hashes.MD5 = '23694a9a51e36d18c50ff0d582c03b3e' AND file:hashes.SHA1 = '00939eff9c52d982d4497d9bcd010320bd999cd7' AND file:hashes.SHA256 = 'c4ddc6723d9bd47512558929a7e39f2fbbc997f0bda8221f2349990efd52cfcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4a008bfa-f123-4fe9-b7c1-512c3dab17db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:22.000Z", "modified": "2019-12-11T09:10:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T11:21:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be1d6a13-74b1-4d6e-b41e-821f4b265df0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c4ddc6723d9bd47512558929a7e39f2fbbc997f0bda8221f2349990efd52cfcb/analysis/1572952866/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e171ad09-ba44-4b81-8b1e-2b89fc47c160" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15e724fb-bf92-4841-978d-37ac0c17634c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11fa24c7-61a0-4ca7-8b53-c47d33ec8457", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:22.000Z", "modified": "2019-12-11T09:10:22.000Z", "pattern": "[file:hashes.MD5 = '5f789ea6ca2dd09ed4ad50da1ddfe07b' AND file:hashes.SHA1 = 'f25edd977242a74cd8e7763888156ee32f16b35d' AND file:hashes.SHA256 = '0d6de4ced4581620ad4da96c8b885b74ae31c987426da8e31e5d680a0f515b96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4b2305c1-09ba-4219-bac1-7c7aac4c423e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:22.000Z", "modified": "2019-12-11T09:10:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:07:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7c8f06b4-a409-46a5-b440-e4783a474514" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0d6de4ced4581620ad4da96c8b885b74ae31c987426da8e31e5d680a0f515b96/analysis/1573873642/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "abd8a0b9-42bd-47eb-bcd2-5d2d8ea013ab" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d3ed3d9c-7b88-428a-a977-95900ed448ba" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc263859-499a-4ba8-a1ca-4b3065114f5e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "pattern": "[file:hashes.MD5 = 'd53db66cb5488a475ef59f3244cc505a' AND file:hashes.SHA1 = '19f8c51c7cdcae9eb60e5f63ac1e1dae2aeb4a00' AND file:hashes.SHA256 = '2b99b9171cb3d2f13b8e21ebd70be56cc2475ced28ef7868cb7f537e65209714']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--24e00e33-40a9-4a20-bc4a-f40c105d5616", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "168ab00b-5148-4bfc-95ce-e69175d59298" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2b99b9171cb3d2f13b8e21ebd70be56cc2475ced28ef7868cb7f537e65209714/analysis/1574062635/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "adcd31f9-543c-479e-a020-136834d0667c" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f44fbbc8-a8e9-4bb4-ace3-081ce2f6717a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f41b5936-5091-43d5-b8c8-10b828a44ce3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "pattern": "[file:hashes.MD5 = '3c673e97f4c1872407e006450f1ac728' AND file:hashes.SHA1 = 'af19d6ceec637ee1bca32b8897e119188005d677' AND file:hashes.SHA256 = '98dcb64b12c9a0cb858adf937105f53525786452c63a67986458f4bf091ba804']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--afefc42d-7075-460f-9942-056893327173", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T18:13:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "08799b83-fcc9-4fbf-847a-fdf115720b30" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98dcb64b12c9a0cb858adf937105f53525786452c63a67986458f4bf091ba804/analysis/1574273597/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8f390919-a9ff-40da-801c-52abc1aa3382" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d57fd8b-6fdf-4172-8fa9-5bf626758550" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--790661b9-5abc-41a4-b941-490796a36e39", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "pattern": "[file:hashes.MD5 = '3c96a2062c31cd61a9cba3ae9498fa70' AND file:hashes.SHA1 = '828042a83a9d5c8708448b8185fce82cf6c62da6' AND file:hashes.SHA256 = 'c8d02b63d5d973233f3f72a608c991c48cdb799c314287e7de3a1a8e327111bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f54ecbf1-94d8-48d7-918b-25db40ef69f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-09T15:15:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6456d703-7713-42c5-b15f-87681a87f7ee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c8d02b63d5d973233f3f72a608c991c48cdb799c314287e7de3a1a8e327111bd/analysis/1575904500/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f21cd12-7974-43ac-849c-559eeb411916" }, { "type": "text", "object_relation": "detection-ratio", "value": "60/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5a47c44d-6811-4500-b9f5-d7cc84328c40" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9248c2fb-b379-4e16-8dfc-a1f50b2f7635", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:23.000Z", "modified": "2019-12-11T09:10:23.000Z", "pattern": "[file:hashes.MD5 = 'cfafc7682eb3eb7705718ad6852367e6' AND file:hashes.SHA1 = '6ddc4e6aa4d7b64330aa3d5d5176d0b8552569e6' AND file:hashes.SHA256 = '5eec8ae262bcc5d47f42cb57a742bc95691278d80f6f5dd3dae50a0461a2d746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--db05e4ed-64be-44c8-b71f-19fcc1b090dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:24.000Z", "modified": "2019-12-11T09:10:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:57:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81941889-f74f-49d4-806b-93227460c245" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5eec8ae262bcc5d47f42cb57a742bc95691278d80f6f5dd3dae50a0461a2d746/analysis/1574549835/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15272a04-22a5-4de0-a112-a83c53453496" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47feef1e-220d-4647-82a2-9a0216bee653" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97826163-af4a-4b54-bc10-c2a879c26bc4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:24.000Z", "modified": "2019-12-11T09:10:24.000Z", "pattern": "[file:hashes.MD5 = '8bca301a29079e5d3257958c4928193b' AND file:hashes.SHA1 = '3b216e6aaa478255914430667a8769f687d2e033' AND file:hashes.SHA256 = '3da6aadcadf81b15f1117771e79dd6b78bdd28405a35e8213de97c046fb30447']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--72dd2f88-9263-4b6a-be00-9255dd1d602c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:24.000Z", "modified": "2019-12-11T09:10:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:51:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd5a59d5-2c06-403b-b8f7-ad08abc9c8e2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3da6aadcadf81b15f1117771e79dd6b78bdd28405a35e8213de97c046fb30447/analysis/1574333469/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5eabe6da-4416-4596-80ab-0f81733d97e5" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "225e7e71-db9c-4fd0-92d9-424f61f40591" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be252845-2208-462d-9c4c-db7003378a71", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:24.000Z", "modified": "2019-12-11T09:10:24.000Z", "pattern": "[file:hashes.MD5 = '705aaaf7c3a50cdb2014ee97757ca3a4' AND file:hashes.SHA1 = '27ead761a4f289e44d81393bad0bdf0ffa23eb1b' AND file:hashes.SHA256 = '4e3ce5e255d3f1134feacc559bac6e4f8f838af09432943cb8acb2b112258811']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7c90a156-0032-4733-8e34-241a4cc01652", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:24.000Z", "modified": "2019-12-11T09:10:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:42:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ec234b27-0b77-4b03-8098-f58322ec4929" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4e3ce5e255d3f1134feacc559bac6e4f8f838af09432943cb8acb2b112258811/analysis/1572889338/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf2dc7f0-654a-4961-812b-23d636175441" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a73d9027-a7e1-4fed-90ec-56570796409a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d10d07d8-f413-4f92-9afc-b1f9c5a932f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:24.000Z", "modified": "2019-12-11T09:10:24.000Z", "pattern": "[file:hashes.MD5 = 'c957fb5c992e797a3c42b1758335a402' AND file:hashes.SHA1 = '4ba02154a50060decc30e1e963358075ea6410f8' AND file:hashes.SHA256 = 'efda6986f9c71d4bb89efe56c1a5c0b12c88e2f88e42e941668df5f8f95a56ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5625b2c9-c4df-45ed-879a-2b27bd0ea47c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:25.000Z", "modified": "2019-12-11T09:10:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:36:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ecb07cb8-83c1-40ef-8b98-7a536720a973" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/efda6986f9c71d4bb89efe56c1a5c0b12c88e2f88e42e941668df5f8f95a56ff/analysis/1573421765/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "13c7a1f2-d2d8-41f1-b8c1-6e23dbcd92bc" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "33398962-996e-4de8-92ed-f0f4da827b10" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2c3a5ab-3fca-45df-a938-1945f6a88540", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:25.000Z", "modified": "2019-12-11T09:10:25.000Z", "pattern": "[file:hashes.MD5 = 'fa07c78b3b584938c47c1777df4142c4' AND file:hashes.SHA1 = '09c6769a73f2edc3c7562081b1fcab047e395111' AND file:hashes.SHA256 = 'f9061958003b279ec0cab8c53ce83c588ef2be18d5840a8bf0a9a57ad2adf51a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6752c41a-88ce-409e-aa3b-147affa33d30", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:25.000Z", "modified": "2019-12-11T09:10:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:40:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5416494-8a3a-4d25-9970-3591ca368ecc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f9061958003b279ec0cab8c53ce83c588ef2be18d5840a8bf0a9a57ad2adf51a/analysis/1574332849/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47b54001-ab89-44ec-8e0e-334680ce3c5c" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd39e7d3-f759-4676-9389-40360a75d565" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4c379350-7ab8-4d9a-ac2e-fd6e22d67175", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:25.000Z", "modified": "2019-12-11T09:10:25.000Z", "pattern": "[file:hashes.MD5 = '6b8763561af43250ed20fa3adaffe942' AND file:hashes.SHA1 = '4c57513a6e55dd3659aba3402292fe01d4ca00c3' AND file:hashes.SHA256 = 'c792044608784e566a7d45a5ec30ea21eba7b2df2215e3f679c7564b983ccf04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--75bf21eb-4910-45b9-aca5-140ebdd73228", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:25.000Z", "modified": "2019-12-11T09:10:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T07:43:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "98482bab-467c-42c7-8ee6-fd67fb95d2e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c792044608784e566a7d45a5ec30ea21eba7b2df2215e3f679c7564b983ccf04/analysis/1573544586/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "14d87563-9547-48cf-9864-f0208d6a36b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "647a76ea-ba2b-4c1b-a313-a5ad6ae54da4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9a392ec-a68b-43a6-bb0a-8190b3e61a82", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:25.000Z", "modified": "2019-12-11T09:10:25.000Z", "pattern": "[file:hashes.MD5 = 'fd9d207aa52d3109cd3f300d609c4db5' AND file:hashes.SHA1 = '55de841a572563b65e161bafc2755ad513e6edc2' AND file:hashes.SHA256 = 'a9db888bd80d8c94393e815f0e7810fd12365ed9be183b4babf61a5e7124a7bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--54bee58a-c009-4395-a517-3e4eb31920b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:26.000Z", "modified": "2019-12-11T09:10:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:28:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "222404dd-35b5-474a-906e-85d0cf486259" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a9db888bd80d8c94393e815f0e7810fd12365ed9be183b4babf61a5e7124a7bd/analysis/1574612908/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f9802939-da95-49a6-bd9c-87ced15275ed" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8f3db9f7-d4d4-44c8-8867-6ebe2dbbfb3c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--704d9b2b-ba91-4907-8141-20c2ef96d4d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:26.000Z", "modified": "2019-12-11T09:10:26.000Z", "pattern": "[file:hashes.MD5 = '91ca62f2e4313d08860389ff61dc75de' AND file:hashes.SHA1 = '78c69fc31e6cb1a0c5b382e639ea730539a911b2' AND file:hashes.SHA256 = '814162b87fdb59e4b04b1cbe83d67c07ddb97950f221e31a81674e3346f5f078']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--595a372e-8d2e-46a7-af22-f9951cdaac88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:28.000Z", "modified": "2019-12-11T09:10:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:34:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b8f1de1-4226-4124-9535-863e14609179" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/814162b87fdb59e4b04b1cbe83d67c07ddb97950f221e31a81674e3346f5f078/analysis/1573961659/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e466e2d5-f13f-4682-9fa7-0e72e97420f7" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ad07e9d6-4ae4-4b8d-8dfa-b5f14ae940c0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d2d9af8-e198-4722-bdf9-8af7c3c95ddc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:28.000Z", "modified": "2019-12-11T09:10:28.000Z", "pattern": "[file:hashes.MD5 = '889635174693823a75865a893946fbbf' AND file:hashes.SHA1 = '90b395da9e85da3d8d6d63551733dab021badc77' AND file:hashes.SHA256 = 'c3e1cd68273ab34264ed21f73247d10d51086bd65f8dc3dbf8e6c155b3aa68fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f205d829-81be-4736-af7c-14d5e42515a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:28.000Z", "modified": "2019-12-11T09:10:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e55bd02-45cf-4098-86fc-170406756fd5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c3e1cd68273ab34264ed21f73247d10d51086bd65f8dc3dbf8e6c155b3aa68fc/analysis/1574062647/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6baf72b6-5a88-4642-a52b-02f72c62fab8" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1082ec9d-f6a8-4a75-9fe5-0b7245bddf99" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be5860a9-26a7-4525-a2fa-d595d89447b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:29.000Z", "modified": "2019-12-11T09:10:29.000Z", "pattern": "[file:hashes.MD5 = 'a2a9970b925a51c3554bfa99caa99dd2' AND file:hashes.SHA1 = '63b9558399f0943f38afb8d0d8d2131a73e22394' AND file:hashes.SHA256 = 'f0a8d23efcf2c50479a878dea17207424b0294f6b03f5b72910579b0f490d22a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ae75e2b7-9bfd-4189-8aed-4fe5ed12ad92", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:29.000Z", "modified": "2019-12-11T09:10:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T17:46:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e2fbe418-36cd-4616-9db4-7cf1d3a97b58" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f0a8d23efcf2c50479a878dea17207424b0294f6b03f5b72910579b0f490d22a/analysis/1575567990/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4429f254-c7a6-46d8-8b0d-bd6a6123cb14" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "67071fc1-7003-43eb-8f91-d1462119eeb3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e1259cb-bc1e-4c7f-8edb-a09e082ff79a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:29.000Z", "modified": "2019-12-11T09:10:29.000Z", "pattern": "[file:hashes.MD5 = 'bfeef650f3bb62aa77a99619223dde9b' AND file:hashes.SHA1 = 'a5c1e9deda2bc303a8fbda2e6f390d9f8b5026ea' AND file:hashes.SHA256 = '924a8b62fd55d59d80701387c86651ca455d5e6044dc6c836198dbe3577e8202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8fcf3f77-2a48-48a9-ae78-16bce9c47cac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:29.000Z", "modified": "2019-12-11T09:10:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T19:17:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "acc69da4-5150-4544-a36d-3b0a5f6c0282" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/924a8b62fd55d59d80701387c86651ca455d5e6044dc6c836198dbe3577e8202/analysis/1574968646/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c482da92-7f47-4a09-ab91-f5c84e4ee28d" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5cae1e7-799f-4d6e-849f-453301e2cfe6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03665592-a692-43b3-ae7c-5c44042a9611", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:29.000Z", "modified": "2019-12-11T09:10:29.000Z", "pattern": "[file:hashes.MD5 = 'fbb52a5e4e82a5b564babf3fec21bebe' AND file:hashes.SHA1 = '9d5d01ee055e3480569ff2c39960dd2fae1882b5' AND file:hashes.SHA256 = '29d157f73ce559467d99ba16ca2d867eb5abc086c2ab0b92373d6adf91f77683']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af5c999b-6767-40bb-8949-ce6fdb0e348e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:30.000Z", "modified": "2019-12-11T09:10:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:07:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "367ad2c6-7909-433d-a690-efdf19116fb3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/29d157f73ce559467d99ba16ca2d867eb5abc086c2ab0b92373d6adf91f77683/analysis/1574251635/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2279b949-0492-4fdf-a4ec-ff2d422aaaee" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aadaaea0-529b-4644-a971-b9ca9cdff29a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f985195-63be-4130-8570-2eb74d1c65d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:30.000Z", "modified": "2019-12-11T09:10:30.000Z", "pattern": "[file:hashes.MD5 = '95d601c584f8614d6785f16771acc6a9' AND file:hashes.SHA1 = '6178c525426df3b1526847a625fbbe5b4e9e40bd' AND file:hashes.SHA256 = '73399f5f04cdbf8fd8d61d730a24399a1058f727577cbf33b31c37bd6bc820aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ad0c7ee7-17b3-4d04-87a6-a56cb3b0d0a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:30.000Z", "modified": "2019-12-11T09:10:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T10:50:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c41c445-3b87-4aae-8f51-ea1a53fb54e0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/73399f5f04cdbf8fd8d61d730a24399a1058f727577cbf33b31c37bd6bc820aa/analysis/1575111048/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f64a69ef-cb25-49fc-8c04-fc313b023623" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71d63319-0f50-46e5-a3f7-5947e72a7c8c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af868be2-d87f-4f4c-8ae7-aa156542e19f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:30.000Z", "modified": "2019-12-11T09:10:30.000Z", "pattern": "[file:hashes.MD5 = '351ec9df3df2a8c29a940aeb1a9a8b60' AND file:hashes.SHA1 = '26085f18f1fe5c0dd81f3421b968e47b4d50b638' AND file:hashes.SHA256 = 'dc440fdd3bd43d22a0da4928055c62e62d58dd0b13d96fccf125d47a00cd6aac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7ce83015-b2e2-4464-9236-d9fa1aba1fe4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:30.000Z", "modified": "2019-12-11T09:10:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T16:00:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b52726d0-a61f-43f4-9138-5795a735f944" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dc440fdd3bd43d22a0da4928055c62e62d58dd0b13d96fccf125d47a00cd6aac/analysis/1573056039/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ebb0f63e-e1c1-4c0f-8eaf-f126e99d8c3b" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/58", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9b8b6aa6-cede-4656-9cdd-f2ab34687491" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a3e8cbd-32d7-4fa3-9e02-142d5e212517", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:30.000Z", "modified": "2019-12-11T09:10:30.000Z", "pattern": "[file:hashes.MD5 = '87fbf5f3a7096891c13e7ea70e39b2de' AND file:hashes.SHA1 = '612facc36c9f276c1c7da31762d394120e6154cb' AND file:hashes.SHA256 = 'aaab37892423fd94d199cce24360c53ea240a0a81b63b7d7169c7b7595c2fcd3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c5bc33a7-1263-4c90-81ee-0c21da76e67f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:39:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a918e663-bc8a-4b65-9115-e0f0f39cdd47" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aaab37892423fd94d199cce24360c53ea240a0a81b63b7d7169c7b7595c2fcd3/analysis/1573979941/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "238f06fa-6f29-4748-857d-2c5b22827bc2" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0150e61d-de75-4f69-9639-4f57f52ab8c0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b4b65fc-7250-47ed-a17b-7ea0880f45e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "pattern": "[file:hashes.MD5 = 'fc009a145aa3db6f163cc0757a126cef' AND file:hashes.SHA1 = '3fc1f0685737819cce3827c1c054c6bdaac12fb9' AND file:hashes.SHA256 = '02f89e7b87262d14560f46006633246541d521d41b8e90b9466e61e578dc0aba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3f48ed89-af7e-40ba-938b-e74dd9c91e55", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:11:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6fa8d75d-7459-4100-869a-df816489f01c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/02f89e7b87262d14560f46006633246541d521d41b8e90b9466e61e578dc0aba/analysis/1574334697/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "45567cd1-8ddf-46e3-b5f0-0703e33bebf9" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f5b59cf2-0f06-4d5c-8196-99837aae24ed" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0058eb1-5f03-47ed-afab-2efd3e995eea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "pattern": "[file:hashes.MD5 = '40c822f14961200744ef3e2afb654d27' AND file:hashes.SHA1 = '509d0e331fa56a234518d9d32dd3523b4d636bcc' AND file:hashes.SHA256 = '192e68746552b5546de223be6ec1f65adb4abb9c05a11ba8fcf159c1738872ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--07576deb-5352-41b5-a479-2c5317d0c86b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:27:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a01852ca-5328-4560-a1b4-d9dcd89ecbf6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/192e68746552b5546de223be6ec1f65adb4abb9c05a11ba8fcf159c1738872ea/analysis/1574936823/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d3b1801f-330f-4911-bfad-bc8219ef491a" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ef1abab-a496-4683-8ce7-f857174ddea4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80d35444-5e69-489e-90cb-5042335a6fbc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "pattern": "[file:hashes.MD5 = 'd44db8da96bb89a3d3b8cd15656b3ff6' AND file:hashes.SHA1 = 'ee2d70e18ffcf977519cd8cefdc9999c84f3ccd8' AND file:hashes.SHA256 = '7a68d875c499fd6987c5fa1a46272bd7c2969f900807e51de43b49d9934aa59e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b4c7c89-9561-4419-b2f9-1c274ee62854", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:31.000Z", "modified": "2019-12-11T09:10:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:06:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9dacdad1-d38b-4c27-baaa-8c9289f68b93" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7a68d875c499fd6987c5fa1a46272bd7c2969f900807e51de43b49d9934aa59e/analysis/1574546798/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8f14512-adc7-42a0-b65c-2cbabed258bf" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "62931e77-2146-457e-bfa5-07a99da0f02c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48c053b3-3044-44cb-a28f-a7d52591daf4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:33.000Z", "modified": "2019-12-11T09:10:33.000Z", "pattern": "[file:hashes.MD5 = '4d17ce4ece308cbb51874a0c60d409c9' AND file:hashes.SHA1 = '5635a5a8bd2d9d8ce05425638c080509d226ca1b' AND file:hashes.SHA256 = '09ec80f99e85ccf0df9ee0ae4c6520eebde71bc3c87b2726d84b981259164639']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4cb3c70c-abc8-41b8-be9e-a03b38671347", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:34.000Z", "modified": "2019-12-11T09:10:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T01:08:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fe3f5d88-a3ae-409e-8d8e-d5fde7aa886c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09ec80f99e85ccf0df9ee0ae4c6520eebde71bc3c87b2726d84b981259164639/analysis/1574384937/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf753170-dc05-475e-b1f6-dce240ee3030" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "30a0e159-1828-4665-a1e6-af855423b98a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e16742e5-9cde-41ba-af1d-091d8bedf4b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:34.000Z", "modified": "2019-12-11T09:10:34.000Z", "pattern": "[file:hashes.MD5 = 'e47a5f825576f07305376fad0740e88a' AND file:hashes.SHA1 = 'f2234a464215f8c29920f32235c5a8caf34ba251' AND file:hashes.SHA256 = '41e978655f6b85f444b99c91865c0221c27a54a20e3fc55d4e61c3e106af73c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3b5f9f6d-5343-4f06-a8b5-31861c2e1de6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:34.000Z", "modified": "2019-12-11T09:10:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T09:12:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a274ffca-9b69-4d28-a712-f24dccd573a8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41e978655f6b85f444b99c91865c0221c27a54a20e3fc55d4e61c3e106af73c9/analysis/1573981970/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "52b2bfec-7a02-418b-a0ae-ad366b9ed8d9" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "523cfe09-7200-4f73-aee1-892f0b732efe" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1acdcdf2-193d-4bdd-8360-a26ed49a0793", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:34.000Z", "modified": "2019-12-11T09:10:34.000Z", "pattern": "[file:hashes.MD5 = 'd84638ebb022bd43aad2ef9978722fc5' AND file:hashes.SHA1 = '50d21a87add9dfd422f658f8d435ffbd2fa9a882' AND file:hashes.SHA256 = 'dbc858c551a2b73228898aef3689239432eb9273acf745034ec86caa2f19b2be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d5e4bd27-6691-4b2d-8eec-2fbf4e24baa7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:34.000Z", "modified": "2019-12-11T09:10:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:06:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d1afe8b2-17bd-4240-a03d-03617ed02275" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dbc858c551a2b73228898aef3689239432eb9273acf745034ec86caa2f19b2be/analysis/1573985182/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5bc0c39b-5298-43b4-98be-4b580fb4f7a2" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2469b3c1-9125-490a-871e-2f60fd2a5c9c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b401a8db-a6fc-4176-b07d-10973bd9bcf4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:34.000Z", "modified": "2019-12-11T09:10:34.000Z", "pattern": "[file:hashes.MD5 = 'fb5c6e8ba4c3bea45dca75558678cb27' AND file:hashes.SHA1 = 'f7badae4239217664645556181208d7eebe066e7' AND file:hashes.SHA256 = '2807b45cf41bea348f00df06ebb82a983261e3fabe4ee6342246e0203fead610']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6a8e60ae-a643-4b5e-b5e6-57405a6c8597", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:35.000Z", "modified": "2019-12-11T09:10:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:30:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "92ba81f8-b66b-4d26-a0fe-f90a576a799f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2807b45cf41bea348f00df06ebb82a983261e3fabe4ee6342246e0203fead610/analysis/1573421432/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c8ef37e2-603b-466d-8562-d12e8480fd3d" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d09d9b8c-ac95-463b-888e-faf175e3a0d4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d42dfa2-8146-4ce4-9bb2-ff4cc7aed489", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:35.000Z", "modified": "2019-12-11T09:10:35.000Z", "pattern": "[file:hashes.MD5 = '114c623bd10a1d270074d94ed617acf1' AND file:hashes.SHA1 = '0d7a74fc4bad318bd5ad223f59e23180eba3ec3c' AND file:hashes.SHA256 = '9ec7482e56c1a048351a1b9f9825352fd535089359e232b70bf2023d3a0143e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1bfd9b32-6528-405b-9df5-1bc170d35ab9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:35.000Z", "modified": "2019-12-11T09:10:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:42:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ec23ac9b-5d90-4a11-90f7-3b761413c322" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ec7482e56c1a048351a1b9f9825352fd535089359e232b70bf2023d3a0143e7/analysis/1574332932/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "91de8d1c-531b-401b-a8e1-1315a93ecdad" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e7d46b8a-6e42-4aaa-875b-b3266c64b67a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--675e1716-6a26-42ea-a062-e6da3b6ad681", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:35.000Z", "modified": "2019-12-11T09:10:35.000Z", "pattern": "[file:hashes.MD5 = 'b03db26ee53dbf5d6277c181107dd09a' AND file:hashes.SHA1 = 'c51f465dec98362b87c1db9ba592f3d47032a658' AND file:hashes.SHA256 = 'e782789646de1f1b58323d2961870f9aa574c59901a560396cb72f7a7ceaf6d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c18b282e-e307-422e-bb53-905e3acaba81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:36.000Z", "modified": "2019-12-11T09:10:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T16:26:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9589fff5-a870-48b6-abd4-b5eaf622630a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e782789646de1f1b58323d2961870f9aa574c59901a560396cb72f7a7ceaf6d5/analysis/1573144018/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ec6869bf-3aad-4966-9d07-ec47faf66595" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7b3bd29-fbf2-4780-94f0-b075702191a5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--334a5d8d-d499-44cb-a4bf-a1b09f5c957c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:36.000Z", "modified": "2019-12-11T09:10:36.000Z", "pattern": "[file:hashes.MD5 = 'da504e1b3f0d07ccdeb5bec01677a2da' AND file:hashes.SHA1 = '6ae47dbd973fa337c53ea6dd7209f367b4ebd1a5' AND file:hashes.SHA256 = '7a34cd84c913e1e6c2e1a6f94c34d62d3a261cd1a75da85c0f3d73df9259c5dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--34d09d98-c515-4fd3-a13c-cbfb8f173195", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:36.000Z", "modified": "2019-12-11T09:10:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:00:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e6b2c456-5436-405e-9418-760ae8dda6bc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7a34cd84c913e1e6c2e1a6f94c34d62d3a261cd1a75da85c0f3d73df9259c5dc/analysis/1574546424/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2f7c210b-2f46-40b7-becb-49a6ef24eac1" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4696cd14-a4d7-4f0d-9cfa-7ace467f5495" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7376a665-9c9c-4711-8f68-1f45047546f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:36.000Z", "modified": "2019-12-11T09:10:36.000Z", "pattern": "[file:hashes.MD5 = '0e01c42b96d3b591f3dade6734871d98' AND file:hashes.SHA1 = 'ca9b80a216c9b7e644d9f4db197ac90bd4a65c77' AND file:hashes.SHA256 = 'c1d650ab6aef15a7170da9d2c2060c6c11d2989282a27cfd63f9afc478027a79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ebf1c6f5-884c-4017-b8a7-6420e0f653f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:36.000Z", "modified": "2019-12-11T09:10:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T12:12:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "edf92171-8d51-480b-b7bc-b59af2b50b44" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c1d650ab6aef15a7170da9d2c2060c6c11d2989282a27cfd63f9afc478027a79/analysis/1574424723/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "28b46b72-b5b8-4cab-a874-9f8eb245b6cd" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c8c6d433-8313-477a-989a-d684aee79bac" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4de5a4e-2a19-43d8-9da1-57730d22dab3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:37.000Z", "modified": "2019-12-11T09:10:37.000Z", "pattern": "[file:hashes.MD5 = '58365ae5f3301af655a0fa0b8565c147' AND file:hashes.SHA1 = 'aafc93a1faf3feca19c2b5a654c04d3ebf1c7458' AND file:hashes.SHA256 = '220a65657f754a4b46670b3666f8e14545c0dd286e8caad4591ddb8172e56105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b156f377-075c-41ec-a520-dd934705382e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:37.000Z", "modified": "2019-12-11T09:10:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:53:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3dab8ed2-aee1-4c5a-87c8-75d827b6a005" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/220a65657f754a4b46670b3666f8e14545c0dd286e8caad4591ddb8172e56105/analysis/1574549630/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "907f04fd-450c-42d4-a83f-c4a4669aaf59" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a15656d-e448-4ba4-87fa-ceb477903cbc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56cc4fcc-15c0-489d-8bf0-7f683885a03e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:37.000Z", "modified": "2019-12-11T09:10:37.000Z", "pattern": "[file:hashes.MD5 = 'e2b9af11e6d33640f7d9d8ca6aad77b3' AND file:hashes.SHA1 = '614c2cd7e17f1df66e8934421d2eeeb7f232d56c' AND file:hashes.SHA256 = '3665c04c797a7effbc3edd7e4465e2728e81b0d7f0fbc9fe478f03063bb1bcfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--622a2879-7329-4bfd-a8a6-58f0523d1ebb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:38.000Z", "modified": "2019-12-11T09:10:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T17:47:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c068e0cd-2191-4c21-985e-5f8c8bb2c7d6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3665c04c797a7effbc3edd7e4465e2728e81b0d7f0fbc9fe478f03063bb1bcfd/analysis/1573062473/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3a481ce-9ab8-485a-a849-23b9face7213" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "19f8dfca-a7a8-4600-9657-79a51948864a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d10942f1-7e0b-4700-932c-37a24ca2a7b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:38.000Z", "modified": "2019-12-11T09:10:38.000Z", "pattern": "[file:hashes.MD5 = '6313679a73898caf7fadc34e717e1a88' AND file:hashes.SHA1 = 'a39b6c1949f94136f9a06de84d586328e366cb4e' AND file:hashes.SHA256 = 'a19cb57464849401b6b3550182b359fd662673aaa44103c2d698a6b19612cb63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8d74ec39-ab53-4434-a82a-4cad16a3a23a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:39.000Z", "modified": "2019-12-11T09:10:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T08:47:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eed57b92-fcd0-48ce-9335-ea221f9dcf5b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a19cb57464849401b6b3550182b359fd662673aaa44103c2d698a6b19612cb63/analysis/1575535640/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7111662f-3155-4ed6-b3d4-c98e85ab9d9e" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "921dc011-1894-40ca-8245-fe452ec1fb50" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7aaf28e3-f95e-4803-ac53-ee1c1c50272b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:39.000Z", "modified": "2019-12-11T09:10:39.000Z", "pattern": "[file:hashes.MD5 = '7dd5c274eb948db3641cb324205f4824' AND file:hashes.SHA1 = '5c419f352beeb8b9bfaf9abd3eb4d45e8e3c41ef' AND file:hashes.SHA256 = '9ffc171e07bd76e75957d7a6d6ee25505c33401c50830a2b7f2524f802336c72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b0fff68-525f-40d9-88dd-df82f4ef0a94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:39.000Z", "modified": "2019-12-11T09:10:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:03:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c8e567c-60bd-4df9-8a2a-c5a0995a0224" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ffc171e07bd76e75957d7a6d6ee25505c33401c50830a2b7f2524f802336c72/analysis/1574334230/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d5edda4a-fcf9-46ab-8f51-ed213e493695" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/63", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c565a7db-15e7-4058-86ae-af71432015a2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aee07c40-25ea-4b3c-b4ef-b37feb1ea25f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:39.000Z", "modified": "2019-12-11T09:10:39.000Z", "pattern": "[file:hashes.MD5 = '396bce37d4b5a59da5b8f252ed3aaa36' AND file:hashes.SHA1 = '1c92c45581163a2de5734ddfe5edeceb8aaf6dba' AND file:hashes.SHA256 = 'aae033ea6ac16ca78663191b8248ce7d6caa2c00fab27610cace73ac26f7286c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fb6f45ed-fd7b-4bb4-92ca-05b6fe37d18b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:39.000Z", "modified": "2019-12-11T09:10:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T22:43:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0ce9a2c0-a1fc-4c16-902e-48e8ef6aab47" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aae033ea6ac16ca78663191b8248ce7d6caa2c00fab27610cace73ac26f7286c/analysis/1573512227/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99652023-81d4-4173-8304-626f49e8ef7b" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ac4723c6-6c31-49fc-b667-a1dcd2128794" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f4b6869-ebf6-46d7-82c8-947888af0c08", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:39.000Z", "modified": "2019-12-11T09:10:39.000Z", "pattern": "[file:hashes.MD5 = '185fd4445b254e4f16f609c8f44480c6' AND file:hashes.SHA1 = '76f80c40ff28939c828695544a5893620f70fec5' AND file:hashes.SHA256 = 'd643b32810d7b5fe56ca5148590e7e8079d0d2c7de248905f773f1832dbc8c0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ffb7dc9b-afec-47cc-884f-4e1dc971a3ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:40.000Z", "modified": "2019-12-11T09:10:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:35:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "38103c47-50c3-407c-8563-87aa386a60cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d643b32810d7b5fe56ca5148590e7e8079d0d2c7de248905f773f1832dbc8c0a/analysis/1574332527/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a4070f21-05d1-42fe-a038-fa3722920a14" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b3f13513-1d25-4ae9-9922-5c9f6348b30a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--190115c7-882d-4856-9092-b742108a2eab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:40.000Z", "modified": "2019-12-11T09:10:40.000Z", "pattern": "[file:hashes.MD5 = 'ed0e42d5979c4261588dad9dd2909043' AND file:hashes.SHA1 = '4bcb02486ed4b0bc5356946162fa421d4227ec0f' AND file:hashes.SHA256 = '21f19a65a0194ead3ad5b624e44c7b32510be96633d6e778827adacb311f8877']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--15b205a8-cb6e-45d7-9aad-da527c8ff5de", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:40.000Z", "modified": "2019-12-11T09:10:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:36:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "55dea321-7465-4a7f-9a2d-d31da3e2648e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/21f19a65a0194ead3ad5b624e44c7b32510be96633d6e778827adacb311f8877/analysis/1574332572/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9cd4432c-c5b2-47c5-a7be-9460ccf50981" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4afc9d08-5f78-48f9-8070-26614d2be4ec" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e916952-29d1-4de6-bba2-d3fc796e53d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:40.000Z", "modified": "2019-12-11T09:10:40.000Z", "pattern": "[file:hashes.MD5 = 'c445eb0b1a2df5affef41bb388ec1c1f' AND file:hashes.SHA1 = 'b086f1a59ee9ff5e9970eb7913ced4e8a37a8c84' AND file:hashes.SHA256 = '63a1b92800d420cf3441021474f937833e56fa067144a36b74a15af49abf1128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--95526d28-ceb8-4f8e-aa22-f14c264d5a47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:40.000Z", "modified": "2019-12-11T09:10:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:38:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05736475-a140-4b60-9f80-d401435e83a9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/63a1b92800d420cf3441021474f937833e56fa067144a36b74a15af49abf1128/analysis/1574775486/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5b284240-ee1f-4427-b619-d83ba340a23e" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "12f2b0d1-c707-4bfd-866a-8bed92fda243" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68313563-5349-4294-9eee-4a4b6930b3ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:40.000Z", "modified": "2019-12-11T09:10:40.000Z", "pattern": "[file:hashes.MD5 = '28ba6b1546048fc36df86c81ca180934' AND file:hashes.SHA1 = 'b0fedc1cac631ad33d46fe716f5bf6b47a8847e2' AND file:hashes.SHA256 = '9fe0f0fe473163b358923164a9d1f3287bcfe48f54b9b52aa2712a3f8a8e9ca8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--491197e9-5698-4c91-85a8-0f83e94954e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7749c10b-88b3-4575-a730-8ad538750169" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9fe0f0fe473163b358923164a9d1f3287bcfe48f54b9b52aa2712a3f8a8e9ca8/analysis/1574062644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a464a6c6-5c5f-4fb6-ae40-204774e6ed0e" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7bd9e82e-6bfb-401c-9996-526e6f0fbd69" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64dd15b3-2453-408f-b6f5-699ea53bf1b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "pattern": "[file:hashes.MD5 = 'cf9f3cbd5d01f8fc82dcb34f9622bb72' AND file:hashes.SHA1 = '09b5c515eb256fb4e97b6b9bc0632a2e31829e4a' AND file:hashes.SHA256 = '6c9cfef6b7e2312183b7140e1949ed712a28ed9e906580c25bc371c7d2c6f559']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e253786c-c98c-4560-9b8b-7646ef35d4c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:57:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "af4de519-c57e-457a-9adc-20372dc97bba" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6c9cfef6b7e2312183b7140e1949ed712a28ed9e906580c25bc371c7d2c6f559/analysis/1573894658/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6d528a28-5b54-488c-96e6-615774f80e00" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9736445f-1543-44aa-955c-da24538d5130" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee0adf9c-a186-4916-9c43-bbc20ddf6742", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "pattern": "[file:hashes.MD5 = 'bd65cf7b1dfd1fb281732c25b6dd0ecc' AND file:hashes.SHA1 = '331aee325d364a9320b48f9fbed6b6a351cb1978' AND file:hashes.SHA256 = 'fefbd626a8986fe0c42ad78e59421e0dd05bae31c26ee51a4376c58d99d3dfe5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6c819924-59ed-4ba8-9075-9b44378c194b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:27:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e4aed69c-61c9-4025-8d84-bd7a6682af8b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fefbd626a8986fe0c42ad78e59421e0dd05bae31c26ee51a4376c58d99d3dfe5/analysis/1574332061/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5f957ab6-b7b9-452e-892b-28ee18580b0b" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9110341f-eab3-4c38-b187-517797c24cbc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32858727-1f3f-46c2-835b-d92df8fbbe42", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "pattern": "[file:hashes.MD5 = 'de75f6f8b25f8a5efe9bc7ab59c3c2e8' AND file:hashes.SHA1 = 'c300411ba6174a7fd302f9a8ea939bdb77c24720' AND file:hashes.SHA256 = 'ac0a3eef0ee842e7377a81a4b64470ec90e3e3d871c4b0bbbba027d6dd73d839']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--03b98b00-c2d4-4bab-8c3b-994435c9d01f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:41.000Z", "modified": "2019-12-11T09:10:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:42:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d8be51fd-5df9-49c3-a1f3-36a49888979c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ac0a3eef0ee842e7377a81a4b64470ec90e3e3d871c4b0bbbba027d6dd73d839/analysis/1574332938/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05b8513f-d3d7-4ed9-9684-43b02167bfb3" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "730cf75a-0c9b-485b-9ce3-93f37cc4a575" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af710a53-521f-4c89-bc1e-e0009e897980", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:42.000Z", "modified": "2019-12-11T09:10:42.000Z", "pattern": "[file:hashes.MD5 = 'b71d6d55d88c1bdb0cbbbdc00a6626ec' AND file:hashes.SHA1 = 'b462d886415aabb4c649e42750d1cf6e5e20549f' AND file:hashes.SHA256 = '2f88813ba2a9fd0c09d188c305482a94ddc809200750f7ab979affd944b8b019']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a7ff9f45-3a50-4e9a-8f65-66403d663a62", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:42.000Z", "modified": "2019-12-11T09:10:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:05:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d299bbcf-56b5-48d5-b3a4-d2215222e688" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2f88813ba2a9fd0c09d188c305482a94ddc809200750f7ab979affd944b8b019/analysis/1573873501/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc6ee223-d301-47e5-a37d-e3e32431586e" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "843a807e-5a28-4687-bab2-21032c8973b1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e0029f8-d3d4-4f3b-b46b-f1338edec78a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:42.000Z", "modified": "2019-12-11T09:10:42.000Z", "pattern": "[file:hashes.MD5 = '6b1edfe1f3be758bd59ced177d0d025c' AND file:hashes.SHA1 = '6e722b77336e54b2c6baa575fe319f4d9299ecd9' AND file:hashes.SHA256 = 'e908dcbfc6a2d0dda43f4fb1aed61a3279b0f8cd383e796cf7d13d45049a0d7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cfd88dae-dc3a-4c99-9f6e-95c373ebd3e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:42.000Z", "modified": "2019-12-11T09:10:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7509eac2-4a83-4d34-99c2-242957a909eb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e908dcbfc6a2d0dda43f4fb1aed61a3279b0f8cd383e796cf7d13d45049a0d7b/analysis/1574936782/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "29ba0bda-5ab5-48ac-8c0a-43cce3875214" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a0e80914-bed7-4200-9914-7ef69b75e0db" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9abf1fc2-6b35-4683-ba31-9f6e137d9c08", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:42.000Z", "modified": "2019-12-11T09:10:42.000Z", "pattern": "[file:hashes.MD5 = '96c94032ec01fe3b5c74af8c987ade2b' AND file:hashes.SHA1 = '87bcd2fa2e1340c6b6ea9510bdcd961c2dadfd96' AND file:hashes.SHA256 = '5871169ac3ab263569ed138888cd17a3770d375854e7734fa03c339c7ed9e916']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a64a8a55-a61b-4d0d-8b08-54ee89ee7ea6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:44.000Z", "modified": "2019-12-11T09:10:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:22:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c804776e-add6-4635-ab93-a2fab46888e5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5871169ac3ab263569ed138888cd17a3770d375854e7734fa03c339c7ed9e916/analysis/1573737745/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70405ce1-1459-44dd-a285-30201ceef394" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70588e30-3e9b-4638-8e42-c766bd998e63" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e79989fd-61f9-4ddf-8828-2d65e697945e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:45.000Z", "modified": "2019-12-11T09:10:45.000Z", "pattern": "[file:hashes.MD5 = 'f442fda3a255a6e5344595b558b887a6' AND file:hashes.SHA1 = '1f08422761b0e553e42d8083676f5ac59e77a97e' AND file:hashes.SHA256 = 'ab8028bc96c4000430bd8da9f5c7f86fc58f001080dc022fcb0fa61daf4aa3d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fd5f1ceb-997e-441b-b218-5304fd5ab648", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:45.000Z", "modified": "2019-12-11T09:10:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T12:31:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b33ddaa-1f23-4a27-bfce-97c8db23428d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ab8028bc96c4000430bd8da9f5c7f86fc58f001080dc022fcb0fa61daf4aa3d5/analysis/1573561886/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "576c8725-27de-4afd-8298-1710e2f93a45" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf145167-d74b-44fd-88d2-ec5e105f4868" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--076ec3fc-a672-44ff-a43b-f6931a75b962", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:45.000Z", "modified": "2019-12-11T09:10:45.000Z", "pattern": "[file:hashes.MD5 = 'ee0478db2c34ed6cbfc21bb79193c6d3' AND file:hashes.SHA1 = '9bae94e6450b0508f916b2c6b2149c18f7407d0e' AND file:hashes.SHA256 = 'ec22ee792afd1e0428019c172aa3382df34771f9671a2a9b5cb67aee9267edc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4ebc765f-3147-4a56-b87d-d57279baaa14", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:45.000Z", "modified": "2019-12-11T09:10:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:40:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22520359-b4f4-4873-92cc-a299a139c2ae" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ec22ee792afd1e0428019c172aa3382df34771f9671a2a9b5cb67aee9267edc9/analysis/1573396810/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ca1ac3f-aa65-4d00-9c24-21779d8232a6" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a42d1a5-84b4-44c2-8c71-ad7978cf2326" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9197aad4-39a3-45a4-9ccd-7d919989468e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:45.000Z", "modified": "2019-12-11T09:10:45.000Z", "pattern": "[file:hashes.MD5 = '7388a4a7ccf1aa473404adb9d3834318' AND file:hashes.SHA1 = '4720f604455c7771aa214da024e8425b6e6fd8eb' AND file:hashes.SHA256 = '0793a789afe30dcd3a93bda8b77cd75ba2f1a9d28a371f0f96cce03efb3c1849']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6b7d265f-5cac-413c-8cd9-95c902b73228", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:52:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1286ba7f-17e2-479e-b7b2-2a3f94aad69c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0793a789afe30dcd3a93bda8b77cd75ba2f1a9d28a371f0f96cce03efb3c1849/analysis/1573894363/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "51d9ea15-ecbc-43dd-89c1-2c3f3f33c52c" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae7899e7-6607-41c8-b63e-795279e5fbf7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--508c47de-d7b2-405d-87a1-47752784e5bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "pattern": "[file:hashes.MD5 = 'daa490f7355de3b9b399ff356d0ae1dc' AND file:hashes.SHA1 = '4e316155c20a5f03fdf23eb5c3f24abc57cc55de' AND file:hashes.SHA256 = '62f4fab29c4f69c9bc911b6ec388ed93543889b6f58883e0513304fdb9210c8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c8f8cb6d-5af5-43ea-bbb0-06f60165a41d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:41:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "66c71b45-7053-4856-ba25-7099a4d77669" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/62f4fab29c4f69c9bc911b6ec388ed93543889b6f58883e0513304fdb9210c8d/analysis/1573425677/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3576cf07-152f-4590-9791-3a8bace13b6f" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53e49120-1a1e-49fb-a02c-3a8c162eec8c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e38e5407-e670-42ef-93cf-b00573c36cd6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "pattern": "[file:hashes.MD5 = 'cae97db02e33891829bcb5323db32d79' AND file:hashes.SHA1 = '5aaecb24042358bbd240129e8ad730e92265a8aa' AND file:hashes.SHA256 = 'b5beb26498be7bcdc7339b4df0e98b1efd052287706d8677a46c85cf1924fc22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--69360a5b-7dcd-4424-b1f7-edc91902d8fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:45:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1dadfd24-75d8-4f8b-9a31-004bdf44f726" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b5beb26498be7bcdc7339b4df0e98b1efd052287706d8677a46c85cf1924fc22/analysis/1573980323/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "402dc0ee-47de-4179-bde0-daaa40e424ef" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "745a2a9a-fb60-4a56-8885-b3f1b1fd3b60" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b989039-6f0c-462d-9b45-cf9cb3f1b3c5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "pattern": "[file:hashes.MD5 = '7a020fb4cabffada9d25788a8d41f3b2' AND file:hashes.SHA1 = '82255dfc8ab4b3848dfe0d9c2d9d62280986a5cd' AND file:hashes.SHA256 = 'eea7cc92f6d27c6a67c1fd0767dc4d97be238d7b8ae3aa93020d80aa7ff65d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a8607e7c-7ff2-4432-8535-b79232cff49e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:46.000Z", "modified": "2019-12-11T09:10:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:21:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "129214e7-5604-4b31-9d83-1f1f4c7b3d9c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eea7cc92f6d27c6a67c1fd0767dc4d97be238d7b8ae3aa93020d80aa7ff65d44/analysis/1574547687/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f3ffbd0-b867-4bda-9abe-a5548ca415fc" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "036b83b0-900f-4927-8618-10097d067c6e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ae255ca-988f-4503-974a-d7f3176d71ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:47.000Z", "modified": "2019-12-11T09:10:47.000Z", "pattern": "[file:hashes.MD5 = '27a7c179fe4c829de2c002801bae4f48' AND file:hashes.SHA1 = 'd021c6d53e97e9374ba945f420e2270fab008ff8' AND file:hashes.SHA256 = 'a1a25ccadda246f3d7a560a95bdea9957950045f11595308df5624485be320b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--722c1268-12a8-4655-b6d2-92d8e2067996", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:47.000Z", "modified": "2019-12-11T09:10:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:42:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8064bfd8-5b5a-4d9e-bcb7-e7e4bca1578d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a1a25ccadda246f3d7a560a95bdea9957950045f11595308df5624485be320b6/analysis/1574332958/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f0ae43fe-e741-4fbb-b71d-88d24fcdf2e0" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b7f75b8-1da4-409a-9996-42ad6c7e8a94" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3daaa8a6-a836-4877-8f62-d16e6a99cd89", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:47.000Z", "modified": "2019-12-11T09:10:47.000Z", "pattern": "[file:hashes.MD5 = '08264544c50ab5af05eab1243a4172c1' AND file:hashes.SHA1 = 'be35a4e4083d06880785683fe2ba8024b75ea880' AND file:hashes.SHA256 = '3bc7c49d2b4bc9caa3d54c884679ff2b278df3a3821c80186fe258bd1cbd4eaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--31a94059-6a6d-4b60-9d34-ffaec33d6bbb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:47.000Z", "modified": "2019-12-11T09:10:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T08:40:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ab94725-11b1-42d2-9464-f6de36b85b75" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3bc7c49d2b4bc9caa3d54c884679ff2b278df3a3821c80186fe258bd1cbd4eaa/analysis/1573288824/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0d813cdb-7eee-426b-913e-973fd9dc1017" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "966a05f6-d170-495e-8d93-41b67fbd4352" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d0baec0-5a8c-479c-b612-010d1cfc2de1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:48.000Z", "modified": "2019-12-11T09:10:48.000Z", "pattern": "[file:hashes.MD5 = 'c2e4ee48563d948d0514e6a2d16eb87a' AND file:hashes.SHA1 = '4d091c1a443bca2a0e711eab59c3f5f3aa7940a2' AND file:hashes.SHA256 = '8ec3ddea193714bd2fef447d33c11b71e5d6f6b87b019fe76a16ad08f425c49c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9c2f4bf4-446d-4a13-a18c-e0e3a5c904a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:48.000Z", "modified": "2019-12-11T09:10:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:41:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "01cd6e68-abdc-496d-8ada-54554824610e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8ec3ddea193714bd2fef447d33c11b71e5d6f6b87b019fe76a16ad08f425c49c/analysis/1573425695/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "487c8bdb-5bfd-477f-8cd1-4e6a87a27488" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c5bc9819-3fa4-488d-9505-c3d7abd39891" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--600fa261-6de5-4436-9730-3ccf84bb3bec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:48.000Z", "modified": "2019-12-11T09:10:48.000Z", "pattern": "[file:hashes.MD5 = '4bc277d1c06a14cb57a4beb8b70ba693' AND file:hashes.SHA1 = 'd66b2888d062234bd4ad73fa6e94aa491a49fa84' AND file:hashes.SHA256 = '77db29ae7db276b52c2c4f8dacec831896523d8bbfa2cb21a161fa5a50d63476']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2d1cd09f-2c06-4db7-8079-15d878241205", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:48.000Z", "modified": "2019-12-11T09:10:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:46:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "743efac4-0abf-4150-8693-bdfff9afdefb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/77db29ae7db276b52c2c4f8dacec831896523d8bbfa2cb21a161fa5a50d63476/analysis/1574545610/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2721b2f-98cd-4db5-beca-d6a3596437a9" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9778e88-fa57-4a9d-86b8-ca62251852b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e29bb53-4317-42ed-8b7d-4919f4b831b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:48.000Z", "modified": "2019-12-11T09:10:48.000Z", "pattern": "[file:hashes.MD5 = '44fe13c0c25a706c46247158fb4c932b' AND file:hashes.SHA1 = '46b183a1089a1e42cc510f662047c11610019656' AND file:hashes.SHA256 = '5868d46bd51c706f79a968ee4020810bffaed8a85a8c67a37d0c656a10a9eeba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7e548b9b-5d25-4628-856a-0d559a6b67a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:48.000Z", "modified": "2019-12-11T09:10:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:19:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c7f66163-201e-4514-aebe-6d75aeb50a24" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5868d46bd51c706f79a968ee4020810bffaed8a85a8c67a37d0c656a10a9eeba/analysis/1573823945/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "097f46a9-2cd9-43b7-8675-7204cfd3b499" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "770438c0-7777-47c3-9f9a-e51eb42429b8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11df11e9-c64d-45d9-9474-b234b06cdb98", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:49.000Z", "modified": "2019-12-11T09:10:49.000Z", "pattern": "[file:hashes.MD5 = '6b8009b8b493815314e10368a24a916b' AND file:hashes.SHA1 = 'bad88aa8859f6017c544f8bdce36d4def05017fb' AND file:hashes.SHA256 = '940b78c80d87d87ec29b645857635886addc471f8c70b865e49288feec5059a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--52beb6bd-475a-4dd5-9d70-fbd1aa29c3d5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:49.000Z", "modified": "2019-12-11T09:10:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:59:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b4f384bb-3f5f-4a46-942a-11a978836105" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/940b78c80d87d87ec29b645857635886addc471f8c70b865e49288feec5059a5/analysis/1574549965/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d592c89f-5646-4ff9-aa78-415ac199cd15" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "59223a99-9ea6-4d4f-8014-8017f52a05e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--321ff7b0-34b7-479f-8dd0-41c259ebbe25", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:49.000Z", "modified": "2019-12-11T09:10:49.000Z", "pattern": "[file:hashes.MD5 = '3f5e33f1cff14ab311595851ad52f523' AND file:hashes.SHA1 = 'de73412d7748850833d269d7998fd2d5a2444877' AND file:hashes.SHA256 = 'eed0c51f66ef52f2fe6eeb4b2809e1aecd48922fb090f2ef19fb1ac689e1e628']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--64d45127-0af1-44cf-9934-4f1d4d4a9840", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:49.000Z", "modified": "2019-12-11T09:10:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:09:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7ba5d57e-6a27-4cd5-beb9-d871cdc6672c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eed0c51f66ef52f2fe6eeb4b2809e1aecd48922fb090f2ef19fb1ac689e1e628/analysis/1574251769/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae02398b-6394-45da-bcd5-5f7d1cb4a87b" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9bc74ece-7d49-450e-b235-554b58291cbb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64429339-5b9d-4b6a-9614-167fa0e883cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:49.000Z", "modified": "2019-12-11T09:10:49.000Z", "pattern": "[file:hashes.MD5 = 'ea68eca52a4f4c00a36b4bcee979e8f0' AND file:hashes.SHA1 = 'ca40a277801ee46de7440ee6b6095be304ad19ac' AND file:hashes.SHA256 = '13d9fce3701ddc48ae25113120decc21d458765bf655e3dff640b993b31a6614']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5ccd21bd-6cca-4733-8961-9b0e4906afe1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:50.000Z", "modified": "2019-12-11T09:10:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:05:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e3317d24-7ffc-4fd8-b251-712d33fc7728" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/13d9fce3701ddc48ae25113120decc21d458765bf655e3dff640b993b31a6614/analysis/1575176743/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b58b1090-9fee-4331-8f1c-b31ab1a24cae" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f914430b-e63d-4ab6-88d6-4703bc81f6c1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62ba4a06-02e3-4eaa-9f23-156bd0911684", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:50.000Z", "modified": "2019-12-11T09:10:50.000Z", "pattern": "[file:hashes.MD5 = 'b4af44f22253cfab72796ef1a5642d49' AND file:hashes.SHA1 = 'efc70c16ad673b34312f8df4ee7f100e6502ad2b' AND file:hashes.SHA256 = '6bb35ab59734e874c72d8142ff21892ecf003e0341ff689f0bee003ff8bbc324']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4cca88bb-70ad-4884-b433-e3803ea0a1f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:50.000Z", "modified": "2019-12-11T09:10:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:39:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "24f63817-f9cd-4287-874d-69b2811e7e11" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6bb35ab59734e874c72d8142ff21892ecf003e0341ff689f0bee003ff8bbc324/analysis/1572889148/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88db6feb-32ee-4eca-bb3d-5f5bccf9c1dc" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "949ed066-62b3-4588-ba83-660d8ee9d60f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc9f7c61-9813-410d-8947-bd622d3428f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:50.000Z", "modified": "2019-12-11T09:10:50.000Z", "pattern": "[file:hashes.MD5 = 'e0670df0c9b2de2c5551c84950a8841b' AND file:hashes.SHA1 = 'efe48904b62643eae2607976a67dd0f51c2017f2' AND file:hashes.SHA256 = '3a7fe7796e70149b80f41d070b2d0050e2055cba3bd2e6cda7752441a736b8d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--22676db9-d003-43e6-8e61-bb9751963fb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:50.000Z", "modified": "2019-12-11T09:10:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:25:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7cb91144-80fa-4b1f-b4c5-361c36b91a32" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3a7fe7796e70149b80f41d070b2d0050e2055cba3bd2e6cda7752441a736b8d9/analysis/1574612747/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c6f5100-2376-4384-865e-5f343f035e43" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c655436a-0b67-406f-8f19-85b9a0ed7f58" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9749493-6aa2-49b2-aefe-f207ff3a8aba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:51.000Z", "modified": "2019-12-11T09:10:51.000Z", "pattern": "[file:hashes.MD5 = '62d3b72da63afa1c0a555a31c7f458de' AND file:hashes.SHA1 = '51038e980566c30cadc83cfcb9c858d5bdc94cba' AND file:hashes.SHA256 = 'bedcab7f3878611ff761325d62ee183f5496edc8dd2381afea34ced2bfc64db7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e25bb58d-f313-41ce-ae1f-fdc088624f99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:51.000Z", "modified": "2019-12-11T09:10:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T06:43:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ea5a611-8c07-499f-837f-171d65ee5430" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bedcab7f3878611ff761325d62ee183f5496edc8dd2381afea34ced2bfc64db7/analysis/1575355428/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d3ffbb8e-76e3-4492-b6a1-5e90aa2573da" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d7a0747e-26f2-4abe-b8c5-d9d49fd9135a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cedddf8b-6830-4953-8a90-eac2e56849fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:51.000Z", "modified": "2019-12-11T09:10:51.000Z", "pattern": "[file:hashes.MD5 = 'b483216f8164ef08234308669292be7f' AND file:hashes.SHA1 = '1096d2044e13dba82e6277939d889059337eeab2' AND file:hashes.SHA256 = '737444d7942052e791619adb10261afa045159ea0873ad75d6389ebe60e1325b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c3319757-81fd-449d-9452-0034f18e4e50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:51.000Z", "modified": "2019-12-11T09:10:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T13:45:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "18d0f57e-6f07-485c-b0af-2cb8923895cb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/737444d7942052e791619adb10261afa045159ea0873ad75d6389ebe60e1325b/analysis/1572961505/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f4e861ea-edd5-4be6-8065-b987cb769bfd" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bfe6fc36-ff18-4d50-9d8f-e330c086ec29" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2d8cb4c-350a-4881-b1ed-ab623c674f91", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:51.000Z", "modified": "2019-12-11T09:10:51.000Z", "pattern": "[file:hashes.MD5 = '020592b68529b5b7fd950eab699f568c' AND file:hashes.SHA1 = '65941ffd70c42cabfff1a831cef70819e61e9bd0' AND file:hashes.SHA256 = '46cd5c3efbd83d66e3752be1d8229c6eb597d7d24ab68c6cec249f6b0368e57a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7af9923b-7777-4df1-9ecf-86d8db86dae1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:51.000Z", "modified": "2019-12-11T09:10:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:36:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "96aeda7d-0ef1-4f05-8b8d-8f88623034aa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/46cd5c3efbd83d66e3752be1d8229c6eb597d7d24ab68c6cec249f6b0368e57a/analysis/1574332604/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0a9bfbaa-5092-463a-9add-e77bf0356919" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "35ab8b5b-bfa0-41f8-b0c8-f07c0f032f96" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16144424-d01f-4a4e-b9db-53fdcfc431be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:52.000Z", "modified": "2019-12-11T09:10:52.000Z", "pattern": "[file:hashes.MD5 = 'f13fe3479a5f6b6b53e8d763f3093fcf' AND file:hashes.SHA1 = '0ccb854ec4cc5eb75e0ce5d0394edac076189722' AND file:hashes.SHA256 = '9c1c4166a5f5861823f981c7e16932351844b0d62251eb79f73e7a25844b7dbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--58833fab-1a5c-4762-99b5-55e98ce88973", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:52.000Z", "modified": "2019-12-11T09:10:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T01:25:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "09cf0ac0-34a5-4cfe-8aad-840b6053e922" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9c1c4166a5f5861823f981c7e16932351844b0d62251eb79f73e7a25844b7dbb/analysis/1573781119/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "59c23655-9d16-4d36-98e5-744156bf3217" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "080ec92d-9848-41a7-9d19-b7a98f8187ea" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4bd10b1a-3756-4b4b-8767-0d9a3c9259e3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:52.000Z", "modified": "2019-12-11T09:10:52.000Z", "pattern": "[file:hashes.MD5 = '31cb517437d31fd564756d5bf87fe412' AND file:hashes.SHA1 = '40f95a78c6dc734bce2c30c34782c63ab7f89316' AND file:hashes.SHA256 = 'f888524b88358c2f1bd11a7a98dfcffab0997d13e214116d73d23d7d905c8df4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cc5656d8-39da-44e3-ba60-194af764034c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:52.000Z", "modified": "2019-12-11T09:10:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T08:59:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e16c2bcd-3902-4b41-bfc2-d1e99d8287f4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f888524b88358c2f1bd11a7a98dfcffab0997d13e214116d73d23d7d905c8df4/analysis/1574499589/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "40259fc4-72ae-49fd-a1a4-2f1d0187bb47" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27401a5e-9d45-4398-a051-9e5da6f839a0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e87724f-2380-4b47-8c65-e7972a25ca50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:52.000Z", "modified": "2019-12-11T09:10:52.000Z", "pattern": "[file:hashes.MD5 = '88cfd6c9ce0f4022aafcecb754f65afa' AND file:hashes.SHA1 = '00a14dfc281750202ae8c26f49dfc14c655d2e88' AND file:hashes.SHA256 = '57a99264787fecbb4acc9f317f460916acb380ac941ccb66d7c7521b1ec17e46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5adfe6db-846d-4c5a-819c-8c457b28f2cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:52.000Z", "modified": "2019-12-11T09:10:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:18:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db2924bf-c6b3-4a4c-a9c4-4f1c6f780d7b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/57a99264787fecbb4acc9f317f460916acb380ac941ccb66d7c7521b1ec17e46/analysis/1574331527/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78dced09-c087-4fb5-9f1b-2b2cbc806849" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b79264bd-eae1-43ef-ac73-bb419099bc36" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f0a49e1-0ce9-4944-9200-1e2db8abfcb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:53.000Z", "modified": "2019-12-11T09:10:53.000Z", "pattern": "[file:hashes.MD5 = 'fff1f674b4bb3a25ecc9aa5d2c857ecc' AND file:hashes.SHA1 = 'f7112cca7ab076d196f8c10df4286a54850787bb' AND file:hashes.SHA256 = '1727fe93ee7f5cdce528dcd24d36c425fa90ea91c293c58fd38fc71fcff64e32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--492231b5-8f97-406b-9e0c-41ea31df35b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:53.000Z", "modified": "2019-12-11T09:10:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aee11c72-0ccf-4fc7-922c-855af9086479" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1727fe93ee7f5cdce528dcd24d36c425fa90ea91c293c58fd38fc71fcff64e32/analysis/1574062634/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "206b22f1-e62d-4dda-a1ef-1edb76a9bcbe" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4e3fc20a-5b64-4b4d-84e3-fef46df14c44" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e09181c3-54f6-426f-836d-630195f98612", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:55.000Z", "modified": "2019-12-11T09:10:55.000Z", "pattern": "[file:hashes.MD5 = 'daf07016320e55fe8ac114223ccf083f' AND file:hashes.SHA1 = '7cf99e81a6542ab06342c9aa29f206d7e497a21d' AND file:hashes.SHA256 = '98a7b6c06daf06711cca53955d7b4f74d18197442c426d745421bdbd802d8ee4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0815fd32-3f74-418b-b2c5-bffb1186f647", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:55.000Z", "modified": "2019-12-11T09:10:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T06:51:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e70b8d4b-0643-4a25-bf03-52d4e63c9195" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98a7b6c06daf06711cca53955d7b4f74d18197442c426d745421bdbd802d8ee4/analysis/1573455081/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fca8be74-ffc5-4948-8bf1-8a898f94c1f3" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8b534a6-d1d3-4031-b41f-471c340ddb1b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--376494e4-19fe-4182-abfa-864ac7c9c6d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:55.000Z", "modified": "2019-12-11T09:10:55.000Z", "pattern": "[file:hashes.MD5 = 'c8ee571ad84110390ea5f31ee9abaa17' AND file:hashes.SHA1 = '72eab1c99478af21428480c7b467c9edfa49f4e0' AND file:hashes.SHA256 = 'd9f32d7b5404638a9d14fc4632936c89c9c6420cb63356a232d4e4db891bcf1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--19270c9a-bdf2-4e27-911e-b793dc82e57a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:56.000Z", "modified": "2019-12-11T09:10:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:00:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f6a49c29-a757-4133-834b-8ce78b42499b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d9f32d7b5404638a9d14fc4632936c89c9c6420cb63356a232d4e4db891bcf1d/analysis/1573394426/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d786046c-5b34-4529-936e-37c702c8a70f" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "825ae8c8-cad2-468d-a91f-966472e2aa4d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d35e9b13-b591-4c3b-ba81-7d6ebcdf1ee9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:56.000Z", "modified": "2019-12-11T09:10:56.000Z", "pattern": "[file:hashes.MD5 = '9438e4d62d2acd94b18777f3e19799a4' AND file:hashes.SHA1 = 'e633fba9e12ad34c11114ee1ff72e68561f51f1f' AND file:hashes.SHA256 = '606941e440a5e3c93654b8e66e697ee644582afe3bd183de8eced61219e31ac7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dc362422-092c-4b92-b4c1-ad3c5a322fb4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T01:23:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7e3334c-b83f-43b3-9e1b-94617f2d311e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/606941e440a5e3c93654b8e66e697ee644582afe3bd183de8eced61219e31ac7/analysis/1573349018/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5b317696-f9da-4d20-a77b-170bd83092e6" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5df50e08-4a97-4935-972e-2a92684bad6b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4db3dcc5-b9ea-4f99-949c-1373ba9efcf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "pattern": "[file:hashes.MD5 = 'e40b6d64cc3ea5e20b5e366af6ae3056' AND file:hashes.SHA1 = 'e5d6386464fc01429b6dd5061d40d19a6c4b0700' AND file:hashes.SHA256 = '21d2ae10a5a809222b67ffaca166e2a76732b47615597ea2f408f19d43ae0493']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7bc644f5-5b56-4fc1-99da-77653550379d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:09:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b77ad0d9-effb-4684-99d3-e23061f3a2f4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/21d2ae10a5a809222b67ffaca166e2a76732b47615597ea2f408f19d43ae0493/analysis/1573895359/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78cf2f30-6346-44f3-8f55-8e1bc10d56fa" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7716b355-676f-438d-8df2-6512a3e18500" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76057e00-e1a3-4d4d-9234-8491d141c504", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "pattern": "[file:hashes.MD5 = '2e0e7ddb2609e9a574ea32eaa1b9c78c' AND file:hashes.SHA1 = 'bca5b41451d4020dd25fb8a8b4e773e9bce4fcb1' AND file:hashes.SHA256 = '2a33c66d6bab81782a1efc66c740cd1e1e38b138c76fa09c8eaf9dbcb7620e0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d38800a2-86e8-4e1b-ae74-91b94534efe8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:14:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e81bd250-a2bf-46e2-ab35-d191f5cf0a4d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2a33c66d6bab81782a1efc66c740cd1e1e38b138c76fa09c8eaf9dbcb7620e0b/analysis/1573985684/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74295210-794c-472a-aa1d-49edece1b587" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1bc2a48e-5c07-4153-be40-daf4a78dd675" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3297203a-bd22-4cd1-921c-c9b13bca5da5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "pattern": "[file:hashes.MD5 = 'da378c615869d24b2b1b454e420b5897' AND file:hashes.SHA1 = '68bed749f12efde2f22f34e8a5c55db7fcbf42e0' AND file:hashes.SHA256 = 'ca543b40cfd9041fc4a3a4774e8b809c1fb0c1d9611e63cb12c375433902903e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aa505ab9-f601-4648-a1b6-4da40901ae55", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:57.000Z", "modified": "2019-12-11T09:10:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T13:54:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "62a68274-f734-4053-b011-3bdfcd0ec2b7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ca543b40cfd9041fc4a3a4774e8b809c1fb0c1d9611e63cb12c375433902903e/analysis/1572962080/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c28c2504-50b2-4ed2-b956-2f39f893242a" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "226a13b7-e95c-47bf-b0e7-177211bf2ee2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2df84a4d-abea-4e71-8580-bda849f4db82", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "pattern": "[file:hashes.MD5 = 'ac5c97d9ffda26a21a2675e958998006' AND file:hashes.SHA1 = '931f0859d6df5b68cc93ddaa80bc35b4c08e9477' AND file:hashes.SHA256 = 'dc0c06608a9d7c44ed27d16bc64d75ae72c31d14135440208d36fafa5220a76e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0a24cc34-7c45-46a6-9f16-0ff607c41ee3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T08:40:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c0ab97b1-aaf1-4c5b-9b99-64294aa7b720" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dc0c06608a9d7c44ed27d16bc64d75ae72c31d14135440208d36fafa5220a76e/analysis/1573116024/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1537feef-054c-4e5c-a7be-57e6a26a5fbb" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15879886-d061-4b10-b604-486c9772614f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2dc85285-8460-49c6-959e-6766a6124fdd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "pattern": "[file:hashes.MD5 = '6b09d556363ba4074e72a31610630901' AND file:hashes.SHA1 = '86d552e54a5f86f81248b89f51689d0abb5f6e58' AND file:hashes.SHA256 = '7046577f74929156e1a0e8b8a267a254074ad941a58cbfa808fe95f248c7687d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--48201af7-1b01-48b8-a9b0-18b859fe71e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:26:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3e8cccc6-5a7f-4676-a1e8-f175f0cbf530" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7046577f74929156e1a0e8b8a267a254074ad941a58cbfa808fe95f248c7687d/analysis/1574331996/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "923b3bc7-0222-4c7b-a2e8-f4a463488032" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4e6d529d-6f56-40e9-b1f5-6e0a3ba5ffe9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93e653fd-f737-4eec-91f9-ccea68f69d57", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "pattern": "[file:hashes.MD5 = '6389b1220100586207fba707c2568ec5' AND file:hashes.SHA1 = '00af72ec8099e863cd7319280d2b635fae5dbb5a' AND file:hashes.SHA256 = '5ca46047bf29b4838397231f505f6a2c52219449933cb4156402a3f906e29a47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--06dd20c3-b244-4c18-bc92-a85103e4c889", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:40:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c37fd285-ffe0-41ee-8b62-70a5c038247f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5ca46047bf29b4838397231f505f6a2c52219449933cb4156402a3f906e29a47/analysis/1573893652/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "67031aa3-dacb-4ed8-b087-6753c1885c00" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5481dee7-fd23-4989-8567-74d27e794cce" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb75d84e-2cfd-49e2-9227-a78141eb1d28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:58.000Z", "modified": "2019-12-11T09:10:58.000Z", "pattern": "[file:hashes.MD5 = '89ce7d3e86c60ec4616915b50bbe7af4' AND file:hashes.SHA1 = '72799bd25b3098019fb8398aad848b393e40c00a' AND file:hashes.SHA256 = '9e15e1cb09224f97d4473389080ef7a811bb04df9c6ad6e1764471a1186008c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:10:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--05ba90e1-fe79-490c-830e-e2e3127e4bd1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:10:59.000Z", "modified": "2019-12-11T09:10:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T21:18:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ef9cc67-4dd7-402e-8880-139fd30fc323" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9e15e1cb09224f97d4473389080ef7a811bb04df9c6ad6e1764471a1186008c1/analysis/1575407916/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d31307f-0626-44d2-aa83-83fb9abfde3e" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "392c4ddd-fb3e-41f2-9e8a-6062c4adcc37" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3fb5ee8-ed83-41a0-94ad-8ea9fb6daf99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:00.000Z", "modified": "2019-12-11T09:11:00.000Z", "pattern": "[file:hashes.MD5 = 'ab67f3368cabc182a01fb04f4c8b6ece' AND file:hashes.SHA1 = 'b065a3e442e59a86274f6c70bff16e7d3e38ce1f' AND file:hashes.SHA256 = '528c6ce5c450d901c81dc9bf8eb5b7023cd153303f3c3cb4d43396280d932b9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7f9ff2ed-5ec2-4c8c-b849-4703420ccd75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:00.000Z", "modified": "2019-12-11T09:11:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:20:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae750a80-fd87-437e-b696-4150604677f2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/528c6ce5c450d901c81dc9bf8eb5b7023cd153303f3c3cb4d43396280d932b9d/analysis/1573874419/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "65b5b163-e70a-4390-9f50-0f2fdd89b0e0" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1d97039c-cea1-48ec-9163-98cb78783f78" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c8d7a6f-dd71-4981-931f-da97c781a7db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:00.000Z", "modified": "2019-12-11T09:11:00.000Z", "pattern": "[file:hashes.MD5 = 'c57cb52375c51b401d6c4707ad7e0455' AND file:hashes.SHA1 = '33f39f082269e9234053b3e53f6dc2916911e3a4' AND file:hashes.SHA256 = '8fed723fdc0793a7a130e6327d5e8feff1feded7555142d01a3d788404a1b3cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3850e17f-7108-401a-8f24-ae76491b291e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:01.000Z", "modified": "2019-12-11T09:11:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:29:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc971a58-c025-4c64-a15c-69db1822a663" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8fed723fdc0793a7a130e6327d5e8feff1feded7555142d01a3d788404a1b3cf/analysis/1574332193/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a1fc8d3-fb7a-4b23-acaf-8af697a842bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "90d7c37f-5459-4cc4-80f9-e91c23d48070" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a330fbbc-71ff-4351-ae7d-6778300ecade", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:01.000Z", "modified": "2019-12-11T09:11:01.000Z", "pattern": "[file:hashes.MD5 = 'b2c334aa8145be71c8be7ede882da901' AND file:hashes.SHA1 = 'c57385f073e6802cd5e7ea2a844bb72ac9e69855' AND file:hashes.SHA256 = '3e028086b6244035187b2847baac76b627dcfae5b10be55f1363ab5531af4d45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2d60e889-6d1e-4213-9dd1-26cad6266082", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:01.000Z", "modified": "2019-12-11T09:11:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T09:17:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a534d2d-edd2-4124-a4bc-830ec4f3d760" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3e028086b6244035187b2847baac76b627dcfae5b10be55f1363ab5531af4d45/analysis/1573982230/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3fc3563e-2bfb-4370-886d-65e448712f3f" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "25166f54-1c3e-405a-a73b-5f55972cec3c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e42db255-fa7a-4fe5-888b-bf13513a1e95", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:01.000Z", "modified": "2019-12-11T09:11:01.000Z", "pattern": "[file:hashes.MD5 = 'fccf1c44aac9c3c0cca5223a7e34a99f' AND file:hashes.SHA1 = '331e00817f9b996c700a627c5df52460ac474e1f' AND file:hashes.SHA256 = '9c0cb9e43e2fc4cbc2cb3728dbfa41d015cdfedaf4111f28726df8f36fc929d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d60cbc76-f3aa-4e86-b35a-3c42054618bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:01.000Z", "modified": "2019-12-11T09:11:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T18:29:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "161aa3b4-8490-4024-8bd4-1816c8165b64" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9c0cb9e43e2fc4cbc2cb3728dbfa41d015cdfedaf4111f28726df8f36fc929d5/analysis/1575570563/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "34b2bf56-0984-4417-a5c0-1b6aad1c0d39" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1f43f5c1-654f-4d06-9753-062508e4b5a4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4e7f5b0-cb82-4bec-9022-8acb50bde3a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:01.000Z", "modified": "2019-12-11T09:11:01.000Z", "pattern": "[file:hashes.MD5 = 'a3c39b9cc1721cbd5798ead7a285531f' AND file:hashes.SHA1 = 'a86a33d7644efd3263a71c3164471c692cb0e946' AND file:hashes.SHA256 = 'dd5279f4d1936a2875bffcdb28cc5020cf6aea41c51a7c45ac3cd16dcaa2e0a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e4818923-cb6d-4bb8-aaf6-dd22ae551267", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T06:27:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "145db302-403a-419f-ac94-779646e1b764" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dd5279f4d1936a2875bffcdb28cc5020cf6aea41c51a7c45ac3cd16dcaa2e0a7/analysis/1575095276/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "64ecc201-42ba-48fb-ad90-3243cfaf32ef" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "432cc0a5-511e-41f8-8497-5fff015351ed" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c10d988c-86e1-429c-acfe-62eba6fcdc3f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "pattern": "[file:hashes.MD5 = '1b0711bb84ef3c9c5de91e06a628f04e' AND file:hashes.SHA1 = '0fc028f5452158265cbd34b333c14ec0a772c9a9' AND file:hashes.SHA256 = '2c03ed5b6081c3fa6561c6d20c502cb4c47bb88c64f33263972b856215be982e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--694e010b-ef72-4745-8003-038028ec9c82", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:45:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "082b1a0b-9c74-400f-aebd-9d060781d5ba" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2c03ed5b6081c3fa6561c6d20c502cb4c47bb88c64f33263972b856215be982e/analysis/1574549125/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eb68f8e8-3d06-4b78-a806-6dd2e9e7b1dc" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "174395f0-0688-4752-b6fb-c3f8bd6d6346" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f0a0ea4-7de2-4468-82b0-05957a73095c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "pattern": "[file:hashes.MD5 = '56495728882d487b41f3cad1e98bb48b' AND file:hashes.SHA1 = '5f0f745027c0e3b059cfd9cc6563d0ef6498df18' AND file:hashes.SHA256 = '40668f08878740fd7eab3c521702a5504f8c5fea2b803252962927e5d50c2950']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ccd798a2-85b9-494a-96ca-92ff60d480e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:21:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93ef22de-e452-485f-90ce-252cb9419186" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/40668f08878740fd7eab3c521702a5504f8c5fea2b803252962927e5d50c2950/analysis/1574612489/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a6e83025-ccba-42d6-8167-5bfaae996cba" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "222d8394-2993-4794-85a5-566b188016e6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45848e9c-e246-4efe-ae50-99e816a1fa44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "pattern": "[file:hashes.MD5 = 'b2d0dc4d2e0a129a50f3281d2ad6fdc2' AND file:hashes.SHA1 = 'c08ca7f9c8e71944d5dc14a7987cfe97f3d46ec0' AND file:hashes.SHA256 = 'a7d52d0e385159e745d6495a4285a6e4fc96c83b775e79db98ba1fa4e46c292c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--87726c1e-2cbc-4272-b3e6-4a72c3639ad8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:02.000Z", "modified": "2019-12-11T09:11:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:20:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f1a4a2d9-3108-4c4e-971e-7e027ab29bc8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a7d52d0e385159e745d6495a4285a6e4fc96c83b775e79db98ba1fa4e46c292c/analysis/1574335231/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "934123fb-3594-4e35-85f8-379f7c06e4a6" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c12bbec4-b033-47ba-93e7-c7eeec5f8aa7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f6ce68e-1adf-467c-b9bd-3706a9f28e58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:03.000Z", "modified": "2019-12-11T09:11:03.000Z", "pattern": "[file:hashes.MD5 = 'bb46e3d28480cccb96fa7a3be4c73990' AND file:hashes.SHA1 = '22424e338f2227b352e5273f013577a8fd8a9828' AND file:hashes.SHA256 = '444a564c7466ed4b60dbf70c215067ffa99ab773b8c8c1b0a383617777bde650']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--94b20788-3705-46e4-9ab2-166139b97539", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:03.000Z", "modified": "2019-12-11T09:11:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T04:56:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "85fa1ef4-fb0e-4bd3-9140-66f05ff79432" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/444a564c7466ed4b60dbf70c215067ffa99ab773b8c8c1b0a383617777bde650/analysis/1575089782/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2c260c7b-29b0-4a93-a080-123878eba2c6" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "37dd5cfa-73a6-45f4-aee2-753087358327" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12ba9b4e-ef1d-4b74-a1f1-7755d6f100d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:03.000Z", "modified": "2019-12-11T09:11:03.000Z", "pattern": "[file:hashes.MD5 = '43099108456fd5b51349bdf4f59c1566' AND file:hashes.SHA1 = '9203ae985ce8af90ba70e1c296daea2a5b2a8015' AND file:hashes.SHA256 = '887176ece756575c44404450f80ede32fe518222cc0a45935b788128f23619e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f052f615-c2e5-45f0-9e0f-fa089034617a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:03.000Z", "modified": "2019-12-11T09:11:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T19:05:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8c245074-0dda-4a16-a9a0-9554decb0677" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/887176ece756575c44404450f80ede32fe518222cc0a45935b788128f23619e5/analysis/1573153510/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "60f36e7c-4161-48de-a056-572796a446f4" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "166f9645-8577-4102-beac-9d757069d32d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b96a2951-99bd-49a6-b34e-059d4af7a1eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:03.000Z", "modified": "2019-12-11T09:11:03.000Z", "pattern": "[file:hashes.MD5 = 'f09397388a6988b8e4041f5b0c7a7c0f' AND file:hashes.SHA1 = '90057e3932421faf6c266d511dedf3892b513b70' AND file:hashes.SHA256 = '0cbeb4d718e24f83387b5956f8ba06d54be4ff800543b6a8e29764fe64fbf8eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--69dd4883-4cc8-4c53-92d8-ac366fb4e9b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:03.000Z", "modified": "2019-12-11T09:11:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T14:45:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "902ecfde-ce37-4b7d-a692-f9a15c6b2423" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0cbeb4d718e24f83387b5956f8ba06d54be4ff800543b6a8e29764fe64fbf8eb/analysis/1573915500/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cdbed26e-b923-4b97-8526-e019a7dc2ccc" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8ea1eab-a43f-4509-8bb8-89e74fd63327" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6bc0b01-e272-4a47-a5ec-0fca029e1d9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:04.000Z", "modified": "2019-12-11T09:11:04.000Z", "pattern": "[file:hashes.MD5 = '3fedbed5e1594218edbfee94c5e0294a' AND file:hashes.SHA1 = '593971a0824a787446a529bfbdcb2836e2d28989' AND file:hashes.SHA256 = '94116b1efc4fb3208bca075dd55ba04321803bd14a5d91f8038313ed816f5560']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e524cc07-e321-4478-b1a7-155c1045b2b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:04.000Z", "modified": "2019-12-11T09:11:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T01:56:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d39d7b9-81b8-4f99-a218-b9b88e102e6c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/94116b1efc4fb3208bca075dd55ba04321803bd14a5d91f8038313ed816f5560/analysis/1575510987/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53d959df-7a38-4875-bfb8-c80e632b0f7b" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1f2f15d0-ceb7-46b0-a133-1c9e816d8a47" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--abc5a718-9535-48bd-868a-54740ddc4773", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:05.000Z", "modified": "2019-12-11T09:11:05.000Z", "pattern": "[file:hashes.MD5 = '9c1dc2ffbee0727c4af1b086d123718e' AND file:hashes.SHA1 = 'b119e6a7c1ee05a42cd379355b6656d19b43213e' AND file:hashes.SHA256 = '61f53a66eef46ebed5318e21eee3b03c91dabbd7e87e291b072b24351f47db2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--70f154df-8874-4f39-a4f8-1078e3df16bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:05.000Z", "modified": "2019-12-11T09:11:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T10:42:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae99b752-e71f-4fc9-8638-961581a1b9f6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/61f53a66eef46ebed5318e21eee3b03c91dabbd7e87e291b072b24351f47db2a/analysis/1573555345/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c9eb7e7-3943-4e2d-b9d4-6d9e3bbaa076" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81f29dec-ac97-486e-be04-f084e5ad1111" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--398657cd-cb88-41ce-b9ac-90ef2f426d6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:06.000Z", "modified": "2019-12-11T09:11:06.000Z", "pattern": "[file:hashes.MD5 = '7f0f704f145fbe64924ca3eb5b0a391d' AND file:hashes.SHA1 = '93ecf07018863c7a5ab66447a2caf5e2c9becae8' AND file:hashes.SHA256 = 'afdcc114586c5720dbecef9911e1b3b30a54cabe7912b5a8bd3d46c868d7343c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ebfe3901-8768-4d85-8970-fbb9efbd2d21", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:06.000Z", "modified": "2019-12-11T09:11:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:06:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "016a6505-302d-462f-827c-5281841fa428" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/afdcc114586c5720dbecef9911e1b3b30a54cabe7912b5a8bd3d46c868d7343c/analysis/1574780787/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c942487a-677e-4ffb-a337-78b9f22ca3bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8ae82837-90ad-428a-b8ff-2cd40c909810" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6413791e-00b5-4ffb-83d4-ffee0cd2ca0b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:06.000Z", "modified": "2019-12-11T09:11:06.000Z", "pattern": "[file:hashes.MD5 = 'a379e4dfd0d8b858e7cfead64de4f198' AND file:hashes.SHA1 = '60e502b09d23e844476efcc18e8d027fc6abfc7c' AND file:hashes.SHA256 = '815d74755a6ff3bb73d93df564abfce3e5479d942a23a6fca202c61e5c2c4d62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--da879160-458a-4dab-a126-245cf0f7a285", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:06.000Z", "modified": "2019-12-11T09:11:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T04:55:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "647274aa-ec22-4fd8-a049-6debb69c3764" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/815d74755a6ff3bb73d93df564abfce3e5479d942a23a6fca202c61e5c2c4d62/analysis/1575176148/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6de3c074-0418-4d00-9e29-986e7cfbe18a" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5395e636-7af8-46c6-8c27-1e53c8172679" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--07fc0794-5e29-44e0-9cee-faf0ee755c32", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:06.000Z", "modified": "2019-12-11T09:11:06.000Z", "pattern": "[file:hashes.MD5 = 'a047011ce78244acdf0f6f5f6e29cdbe' AND file:hashes.SHA1 = 'c1f6e1bfd5c010d6f6478447608b049f34ef34c5' AND file:hashes.SHA256 = '5c7b6ee00f7c96912e4f5391be445daf2eeb90d5f81cae7b6337b6329fe59165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b17d7848-e8ad-496f-96de-51da10e952f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:06.000Z", "modified": "2019-12-11T09:11:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:11:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c497750-5ec2-4e0e-8b14-700078a5ba6b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5c7b6ee00f7c96912e4f5391be445daf2eeb90d5f81cae7b6337b6329fe59165/analysis/1574334696/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2376d1f5-7f72-4a55-9f56-a2116201a603" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74d9a81c-14a4-4880-92e1-ad5c654e8e25" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--005be038-8a2e-4cc5-a0f0-57f5df4df5f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:07.000Z", "modified": "2019-12-11T09:11:07.000Z", "pattern": "[file:hashes.MD5 = '7b68b955ca03add2277f317f7f1ef04b' AND file:hashes.SHA1 = 'c2ddbb6fb696a6316f0767868ab09cb60fc79085' AND file:hashes.SHA256 = '5ee264316db1e2c32603a31b99a0d871d6b4d253aca53d76336aaecbf76cf6f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ab5ce77c-edac-43f9-8955-f9b70ca25c78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:08.000Z", "modified": "2019-12-11T09:11:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:07:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9e4ae5df-d621-4f3f-8fcf-ddd0ce70245f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5ee264316db1e2c32603a31b99a0d871d6b4d253aca53d76336aaecbf76cf6f7/analysis/1573873657/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ae2ab30-af8e-435f-bfde-a2f48ecc6fc2" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ba9ebe26-b4a5-4f64-b0b1-e62fe109123a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bea1130e-4cb9-42ba-be62-dc58d29271fe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:08.000Z", "modified": "2019-12-11T09:11:08.000Z", "pattern": "[file:hashes.MD5 = '902962e24fab066d292655f9c238f137' AND file:hashes.SHA1 = '46f6f227799c567f9b107ba6068c6ca72cd783ee' AND file:hashes.SHA256 = '83dd15c56492c897da410681b15890e7b760a95aae1bd6981bceed56b66124d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fb0d63a5-2ef7-41ec-891e-318ad1af405d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:08.000Z", "modified": "2019-12-11T09:11:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T03:05:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "20a623bd-1692-4254-b5be-27a34d7495af" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/83dd15c56492c897da410681b15890e7b760a95aae1bd6981bceed56b66124d8/analysis/1574823920/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "43b7144b-e0ed-40bd-a0a6-07b27c208687" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "930f085c-7f69-477b-8291-7539a6ac7bd5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c06d918-976c-4d51-9e99-8d3e37432ebf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:08.000Z", "modified": "2019-12-11T09:11:08.000Z", "pattern": "[file:hashes.MD5 = '2bb020e5ae84fe581cd9a757ef2671fb' AND file:hashes.SHA1 = 'a462685ef7e3dc2c8591c0c2a1a0d57228d6b5cf' AND file:hashes.SHA256 = 'a572358457bb15ae137df1c26dcd82345cefc50832b63417b9d57f4795534c07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ae92dd95-4a6a-4791-b9a2-859713516919", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:08.000Z", "modified": "2019-12-11T09:11:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T01:55:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5d7ac43-5656-4c3b-9837-4daf25bd1512" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a572358457bb15ae137df1c26dcd82345cefc50832b63417b9d57f4795534c07/analysis/1573782922/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "38624e00-441d-48ec-8d4d-445efbce6715" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b57ea2a1-8cf0-4d84-8af5-117ccebdea31" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0970bf3c-d0ae-495d-a9bb-8f0850d31d02", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:09.000Z", "modified": "2019-12-11T09:11:09.000Z", "pattern": "[file:hashes.MD5 = 'f713df926228b0c1cab1a9cabf50ed11' AND file:hashes.SHA1 = 'faeb51956d6f47218e5cf0ed77f52ad0dad7ad26' AND file:hashes.SHA256 = 'd6a3834a9368528d2d6d49a44f44dd4a6f25318d44af7c5072f0621a14373e75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6faf13be-b871-4263-8384-a4ea165c6dbe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:09.000Z", "modified": "2019-12-11T09:11:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T09:20:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70383a93-5cfa-411b-9d4c-0daa47a0c1bf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d6a3834a9368528d2d6d49a44f44dd4a6f25318d44af7c5072f0621a14373e75/analysis/1574068847/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "20598f04-7f4e-463c-9558-32a160ec9d72" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e7dd37d7-b277-43db-89a6-0685f0821a31" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--805c7a97-f0b2-4be5-a3a7-3d5ed004fe8a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:09.000Z", "modified": "2019-12-11T09:11:09.000Z", "pattern": "[file:hashes.MD5 = 'a1e4fd533d6d4697f295b58b64d02145' AND file:hashes.SHA1 = '81e2bfb98c8bf378e0b6396d676ca32e8e02deec' AND file:hashes.SHA256 = '430e929301f32f2eaa12f78750a26e0e358dc53211fd3780c91381beafec605d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c33d8677-d9e8-42aa-a109-9c077c74fa7b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:09.000Z", "modified": "2019-12-11T09:11:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T20:34:34", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "89e8f4ad-88ca-4074-995f-76e02d1949c1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/430e929301f32f2eaa12f78750a26e0e358dc53211fd3780c91381beafec605d/analysis/1575405274/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "82dcdde2-f3aa-4c5a-87c6-eb6a9084bf33" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "249f370b-489f-4661-8d91-335e998ff400" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d4d528c-aa9a-4678-acc9-706dc617b813", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:09.000Z", "modified": "2019-12-11T09:11:09.000Z", "pattern": "[file:hashes.MD5 = 'b9080ccf22c6d8d3c9e1681f1e5820b0' AND file:hashes.SHA1 = '8e42fa15e9b495f8a88199af4a9aa1c527ad1989' AND file:hashes.SHA256 = '6c69d1c6a51d6e5254f6ce3a1c55d91571421835033259d7052f3ac759820a18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--13daa6ca-eeb6-4793-b7f4-b240a5694a49", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:10.000Z", "modified": "2019-12-11T09:11:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T18:49:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "11e568fa-a90a-4f85-b7a8-d0c03e05e7cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6c69d1c6a51d6e5254f6ce3a1c55d91571421835033259d7052f3ac759820a18/analysis/1575312551/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf9ff0c5-8862-463a-9583-ee9620b2e7b3" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5479e8b9-5572-4e3d-ba01-bf5199b98af9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c52e2698-5238-4c6a-acd7-878cfeeb08bb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:10.000Z", "modified": "2019-12-11T09:11:10.000Z", "pattern": "[file:hashes.MD5 = '3da2b62ede687e036c9828384dc0a9a3' AND file:hashes.SHA1 = '13aacd0e5e50d4c14117c99c6544e14985dbbbcd' AND file:hashes.SHA256 = 'ec7e696dff324e9b1302069dfbd49a684d820ad0b5c79a16b305ab2478a144eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--77daaa86-1ca8-4829-848a-2ab124fbde2a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:11.000Z", "modified": "2019-12-11T09:11:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:56:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5a5a3faf-395c-438a-a3aa-95e30ec31994" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ec7e696dff324e9b1302069dfbd49a684d820ad0b5c79a16b305ab2478a144eb/analysis/1574333816/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7867c4fd-9961-4701-8035-58872e7cbee8" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b09917b6-82b6-4a7e-bb2d-7d506558f977" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53be0e4b-423b-498e-a3d4-7b7835134977", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:11.000Z", "modified": "2019-12-11T09:11:11.000Z", "pattern": "[file:hashes.MD5 = '56c21faa39a29ecc4773513b25d22bb4' AND file:hashes.SHA1 = '2af3216d655d40d51f0a5792a00641335aea24cd' AND file:hashes.SHA256 = 'fab5fa63e2e623ae86d7ba93b938b0ff6f796aa1ce57cea300570c57139db602']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--368db7b2-fd52-4253-bfd3-0e8d6b1128c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:11.000Z", "modified": "2019-12-11T09:11:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T04:25:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0368cbdb-c6a1-4bd9-b788-21662529c9c1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fab5fa63e2e623ae86d7ba93b938b0ff6f796aa1ce57cea300570c57139db602/analysis/1573705527/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bd5a3028-f646-49d4-ac8f-203d75ea0ab1" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c2abda4c-aaad-4336-be39-cdcb62cfa9d8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f78f768-d3e3-4c57-b99e-c9ca1afc0719", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:11.000Z", "modified": "2019-12-11T09:11:11.000Z", "pattern": "[file:hashes.MD5 = '4867efcca775ebc44c2b65b1cd56acb4' AND file:hashes.SHA1 = 'c928c1dec10097aff8a2775b143c011c7d674e87' AND file:hashes.SHA256 = '1e5e5820d5465402d2247e890127ee4d1e337742efe78ffafee046461483de0d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3bf6bec5-5936-463d-b7eb-72f996f0b0dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:11.000Z", "modified": "2019-12-11T09:11:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T13:04:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "527fd6ca-2ecf-4c13-8dcd-0d6a58d39fdf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1e5e5820d5465402d2247e890127ee4d1e337742efe78ffafee046461483de0d/analysis/1574082292/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5441a5fa-a408-415a-aaf5-9f739b1c63fd" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7db158c-410c-4d3c-872d-26227a7a14ec" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72f0eb8b-cd3f-4b91-865d-29034d6fa578", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "pattern": "[file:hashes.MD5 = '94fdb9e3a6486a858b619f751fc3432e' AND file:hashes.SHA1 = '89d48a2938837efefa7a18195fde2b34aecf56b4' AND file:hashes.SHA256 = 'f75316d27f864577b461e88b4797e3d00c87dfd6f729fd519353ea7cb2d06858']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c990f842-45cc-4c91-9362-7e36d9ea686d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T17:40:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "66cef81a-2b35-41cb-97d4-1cc40660795b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f75316d27f864577b461e88b4797e3d00c87dfd6f729fd519353ea7cb2d06858/analysis/1573234830/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70e0cacd-b419-4aab-a5e7-dce1f5e070de" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cde2160a-f9c4-409f-a127-4b678298be71" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b85e20d8-4cb7-4223-ae59-3ad7b984a218", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "pattern": "[file:hashes.MD5 = '4730b22e2d3b1662be1d56dd53385402' AND file:hashes.SHA1 = '4d4e55e3ee6e65b7834d5a0a41756c54c6bed35b' AND file:hashes.SHA256 = 'a20196011e8fe6929f0d565c8a080b62c4ba29874896ec08ed4af0709aa36f04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bd96673a-9739-4b1c-90a7-cf93e7983d65", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5d11919-71a0-4a3a-84fa-581537256753" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a20196011e8fe6929f0d565c8a080b62c4ba29874896ec08ed4af0709aa36f04/analysis/1573722649/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b5320d36-a5ed-4384-a39f-796631c04dc6" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "edb08ddd-7fc2-4e37-90cf-7a2ddaf1fa97" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8853e5c5-1501-4b21-8b6f-908bb944d562", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "pattern": "[file:hashes.MD5 = 'd08eeebfcb9a41672c4e68bc97826d56' AND file:hashes.SHA1 = '2942c35b1035a455b23598a7e77789b3b6aea01c' AND file:hashes.SHA256 = '710d2f297fb305a1648274801bfbab0aa21f1b67c17de9d8a930dc6cfa162f6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--90821f3b-1e17-4f71-92cd-5d7575010e48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T05:34:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3aa82a64-9ba5-4355-9b5c-4c991fd017e4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/710d2f297fb305a1648274801bfbab0aa21f1b67c17de9d8a930dc6cfa162f6c/analysis/1573536893/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ea22ff22-e89d-44a1-aebd-63746403106e" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f23c83d0-c355-4b06-b65b-94af27371dfa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--765924d0-c38b-4999-aec1-9a458db95dab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:12.000Z", "modified": "2019-12-11T09:11:12.000Z", "pattern": "[file:hashes.MD5 = '3535432d692701387833c41e5a869528' AND file:hashes.SHA1 = 'f5f23965069ecd90913cc8d07c33a28592e52313' AND file:hashes.SHA256 = 'd1bbeed4dc9881d31df1bab35c03593d874d3fcd5d8d65cf4201fdb479d42c5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8db06b60-3ee5-4c7e-abf4-89fc457b7ca9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:13.000Z", "modified": "2019-12-11T09:11:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T04:01:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3a96ea25-44a6-4766-aca9-445f5d9f7bea" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d1bbeed4dc9881d31df1bab35c03593d874d3fcd5d8d65cf4201fdb479d42c5f/analysis/1573790471/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de453401-820b-436a-8e7b-ba29a5df573b" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bfe8f22d-ca76-4597-831a-8645acd092de" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5acb8ec4-b43f-4dd4-a054-52c01028f440", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:13.000Z", "modified": "2019-12-11T09:11:13.000Z", "pattern": "[file:hashes.MD5 = '1f25abd5fb07d7b9bf5ae547da381d0e' AND file:hashes.SHA1 = '88a1da472a05256632960f1b94835d445cb9106c' AND file:hashes.SHA256 = '91f7de5bb9002d63e079bfa3998a6ee460d2d496ec412d1a19e6ad0ce416c22c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--509ca6ee-3003-4a6e-85a0-f088ee39013c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:13.000Z", "modified": "2019-12-11T09:11:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d24eaff6-2e25-49a0-b39f-3fd879dbcbc0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/91f7de5bb9002d63e079bfa3998a6ee460d2d496ec412d1a19e6ad0ce416c22c/analysis/1574062649/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6ae4f5f-82b8-41ce-8444-3ad4a04030ae" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c313039-6144-4d5a-bb83-7bde0979fb75" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eaf72681-d495-4bcc-ad7c-a28fae80cad6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:13.000Z", "modified": "2019-12-11T09:11:13.000Z", "pattern": "[file:hashes.MD5 = '32a7ac9d67c369aa9002f5f9fc5f4013' AND file:hashes.SHA1 = 'd78eb67b3cbb89ba733264e1e23f4964ec4a2261' AND file:hashes.SHA256 = '460a87ff9ac1302a2189064447c092c8388af958e14da48a85070b71f0478e60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a9fbf066-90b4-479a-b421-249d0eb7fb88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:13.000Z", "modified": "2019-12-11T09:11:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:22:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8eabfd8-afa7-406c-ac6c-cc6fdf08d625" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/460a87ff9ac1302a2189064447c092c8388af958e14da48a85070b71f0478e60/analysis/1574612541/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "33c4af83-2bff-4020-8703-1aacd8c62d3c" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9a3deb8-4d9c-4671-b62b-d101bd2d3d94" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1357b011-56bc-4256-9daa-e8e58a0bb2c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:14.000Z", "modified": "2019-12-11T09:11:14.000Z", "pattern": "[file:hashes.MD5 = '3cebe4b8b28be2721057d0e49b3f8635' AND file:hashes.SHA1 = 'b0eecc0491424eb6ac884e1dde9455cba11a6280' AND file:hashes.SHA256 = '218cdf63771e1d0481456f26bf130b71cd22c578631e2c2759e940b854bd54b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b6d9408e-2eb1-4a92-b402-a87daf6b32c3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:14.000Z", "modified": "2019-12-11T09:11:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-10T18:04:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9e3d0f83-3081-49c7-af86-fff55571016f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/218cdf63771e1d0481456f26bf130b71cd22c578631e2c2759e940b854bd54b9/analysis/1576001045/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ea54858-69a3-4e84-b787-81565b6aadf8" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e066cace-54ec-4f02-a7ea-f51f907974e4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63103b77-e89d-4f87-a9eb-4bc77fc2848d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:14.000Z", "modified": "2019-12-11T09:11:14.000Z", "pattern": "[file:hashes.MD5 = '39c89ec1cc3ae390f8dfcfd002d372ee' AND file:hashes.SHA1 = '7d1ad3f29b4ee8ee35e28d2247a747093c8dbf59' AND file:hashes.SHA256 = '9a5986bfc4ae1e3436813670e1ce3924cbd950aae3045c965295fb33853d1232']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--05b819fd-e576-4d36-a984-73b763610cd3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:14.000Z", "modified": "2019-12-11T09:11:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ff0a72c-9496-4253-8ad3-2c4fb3f46d96" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9a5986bfc4ae1e3436813670e1ce3924cbd950aae3045c965295fb33853d1232/analysis/1573722648/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f5a83aa-2302-4ed9-b55a-e63866ee1edf" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "84151c2a-ea39-4520-bb46-db0390d2f4fc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89debb59-6a70-4aba-97b5-f77df678a97b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:15.000Z", "modified": "2019-12-11T09:11:15.000Z", "pattern": "[file:hashes.MD5 = 'fac9beb46c0ee1b0c2d87eae378526fd' AND file:hashes.SHA1 = '55f6f1bdc109631236797ca629d49299f1144109' AND file:hashes.SHA256 = '5c87e2f8867987ff3a194f428f8cf0f190015e586ab269b52a309ea088c4107b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ad5d9831-f2ea-48e5-a022-dab7337f9f49", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:16.000Z", "modified": "2019-12-11T09:11:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:41:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aea1c54e-2fe4-47cf-8f09-b9bedaa30703" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5c87e2f8867987ff3a194f428f8cf0f190015e586ab269b52a309ea088c4107b/analysis/1573468875/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd20fa01-de2c-48bc-89b5-bbe6eac6aa23" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d497e11-d8ae-4a51-a659-9a0292989312" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e20c0aa3-0cf4-419b-baef-4d2d30a38f23", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:16.000Z", "modified": "2019-12-11T09:11:16.000Z", "pattern": "[file:hashes.MD5 = '622e870c23e3e6a0d292401e69f7dbcc' AND file:hashes.SHA1 = 'af6acf348806197b7828e21382f35a9d62506394' AND file:hashes.SHA256 = 'e0be60f48d6e3e9517be583678b1b4760e021bf77a6502782c66b2581c044b1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1d4e08cd-ae5c-4f22-9f30-44f4fc820458", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:16.000Z", "modified": "2019-12-11T09:11:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:35:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "099744cd-7f82-4790-98b9-6ad0c3ee99f1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e0be60f48d6e3e9517be583678b1b4760e021bf77a6502782c66b2581c044b1b/analysis/1574782558/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b3927642-9324-4dd9-a898-a12a20f973cf" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "756b6043-09c8-43d9-89d0-b7f2fc158ce1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68c04910-f986-4c23-9521-62f771f9ebe2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "pattern": "[file:hashes.MD5 = 'b36932fbcaa65f6a4b40194f984d3881' AND file:hashes.SHA1 = '69363d2139a5feb21413ba4a45f09c836bd0994b' AND file:hashes.SHA256 = '2dc1d4732a00142eabecb7d91bef13580620210e8376114dbe5d4ae1e67a1052']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ecb65e70-f259-4ecd-9423-946c1b5648d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T20:33:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c25f8d49-8c5f-4713-880c-24eda3303b77" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2dc1d4732a00142eabecb7d91bef13580620210e8376114dbe5d4ae1e67a1052/analysis/1572986012/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a8674dfa-3098-4c8d-a8c3-58b35bc7fa6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a017650e-ba25-4c50-87f6-c5ab17c6982c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98c067a4-1ab0-4b27-8776-b278725b50be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "pattern": "[file:hashes.MD5 = 'b5757094da00277585a1cec55fdfb9f5' AND file:hashes.SHA1 = '7ccc911af61de3609c25acb7fe8bfda33ca0a61f' AND file:hashes.SHA256 = 'f5d15646962641710bd0af8169423b16cac279d6b78af0bc7f6f720d7c30ec01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a2680e73-6889-45e4-a65d-a298f11c2d17", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T10:53:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f12be0df-2241-4df1-82cb-c563792b61c0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f5d15646962641710bd0af8169423b16cac279d6b78af0bc7f6f720d7c30ec01/analysis/1575024824/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cac9dde9-528d-49b4-8ed0-91c7acbcf825" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3a9dfe5-e135-4c3d-adb3-ed3a0d1ece72" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec9966dc-77de-4518-8609-95eff444388d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "pattern": "[file:hashes.MD5 = '39518cde140e696647c84b8c5f68f6ac' AND file:hashes.SHA1 = 'e20d4e9de7b947730d32eed24fbc40faf766efe8' AND file:hashes.SHA256 = '957f3631844a1981e02551916a6e3ac788aa468cc30130f0da01166a02588268']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--795a1fdf-49e1-4e50-a85f-3a4176494389", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:42:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a2e9fa6-bbad-4b7b-820f-23a90719a628" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/957f3631844a1981e02551916a6e3ac788aa468cc30130f0da01166a02588268/analysis/1574332942/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7a54619-8c02-44eb-af68-ddb559b061cc" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be06c626-cdf7-4c62-a9eb-f4fdf4af000d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa646c42-4280-46b4-9cf0-4aca39a04070", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:17.000Z", "modified": "2019-12-11T09:11:17.000Z", "pattern": "[file:hashes.MD5 = '9718ecc3bb67bc1e9c5ccfcf356ce646' AND file:hashes.SHA1 = 'b45b105c430ab61df5e39392e0d9197d98cddcb0' AND file:hashes.SHA256 = '28f108aae9808c8751112e789f8987902d57a51f283f8cac6c4f8ec333ebc168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bfdc67ce-6583-447f-8e13-7569e81ea7e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:18.000Z", "modified": "2019-12-11T09:11:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:10:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "410070af-09ba-4f35-8e5b-8ee6526725e7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/28f108aae9808c8751112e789f8987902d57a51f283f8cac6c4f8ec333ebc168/analysis/1574547036/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e0b03f51-11a2-4e4f-abf9-1201226a0147" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "137585a0-4d23-44d4-90dd-088deb24f129" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e75026c9-90fc-4278-93b3-ec2f98892005", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:18.000Z", "modified": "2019-12-11T09:11:18.000Z", "pattern": "[file:hashes.MD5 = '4ddeacde4dac94f233b47b669a9e71e1' AND file:hashes.SHA1 = 'ff51adbd948517062b78660da8ecf0268291f0f6' AND file:hashes.SHA256 = '1b39f0dd28bf86f78bb8e9727c43aea0ebef4a229b9d696f490eb0aa3b43e06c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a7cde723-daa2-469b-9dec-4ab357ab0656", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:19.000Z", "modified": "2019-12-11T09:11:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T10:43:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "86121d6a-94da-49a9-af24-3626adb84d56" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1b39f0dd28bf86f78bb8e9727c43aea0ebef4a229b9d696f490eb0aa3b43e06c/analysis/1573555408/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bbe48f16-1750-4ea2-8b74-dbfab351d40b" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9592e40-ed92-4e6a-9aab-eaa42af578c4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b1f82c4-364b-4993-b254-be89999295c3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:19.000Z", "modified": "2019-12-11T09:11:19.000Z", "pattern": "[file:hashes.MD5 = '6f733dcc673501307e9030d0d20f1b82' AND file:hashes.SHA1 = '3941a384a7ec67854e65ed32787200f7c68918f4' AND file:hashes.SHA256 = '8577330adc83aac74476e9f3a70103a2ce7bc2a57d87032a8f5443b4d4f18517']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b9e9b270-e201-48d8-959d-c53b47510fb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:19.000Z", "modified": "2019-12-11T09:11:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:47:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0861a013-5a0d-40a6-900d-22ee3fe2b6c5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8577330adc83aac74476e9f3a70103a2ce7bc2a57d87032a8f5443b4d4f18517/analysis/1574333256/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ff8b31d4-ef53-4cd0-88b6-9f8851feb244" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "702572b0-0407-4276-b6fb-a0ee53b44b55" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b58e3ceb-0d5c-436d-9d6e-98c592d75ee7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:19.000Z", "modified": "2019-12-11T09:11:19.000Z", "pattern": "[file:hashes.MD5 = '53b05ce36d48f486f4d0929f0cae30f3' AND file:hashes.SHA1 = '497f581b6d3bc6015fb463e7dd93275fdc1e9c44' AND file:hashes.SHA256 = 'cf32204e546d98b585d28b0fbdb8b13f845e7ef8f5d819f6fa7517a98e9b552e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ae22c98a-7e4c-4576-bad3-daae1a313c19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:19.000Z", "modified": "2019-12-11T09:11:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T17:30:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e234e86-e70b-4ca3-aa75-5bbd6df5237a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cf32204e546d98b585d28b0fbdb8b13f845e7ef8f5d819f6fa7517a98e9b552e/analysis/1573752613/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "534b4907-c11e-4695-b77c-604a50251c56" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "66d61883-a1d2-4dad-92a7-3cdca2887a5c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4ab5c2a-0f29-49ed-8101-f53735fd9327", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:20.000Z", "modified": "2019-12-11T09:11:20.000Z", "pattern": "[file:hashes.MD5 = 'b2b2894733b62357d8400ced79fe6447' AND file:hashes.SHA1 = 'a5b05aaf3246b6f9a6463a2c9ca969be2abc564d' AND file:hashes.SHA256 = 'beab3e5de052dd4686e48fb37b756e648a261b264d6cba66c265ef8a1ea9239f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--841a3d54-f045-4cd9-b58f-0bde95db27e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:20.000Z", "modified": "2019-12-11T09:11:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T17:21:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "20b76f7b-511a-4e39-abb6-5431bc7f9136" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/beab3e5de052dd4686e48fb37b756e648a261b264d6cba66c265ef8a1ea9239f/analysis/1573492888/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc692d09-29f6-4793-8657-55b3fd33a315" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9a3a93a-7d91-4e55-bb5a-4b65b20e0f42" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d2c8766-dca7-489f-9550-73fe0f885d1e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:20.000Z", "modified": "2019-12-11T09:11:20.000Z", "pattern": "[file:hashes.MD5 = '0d8427b7ad10f95539c259eb1e00c414' AND file:hashes.SHA1 = 'ab3920838f6c617fb64e1cdbc6a9085e1fac32b6' AND file:hashes.SHA256 = '2610797b258f6fbc974c389f2c76ae291197753f8f67ad74eccbfcc064760279']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2bc88896-973b-4215-8f4e-11ae835bfdf2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:20.000Z", "modified": "2019-12-11T09:11:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T09:47:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f4cbd23e-b4a4-4f45-a5c4-8a32e9f185a7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2610797b258f6fbc974c389f2c76ae291197753f8f67ad74eccbfcc064760279/analysis/1573379267/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0512dc72-02c0-49cd-904d-1282dbedce00" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5979f229-09c6-49fa-9170-4532ea55acdd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0b27747-705c-4d72-9e95-f231e6b93f53", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:20.000Z", "modified": "2019-12-11T09:11:20.000Z", "pattern": "[file:hashes.MD5 = '3d2576d106fcecb1117ab0a2dd02c1a7' AND file:hashes.SHA1 = 'f15d00d4a3ef278b43df8d296293ce9dee9cd365' AND file:hashes.SHA256 = '131cdc02a4abf3ac05609389d1f1391fbe2340831ee105b80ecd88877dc83d1d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--628f43d4-9f52-4a66-84d2-6dbfdfe969c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:20.000Z", "modified": "2019-12-11T09:11:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T13:44:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2726f2cd-a826-4832-9700-4fc798b96c42" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/131cdc02a4abf3ac05609389d1f1391fbe2340831ee105b80ecd88877dc83d1d/analysis/1572961464/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c3260553-946b-49a6-9621-a6b9cd62aeee" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2203e8d1-dd76-4791-a1c6-4713d61f1048" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a376444-9c79-42d9-928a-25dd1a1afa29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:21.000Z", "modified": "2019-12-11T09:11:21.000Z", "pattern": "[file:hashes.MD5 = 'd40f4dadeb706ba978c73cc44cef76ed' AND file:hashes.SHA1 = '669cc0f8d697db54032b122b791b8a8fe5bd7287' AND file:hashes.SHA256 = '65fc3e576108db04a432776c0806fbee72f388ef18334069f99708032bc53c3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d3c2b24c-f847-4414-85c2-e71fecb4d9af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:21.000Z", "modified": "2019-12-11T09:11:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:52:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "462b3b65-3d78-487b-82a1-ad78515d8853" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/65fc3e576108db04a432776c0806fbee72f388ef18334069f99708032bc53c3e/analysis/1573894363/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a0054b01-552b-48dc-a081-73e722dda089" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e4122d3c-ead2-4626-86c2-53a44d19ebb4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6195996f-6bdc-4e2b-bf9d-202df3c89f50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:21.000Z", "modified": "2019-12-11T09:11:21.000Z", "pattern": "[file:hashes.MD5 = '5cb4bee1fbac557846018a68ceb0ab6e' AND file:hashes.SHA1 = '1311612f15b815a1bd88d65ddc8e2632762ed599' AND file:hashes.SHA256 = 'c204d91f556a9102c196cc649289e4cf68db2a31c17b28f5c3b3b70ab65f0431']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e1983e63-f280-4191-8fca-6fa561bc028e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:21.000Z", "modified": "2019-12-11T09:11:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:51:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "54ad7a78-0bc4-4e02-b646-5a13bfd69f89" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c204d91f556a9102c196cc649289e4cf68db2a31c17b28f5c3b3b70ab65f0431/analysis/1574549477/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8b35fb75-ed0a-4a36-aa2f-e7771d5966b1" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c380b6f-d68c-4b59-971c-cfad2806f8b2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9ab032a-2aaa-4363-8145-5daa9a819b0a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:22.000Z", "modified": "2019-12-11T09:11:22.000Z", "pattern": "[file:hashes.MD5 = '18c220807607df6b7f9f8bd7379e6a50' AND file:hashes.SHA1 = '79e8ab5463dc9188f15f642896bb5b52d666b208' AND file:hashes.SHA256 = '3fd07c1d65ed0ad52a78f5a128a1fcbb83472896c1d61037137f95ac09cb5b53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--81933a57-b24d-4a30-817f-22ba642fd14c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:22.000Z", "modified": "2019-12-11T09:11:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:54:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4ba88480-cd8a-4b14-b73b-3ff38afd2a75" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3fd07c1d65ed0ad52a78f5a128a1fcbb83472896c1d61037137f95ac09cb5b53/analysis/1573894445/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6ca6784-68aa-4181-8404-4ea028c6368b" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c973f78e-2e7b-49f9-9c44-dbd0bdde9fa2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9218748e-8966-484b-aa99-5803ed53ec7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:22.000Z", "modified": "2019-12-11T09:11:22.000Z", "pattern": "[file:hashes.MD5 = 'c17dfea4df74ebd707e1b99d84c28a47' AND file:hashes.SHA1 = '8fcbdf544549d9e2c8783ea3fe717b98de16114f' AND file:hashes.SHA256 = 'cd42c483e127c30442eebd5a7143d25276d06340fc24a4324ce6fa39da7120b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3ad4d357-5277-4598-9d15-a362ab9519b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:22.000Z", "modified": "2019-12-11T09:11:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T13:11:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5aafd139-98aa-4d7a-9ad8-4e7679564dcc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cd42c483e127c30442eebd5a7143d25276d06340fc24a4324ce6fa39da7120b5/analysis/1575033084/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9dc842f-66f1-400d-8275-2f26383ac8f7" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eac2ce63-cc9f-479b-be64-8357484601bf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8eef2549-360b-4985-889d-209f5ca535d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:22.000Z", "modified": "2019-12-11T09:11:22.000Z", "pattern": "[file:hashes.MD5 = '87b69ad5b2cd89b704ed74c50ab3887b' AND file:hashes.SHA1 = '30ff66044c4f9ba287b3fe2d6ee4a90bcebe7198' AND file:hashes.SHA256 = '0a3a8e203c017695546bcb0fa764721f61d7a5a2c2c0d2ff7c2edc18f7fcb2bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--30ee7c44-f887-4b02-991c-a000534e6030", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:23.000Z", "modified": "2019-12-11T09:11:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:57:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f40215f5-1f76-400f-b834-276d8c52f8c6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0a3a8e203c017695546bcb0fa764721f61d7a5a2c2c0d2ff7c2edc18f7fcb2bb/analysis/1573725447/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6603d66d-a9f2-43bd-9b48-f923ebd5baf5" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a080d0b5-de8c-46f2-a1b8-9a2d84a53441" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c4ea6dd-24d5-46bf-beef-7dd6bd35499f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:23.000Z", "modified": "2019-12-11T09:11:23.000Z", "pattern": "[file:hashes.MD5 = '0c0877294bd2a9e6752b82c145ff294b' AND file:hashes.SHA1 = '9fb7c4f4625a61ae4b4c5617ea6554a27887f851' AND file:hashes.SHA256 = 'b2df333204745a0780d5253a4e0a25f3f6fda445ac38f916b42e8b8498302058']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2cdf5f0d-47bd-4ae2-9c5c-da56b2e77f58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:23.000Z", "modified": "2019-12-11T09:11:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T16:46:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb6bf9b3-1af0-4dc0-8087-82f7316ffbb8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b2df333204745a0780d5253a4e0a25f3f6fda445ac38f916b42e8b8498302058/analysis/1572886012/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "106eb845-6f8c-4f93-9257-f4cc653ed89f" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8f2adcb8-e272-4f46-aab0-98f99287f749" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ed61707-31ce-4559-a85b-f177c85d687a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:23.000Z", "modified": "2019-12-11T09:11:23.000Z", "pattern": "[file:hashes.MD5 = '82604674b20a5804bedb26bca0408563' AND file:hashes.SHA1 = '3e017c6c7f95a60919add249e1c865d9e2ed2cdd' AND file:hashes.SHA256 = '45664849ec2256bcc959b68c06d959e9e0571e4b98f29462b1ee5459a05ba03c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c65bed31-f64f-47b3-ad8b-9a641ab6b7b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:23.000Z", "modified": "2019-12-11T09:11:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:11:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9bb5cbd8-628d-4963-a0a6-2b6581c9477e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/45664849ec2256bcc959b68c06d959e9e0571e4b98f29462b1ee5459a05ba03c/analysis/1574331088/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c28340e7-b87c-41ad-9334-59612e55a72e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e247b75c-3c9f-410e-846e-6a0759091d98" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62f71c3d-8724-4888-b634-a7d3752695ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:23.000Z", "modified": "2019-12-11T09:11:23.000Z", "pattern": "[file:hashes.MD5 = '3b0398f5c8d1461c964dce6fc8cc3bca' AND file:hashes.SHA1 = 'f1714074d832321c10fa674129195ee04b1f23b5' AND file:hashes.SHA256 = 'e8d6740005d7459b7119b660a95661a6889855b3f697ad063a06731cb6423036']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a4fed9f6-2f64-4b0f-8511-3705a306a1ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:24.000Z", "modified": "2019-12-11T09:11:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:34:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "55ed29b8-b86c-4505-b271-8686cc1d9914" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e8d6740005d7459b7119b660a95661a6889855b3f697ad063a06731cb6423036/analysis/1574332462/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ef7e710-8633-46f0-857d-c0de35fd4812" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9aeb8cd5-e5bf-4fae-abeb-d270f92c7ac7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4070ec2-5078-4852-9dfa-e67a2649d36b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:24.000Z", "modified": "2019-12-11T09:11:24.000Z", "pattern": "[file:hashes.MD5 = 'ffb7dce5694e8ba31b100ce7910df8a7' AND file:hashes.SHA1 = '1a3a36f612784bc8737ec95a8c9acb2cca4639fb' AND file:hashes.SHA256 = 'f74ea44f76af2e9c80dc50ef39c99b802f1accb0d94258d5595e6805999137bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--821c8d27-03d7-4cd9-a184-166decec2856", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:30.000Z", "modified": "2019-12-11T09:11:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:55:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b55d9a61-a553-4182-9fe2-56cc4f05554c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f74ea44f76af2e9c80dc50ef39c99b802f1accb0d94258d5595e6805999137bf/analysis/1573980938/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6824d647-beb6-4ec5-b4ce-467163dfc22b" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2e8dca6c-6d96-43eb-bbad-66647d63a4ef" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d349a739-f27d-4dcf-bae7-d67012620f33", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:36.000Z", "modified": "2019-12-11T09:11:36.000Z", "pattern": "[file:hashes.MD5 = '89bb9987d40b77d6bd435295eb83f1d2' AND file:hashes.SHA1 = 'c956dcc5bbf3583f1bd4cba5525ef35f8dffc489' AND file:hashes.SHA256 = '1658cf5e21efd05d7111da50b954a0bfa0818e983e12935eb78d0b1df251edb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c1d50dcb-b695-48fe-a49a-7cff10f11589", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:37.000Z", "modified": "2019-12-11T09:11:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:00:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a815081a-6572-49a6-a858-ce1c4ccd530b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1658cf5e21efd05d7111da50b954a0bfa0818e983e12935eb78d0b1df251edb4/analysis/1573466447/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8152023-1b0c-4941-9e9a-e24e18788a93" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6837b826-3378-4d71-9bc8-edfdbbe653d0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--caee4aba-0102-48b5-ad8a-1287cb213030", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:37.000Z", "modified": "2019-12-11T09:11:37.000Z", "pattern": "[file:hashes.MD5 = '63e3ca5bf87789f5c4a6397ca9e4f6b7' AND file:hashes.SHA1 = '16ccb7d2cb039f44d156b603e554b896b1230358' AND file:hashes.SHA256 = 'ff1a7c25bf00f8e001176b6b0301cc8ba7e87d06b4f01bef90235e7069a1b30d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--abcc5d71-abb4-4dee-b1e8-ca6001c3758b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:37.000Z", "modified": "2019-12-11T09:11:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T01:21:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9eef82d-2146-4556-982f-016bccda4e6f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ff1a7c25bf00f8e001176b6b0301cc8ba7e87d06b4f01bef90235e7069a1b30d/analysis/1574904077/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b1eaa5d2-59b7-4a15-90e7-a9f82078c002" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "59a6f4e8-1d6b-4714-811b-3b749ebb65fc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9117ae19-7708-4000-9533-a0c6d3138ea1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:37.000Z", "modified": "2019-12-11T09:11:37.000Z", "pattern": "[file:hashes.MD5 = 'd0e7f615d58252df9077e77003866db7' AND file:hashes.SHA1 = '20573b057e492b859e360505ea3ddccf4e1f8fb4' AND file:hashes.SHA256 = 'f0d329b6cbf7ed9b0e744a499f0fe79f37919ffa9447783efb7ae2db1979490d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--35aa4f54-4b30-4128-8575-214523fc7d11", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:37.000Z", "modified": "2019-12-11T09:11:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:46:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3bd0f268-9847-44c9-b2e2-2a9316fb364c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f0d329b6cbf7ed9b0e744a499f0fe79f37919ffa9447783efb7ae2db1979490d/analysis/1573893975/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8dbbcfd4-2b74-4ebb-85f8-2c820c1d02b9" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e89e542f-9e72-4528-8bd4-116e4d410820" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3134b067-1d49-4a98-87b1-aa6e600338ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "pattern": "[file:hashes.MD5 = '6bf1e9ebd00a81ca5a4d2bc1aeadca3b' AND file:hashes.SHA1 = 'ebef0d6fe4c8f39925f96459306ca06a8a59eb35' AND file:hashes.SHA256 = '145afca358d19ee27d94bee9b6c3196311490d402386c00684219a0793336729']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3620e830-e0ff-40b4-94e7-92e149c6e981", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T21:24:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ea0190a9-0a65-4456-9532-f9b3cad925df" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/145afca358d19ee27d94bee9b6c3196311490d402386c00684219a0793336729/analysis/1575408269/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f2c684f-88bb-4eef-93bb-7488fbb99ad0" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1e279d0-9bb8-4a0e-94f1-0867ba1b17de" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d0241be-d6f3-4c08-85ed-ee43dac5847b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "pattern": "[file:hashes.MD5 = '757c994d5c7e6659b32fbbb69cb1b445' AND file:hashes.SHA1 = '3467131d0776f845df256651a92af1d894f6e31c' AND file:hashes.SHA256 = '39ef98994ddcc60068efe32bcf1b8655feefbcd0c9725124ca0d0ad0ee19cc5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--444a0e7b-76d5-4530-91c0-0dfc79237131", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:27:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5449d73e-eb4f-4b4a-9bb7-00e6e682d2ab" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/39ef98994ddcc60068efe32bcf1b8655feefbcd0c9725124ca0d0ad0ee19cc5a/analysis/1575178050/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bcd4316f-70f4-42ad-8c18-af857bf33487" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d02b922-4279-489c-bcdf-6e0f9c008ffc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7761bf51-5f5e-4aaa-be9d-bb35c740f714", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "pattern": "[file:hashes.MD5 = '7c46e3dedb2c2e7a0eb3b4418f5f25b4' AND file:hashes.SHA1 = '094946a6f9fea3358ac19c9a0af2210a56a4ba62' AND file:hashes.SHA256 = '9914f24595ad8463f4df3a24fb549da701d39cb4d1ee027ca50e794ef24ef58a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e6f2bff0-8edc-40b2-97e0-1ee80576493e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:57:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e4a4593f-46ea-4142-954a-fedb1513f85d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9914f24595ad8463f4df3a24fb549da701d39cb4d1ee027ca50e794ef24ef58a/analysis/1574251030/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cffb4bba-362e-4b7b-babc-4f23ef1f2abe" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "521053f8-f0ca-43b9-b9f3-da7fd4960be6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4457b0e9-bef0-48ad-aa21-f7ba7c652f75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:38.000Z", "modified": "2019-12-11T09:11:38.000Z", "pattern": "[file:hashes.MD5 = '2e74e5fec4d2c298c77f9a09a931b1d6' AND file:hashes.SHA1 = '299512702906e778791ab10cbd0fc3f2b529f4d1' AND file:hashes.SHA256 = '8defe8f8adf49bce8b4ca4af8a3b89d717b6499445239ff1a77b00529ca05455']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a3d4fc30-7761-4e42-bc4f-b8e1acc63987", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:39.000Z", "modified": "2019-12-11T09:11:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T22:48:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bc659c6c-444d-4635-8d6f-3d8d5b5793da" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8defe8f8adf49bce8b4ca4af8a3b89d717b6499445239ff1a77b00529ca05455/analysis/1574981282/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3a586906-bc23-4dda-b32b-f876587b204a" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "267fbac3-0da9-4325-bc6c-729bb2c235ff" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1dd87091-752e-42f5-b428-f51736b257ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:39.000Z", "modified": "2019-12-11T09:11:39.000Z", "pattern": "[file:hashes.MD5 = '0f788319be58b57d84259c1d2cec2f64' AND file:hashes.SHA1 = '6ba93e6764be453ebea0d731db2a44da0dbfe5a9' AND file:hashes.SHA256 = '9a984474b1600dbbd1078648f66a9d8a82f3c0b97c5b278762f24e3b6346e210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3b199135-e920-4a9d-981f-54b70738f142", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:39.000Z", "modified": "2019-12-11T09:11:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:24:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e72bef4e-ff7c-4eee-8c84-44f10e8f80bb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9a984474b1600dbbd1078648f66a9d8a82f3c0b97c5b278762f24e3b6346e210/analysis/1574547852/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8af43059-ab38-420d-b9d1-8660999603c3" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "243b53e7-0e97-4410-a00f-8ba79a372078" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b6aab10-96a0-49e2-a255-acfded4a9373", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:39.000Z", "modified": "2019-12-11T09:11:39.000Z", "pattern": "[file:hashes.MD5 = '43f8c48008d4cd8b64866d4232023570' AND file:hashes.SHA1 = 'a7e660578823aa258b66962c98ac0d646f0609e2' AND file:hashes.SHA256 = 'e359a5f605e68745f421fd4cbe5c8c00c7ee33b3f0a99772a89ed0057503a134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c3f6466-8b63-42db-a888-83e5094a5c96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:52.000Z", "modified": "2019-12-11T09:11:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T01:03:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d53c11a2-2020-4817-ba9c-fd8067054ac7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e359a5f605e68745f421fd4cbe5c8c00c7ee33b3f0a99772a89ed0057503a134/analysis/1573779824/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ef4f3fe5-d89f-47ef-96d1-f9095ae8c5ff" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e4445b21-277c-4cb5-8a13-880dab63070c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--78b8ffef-e689-4c3b-b1d5-36ffc621736e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:52.000Z", "modified": "2019-12-11T09:11:52.000Z", "pattern": "[file:hashes.MD5 = '43dac150b064a899b89dac150b53ab53' AND file:hashes.SHA1 = '2dc87d54ce2d14fff28040aa46262e6e8fb9303d' AND file:hashes.SHA256 = '09941d4f793f4ec9f214aa2e27be77d43e775adfd8288646f58157744cde5c5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5953cb1f-a9a3-48f6-b7cb-b3c7b2085357", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:52.000Z", "modified": "2019-12-11T09:11:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T02:23:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f0866ca9-84b5-4a62-adfd-5ab90ff806cd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09941d4f793f4ec9f214aa2e27be77d43e775adfd8288646f58157744cde5c5f/analysis/1573957391/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4e09dccb-fa2c-4480-b1b9-c5eac5dedbee" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e6611d7-5214-4fc5-b6cb-7ec2b0917916" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ab5c507-07a3-4754-ac60-f56a90a07a59", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:52.000Z", "modified": "2019-12-11T09:11:52.000Z", "pattern": "[file:hashes.MD5 = '960e3a61d686e1373d13f7b0b11ae047' AND file:hashes.SHA1 = '3e130a5a4c1800156a7a2ab3bbebbc7c678077b7' AND file:hashes.SHA256 = '9191189f3c8d3ef2f451ed086ce3520b25aab1b81c5d5c965c11fc81876c9ca0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--10ce3811-2d64-48d3-866e-21b2f38196fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:52.000Z", "modified": "2019-12-11T09:11:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T11:55:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5db01dca-2803-4fea-ab32-72650e20cc14" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9191189f3c8d3ef2f451ed086ce3520b25aab1b81c5d5c965c11fc81876c9ca0/analysis/1575546900/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c7073bb-0a80-4a26-8b10-b2330d06df10" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9d27537-56e3-434f-8aa1-fe7248d7ae2c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--565e58b9-37d3-42f9-981f-94b5a196ff67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:11:52.000Z", "modified": "2019-12-11T09:11:52.000Z", "pattern": "[file:hashes.MD5 = 'e8135f5c60d591fdccda2a2de14ab289' AND file:hashes.SHA1 = '067e5301d80537865580c8d7322e05efb00b3624' AND file:hashes.SHA256 = '0b0f8310ce0800bf70fcb4b4d365066ca4080d2028a16db72b13e0682bf8f754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:11:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ce46afa0-ea40-43bc-ac74-fe77697eb8b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:04.000Z", "modified": "2019-12-11T09:12:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-09T03:45:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1cb983bc-aad6-4114-85e7-30a7219a3566" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0b0f8310ce0800bf70fcb4b4d365066ca4080d2028a16db72b13e0682bf8f754/analysis/1575863127/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9b475cef-1d88-480f-bd80-561acecf5cd8" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d05879b-a3cf-4c08-99fa-96a03c79647a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53fbeb11-1c73-4a07-8ce3-4d100c4d9e06", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:05.000Z", "modified": "2019-12-11T09:12:05.000Z", "pattern": "[file:hashes.MD5 = '98a889efa62ea334fd1c671b51bd8613' AND file:hashes.SHA1 = 'd3db4f0014d07495a3b783acec24e28529a9a676' AND file:hashes.SHA256 = 'a81e7d7911fca8d0b8a9f74edf81555483bcc111029c53383a72fb3c1a7cdb4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b3a0d1e1-4d1f-4f6e-b160-f5ef4c73d24c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:05.000Z", "modified": "2019-12-11T09:12:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:27:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "536af734-1b28-4f76-a7ae-f3f76c195025" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a81e7d7911fca8d0b8a9f74edf81555483bcc111029c53383a72fb3c1a7cdb4b/analysis/1573896479/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "004b1d01-8c9d-4a97-8fc9-f52d23ebb193" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8acea753-1baa-4b41-90f4-15293e92c00f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--892f24c1-e6e8-4898-b3d8-dd58f03d9aee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:05.000Z", "modified": "2019-12-11T09:12:05.000Z", "pattern": "[file:hashes.MD5 = 'f70ee3803e681fad562baa8190d104d2' AND file:hashes.SHA1 = '48496e7bd96f5bdb29852e2bb99eb3b86a02fae5' AND file:hashes.SHA256 = '4a38aea6d52d72b4969f43d948ddf29a2d3576db9b3e288aeafaee4532a3293c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--50404a55-6518-4320-b02f-277a8f95d517", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:05.000Z", "modified": "2019-12-11T09:12:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-19T01:54:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1b911040-bdd5-4749-a340-1e86dc336a5a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4a38aea6d52d72b4969f43d948ddf29a2d3576db9b3e288aeafaee4532a3293c/analysis/1574128495/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dbfa7a73-ae00-46a4-922a-1efdc531d7d9" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be3ee85d-4991-44a3-bca3-4a5c9ec45d85" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7f7a218-00fa-47cb-9d48-8f41aed63824", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "pattern": "[file:hashes.MD5 = '2e209097c6412daeb385050ba5de84c6' AND file:hashes.SHA1 = 'b06e4201cf61c995e361b8e69754902208fc494c' AND file:hashes.SHA256 = '4b6c68077d8cd37814b678f2a04d997fe3339008e9750b8cab619360a2ab1b96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29b2b7cb-981f-44b6-a0f1-b0ac00824eaf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "655f6e91-056f-4dcd-ba0e-dc43a1034f90" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4b6c68077d8cd37814b678f2a04d997fe3339008e9750b8cab619360a2ab1b96/analysis/1574936813/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eecb26b8-a2a3-4f90-8ed6-6cb3082e7624" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "267de944-1a4d-4ab7-bbfb-b87ac6e49ef4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2d6b87e-b30a-4bed-a8fa-690cd8dd7b34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "pattern": "[file:hashes.MD5 = '262877056b1fe5f36bc81f7ae24bde8f' AND file:hashes.SHA1 = 'ac3433ac38c2e974a926ccfe6f024fb313021fe5' AND file:hashes.SHA256 = '636e19b738793a5338e5b90085d1ace86b9d790508de18c69b3567e1bd8ed5c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ec2ed37a-6456-43db-b5e5-4a0e947d4e91", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T02:57:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ee21845e-a0ed-4cf0-b923-4b4f51cbad67" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/636e19b738793a5338e5b90085d1ace86b9d790508de18c69b3567e1bd8ed5c7/analysis/1573873049/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c6428bce-d3c9-472e-897a-440bfe095e8b" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bfc00b8b-4465-4f67-a9b4-5b83e44f7967" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--540eccfd-055a-4638-8fe1-996e4bd798bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "pattern": "[file:hashes.MD5 = '848fb4fa4fcdf681b353d591050b754b' AND file:hashes.SHA1 = 'e6e65b36535f6c387571c3c53be6978c0d83fc74' AND file:hashes.SHA256 = 'dbf1565a95a2485ff3448bc994277768df704e8c37c553e64d5b59b82074cbee']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5ed81b52-cb94-4d23-90ff-924997e5ee31", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T05:58:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c5db7e10-b14d-4489-8b30-e17492fb9ff9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dbf1565a95a2485ff3448bc994277768df704e8c37c553e64d5b59b82074cbee/analysis/1575439083/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99d8e8f1-e3d4-4adc-bfab-ce8809a15e5f" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "179105b4-9323-482a-8c31-58893876acab" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd9c1730-3934-4d96-9e4e-66d416fc1dee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "pattern": "[file:hashes.MD5 = '2505b64477e4d763c393105d8b3c0a12' AND file:hashes.SHA1 = '45e8cf4a26f3f48cf4ef80cfbdb5c1f527c19b64' AND file:hashes.SHA256 = '392bd63c5da49944fed61c27f75c421e5be112584b3bf3e44dd11e30a1447eab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--20b3340c-2536-43ea-9a11-0d04b9cf9f60", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:06.000Z", "modified": "2019-12-11T09:12:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T15:46:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a6f7792b-91d8-4948-8472-796b28178be3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/392bd63c5da49944fed61c27f75c421e5be112584b3bf3e44dd11e30a1447eab/analysis/1573055184/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a2371c4-2853-4e77-a64e-2e37ee7d2e52" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aac7503b-01c0-456b-aa9b-85e18b786a42" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6c1c49e-8a88-41e4-a935-b22abfac6779", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:08.000Z", "modified": "2019-12-11T09:12:08.000Z", "pattern": "[file:hashes.MD5 = '817264db5a19e09f43a141859d33cfd4' AND file:hashes.SHA1 = 'd8f0323e9c6065bda2307adce1a987141b903bac' AND file:hashes.SHA256 = 'f5e32a9aeac0da48daba5170e73b0993ced02dfce759c04580559c63b80104be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6645ca7a-2953-4aea-99b7-979afff6c520", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:08.000Z", "modified": "2019-12-11T09:12:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:42:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "92350661-3d02-48dc-82b7-0c8019a6c8e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f5e32a9aeac0da48daba5170e73b0993ced02dfce759c04580559c63b80104be/analysis/1573897350/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2c85cfa8-9235-45ed-aa2d-051d8530ebfd" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8da0402-8898-4549-8c9d-3a0ebbc1259f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7595266e-68ad-42d8-aea3-030fff8c2372", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:08.000Z", "modified": "2019-12-11T09:12:08.000Z", "pattern": "[file:hashes.MD5 = 'a20a2f6d341ec53b6ea057950dba62fa' AND file:hashes.SHA1 = '6742c58542a9649dcdbaac93df1efe862b12a6e1' AND file:hashes.SHA256 = 'cb61c4f9d662a99ad9a28e9e269d86eaacb35359fc8aabb870690c4551900782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b6a9653a-1c3e-42a0-b663-200c20c29f72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:08.000Z", "modified": "2019-12-11T09:12:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:16:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bb448b62-d97b-4d06-84c1-471d2b331c5f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cb61c4f9d662a99ad9a28e9e269d86eaacb35359fc8aabb870690c4551900782/analysis/1573827414/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6c4ad4a-abb8-46c3-af27-e06ae8c30f0a" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/64", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "40773f9f-e3dd-45bb-af85-7583fd90158f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3be262ed-cbff-4863-9845-bbe8780e4060", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:08.000Z", "modified": "2019-12-11T09:12:08.000Z", "pattern": "[file:hashes.MD5 = 'cc74b499d47e9b61f3b23f43973ecca2' AND file:hashes.SHA1 = '42c4766d4291df2ae2dda72996916bfe9f167d2a' AND file:hashes.SHA256 = '3456947910ec14542ef059d0a3da5cbc9d0a173b894e72a210c93d8570d2faf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--55b81650-a1d1-4e38-ac8c-0cc8a57ba371", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:08.000Z", "modified": "2019-12-11T09:12:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb678ba0-1c36-4e3b-9186-3ac18258b468" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3456947910ec14542ef059d0a3da5cbc9d0a173b894e72a210c93d8570d2faf8/analysis/1574062653/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3457aec6-067c-4412-a250-b6036d3afdde" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d88d5c0-f05c-469a-87c0-e3a8a45f467b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c3fbea3-3b94-4b4b-9658-58c0bda50729", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "pattern": "[file:hashes.MD5 = '2bf8d02ae39f4f9a3600a65d1a8bb733' AND file:hashes.SHA1 = 'aef806bf21849f554a095598e05a9acbd335cd84' AND file:hashes.SHA256 = '1a5292b1f274e2bc303cb8010b7dccead0c43b25a0abfcf61aed7221b72b98e8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--daa9b3e2-e2ca-47a8-9e9f-deceb9f644fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T04:14:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c094af8-5c9b-4e52-a7e1-b92379fa57b8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1a5292b1f274e2bc303cb8010b7dccead0c43b25a0abfcf61aed7221b72b98e8/analysis/1574828079/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf8bb1e6-0403-4ee0-b9c5-e05b876d1cdf" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b898652d-0296-4d87-b161-78ab055b1d05" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fdb0082-f213-435f-b8f0-07c9505e93c1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "pattern": "[file:hashes.MD5 = '4eeba9ee7266abef169be1638f29e673' AND file:hashes.SHA1 = '2d6a84cbbfb1c50b1e1ce33044834afcdedacbd2' AND file:hashes.SHA256 = '08089df5cbab72ed79c09600280ffd9b54ec14f14caf87f4d67b21f683d6c2e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e8cd3aba-3100-4a3e-a2b3-2c722681f9f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T10:03:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9766c6e2-5371-4e3f-8c26-71a3b386bee4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/08089df5cbab72ed79c09600280ffd9b54ec14f14caf87f4d67b21f683d6c2e2/analysis/1573207393/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "878ef99d-49b5-4cae-85d5-6f21df52df6f" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ae53bf5-11c3-46d5-a1b1-3291767f13bb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8975b3d-872f-4935-bb7f-206c5b43f28c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "pattern": "[file:hashes.MD5 = 'ec3b6215b8b5f11715f3fedd3ec50f33' AND file:hashes.SHA1 = '64698ca2798ef4cbdb399425eea8b5054468f9c2' AND file:hashes.SHA256 = '415d65745d95f0a468a6ec7d21e670e58d74f21717db5db645cbd40eee7bc6ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7cf62d8c-3de3-4b2d-a7b5-3032ce3438e3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T00:57:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1ce6d26-877d-403a-93bc-8112d1a3da42" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/415d65745d95f0a468a6ec7d21e670e58d74f21717db5db645cbd40eee7bc6ab/analysis/1574384252/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "413abe1d-acb4-4bac-af9b-c5e4461a7c4a" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7002c425-bbc0-4633-ab30-30fffcd96371" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b79fac33-6789-4c6d-8203-86a543916337", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:09.000Z", "modified": "2019-12-11T09:12:09.000Z", "pattern": "[file:hashes.MD5 = '829cf2831d130acf5cadc55a94cd0aeb' AND file:hashes.SHA1 = '2ebc22afbab331712948d329336639b3e77a4e63' AND file:hashes.SHA256 = 'e43830a8d66e07606f3b52c56d1cc6bee3733e1b9e7a435578a052834ea78bcb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c21a9315-97d1-4168-a9b7-12423024a3b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:10.000Z", "modified": "2019-12-11T09:12:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T08:19:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7e4a1b4e-a850-45d5-a45a-60a4b014aa9f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e43830a8d66e07606f3b52c56d1cc6bee3733e1b9e7a435578a052834ea78bcb/analysis/1575274788/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ffc49555-5b63-434a-8cab-3277c9d1b478" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f9b62262-12da-4c08-87ef-2760bf68a9dc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91905962-1e77-4f65-a1f1-d7245a4325d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:10.000Z", "modified": "2019-12-11T09:12:10.000Z", "pattern": "[file:hashes.MD5 = 'c83ae7fe6e4fc01c8012b92fc8a9805d' AND file:hashes.SHA1 = '7921a6829f74b136eac41db2a33569e65bcc27cf' AND file:hashes.SHA256 = '89517d5ef6fc519f230079a2c06b80e0e93362c0cdb4239cb6349a26136c8357']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--50e15cf6-cf9c-4922-93d8-e1241e97e39c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:10.000Z", "modified": "2019-12-11T09:12:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:20:07", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eafcee3e-9a35-4b5e-ab04-ff23e89958ac" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/89517d5ef6fc519f230079a2c06b80e0e93362c0cdb4239cb6349a26136c8357/analysis/1574612407/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7353955e-11f3-4745-8cdb-3cf49521e144" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "817c4455-2417-4b62-9a93-892ac1f99966" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--182e3f1e-de06-492c-a4b4-81cbdb039aa6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:10.000Z", "modified": "2019-12-11T09:12:10.000Z", "pattern": "[file:hashes.MD5 = '7e07f1aba65ae1b15b6a749000ea4497' AND file:hashes.SHA1 = 'a3a9ac4f71cbdd5aecb618ff070d3a003522c2f5' AND file:hashes.SHA256 = '8c225b6bbb767f950dc729cf038c299bf543090e72e2f9ee9ef082f62a581164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4e3e0a9-e92c-4ad2-aa0b-690729b25b92", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:10.000Z", "modified": "2019-12-11T09:12:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:34:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6a6e964f-c18e-45aa-bd71-a70b3dffac72" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8c225b6bbb767f950dc729cf038c299bf543090e72e2f9ee9ef082f62a581164/analysis/1573961663/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fe0180d3-9dc4-49bd-a635-f36adf47a7e2" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9db6f06e-2176-468f-98bb-2b70391c5f34" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45f3d5b0-854a-4d2c-bf88-70cd8564f3af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:10.000Z", "modified": "2019-12-11T09:12:10.000Z", "pattern": "[file:hashes.MD5 = '8882caa5fe0eb9d2d83945e6866c5b86' AND file:hashes.SHA1 = '1776cd59f0b56bc2c36975d6167a96428dabf65a' AND file:hashes.SHA256 = '057ac9e82be5accb71dcbc4c98c370600b931c3a49c24351659d8e051b7ce686']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1753520a-1660-432f-aff7-08385961ba2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:11.000Z", "modified": "2019-12-11T09:12:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:00:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2e067080-a103-4321-bb1e-e44b5d224c9a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/057ac9e82be5accb71dcbc4c98c370600b931c3a49c24351659d8e051b7ce686/analysis/1573826417/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "168b4661-6f84-4515-865a-5f70b2b02676" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/64", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9fde7d63-fbb3-43c6-9910-c4402459d096" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--241463c3-0626-4f97-b0db-f683cf972e7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:11.000Z", "modified": "2019-12-11T09:12:11.000Z", "pattern": "[file:hashes.MD5 = 'a59f51bf41d58c9ba71715c7a8c8b932' AND file:hashes.SHA1 = '45a62f7ecc3e392d0e3130282ba0d062d22154af' AND file:hashes.SHA256 = 'e87a102922f2a09acefa82210ad67e10e269f3c14ab4ca9cd475ff66b8b48706']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f81cf644-3724-4f5a-bede-b656e85c6c73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:11.000Z", "modified": "2019-12-11T09:12:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T09:46:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae82e76d-a253-4bb4-b659-3da368206b91" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e87a102922f2a09acefa82210ad67e10e269f3c14ab4ca9cd475ff66b8b48706/analysis/1575539183/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05bf1375-40f1-456c-8aca-256cc95ac9b0" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "35743f86-f0a0-4a41-ab90-9afe772bd635" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c895566-202b-4f6c-b7cf-798509971bff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:11.000Z", "modified": "2019-12-11T09:12:11.000Z", "pattern": "[file:hashes.MD5 = '2e8446b9c955ddea5a642feff32a8b14' AND file:hashes.SHA1 = 'ef343d7f3143d5c01a4babec5ca950ccc0085b59' AND file:hashes.SHA256 = 'b0639a1314161dfe9590eef1830a7a4cc2c8dfb75e59eb5275cc91339365371e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2d8f6027-ce38-45c8-870c-a699fd9e9e3d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:11.000Z", "modified": "2019-12-11T09:12:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T17:26:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0f047a5-3e1b-4043-878d-d262b7ae6417" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b0639a1314161dfe9590eef1830a7a4cc2c8dfb75e59eb5275cc91339365371e/analysis/1573493182/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1932647-89df-4e05-bac8-e8e2dfd5a0c6" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c8daeed3-ade7-4bd3-b0a2-913710262cdd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7503be52-e147-48ea-98a4-d7be3ace45c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:12.000Z", "modified": "2019-12-11T09:12:12.000Z", "pattern": "[file:hashes.MD5 = '7efe300310e13d1e0fbd32ae453fa449' AND file:hashes.SHA1 = '698b52b1875b213b25e9938c911c9a2bc53635cb' AND file:hashes.SHA256 = '989a3fefb82d37805a91a2f07f07081e819a032b4fd9484fab1f2a01303feba1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--eb2a85f6-01e2-4caa-8c9f-988318c26249", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:12.000Z", "modified": "2019-12-11T09:12:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:39:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26824e9e-5c47-40a5-8381-a71b287531de" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/989a3fefb82d37805a91a2f07f07081e819a032b4fd9484fab1f2a01303feba1/analysis/1573425577/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cccf478c-e9ca-4404-8b9e-494e8036ba66" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ba31286e-e85e-4302-8d92-d74cd6fd417f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a462fd7a-1c1d-44a5-a57f-c42386b0ff1e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:13.000Z", "modified": "2019-12-11T09:12:13.000Z", "pattern": "[file:hashes.MD5 = 'c0e0454bdc11b57efab77eae9cd42099' AND file:hashes.SHA1 = '725f9a35655bb37208a8f99db752185bda573b8f' AND file:hashes.SHA256 = '71d895e3bae4d180e9ea94e8ce1bc6052a25fca48b086d78c1c14e2186ecf09f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9ab5b90d-5dcd-4745-9789-c4e1ac9000f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:13.000Z", "modified": "2019-12-11T09:12:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T12:20:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c25dcae-9d09-46bd-a527-01958a3076fa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/71d895e3bae4d180e9ea94e8ce1bc6052a25fca48b086d78c1c14e2186ecf09f/analysis/1574770855/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "426ca852-2a78-483a-98ee-84c002ed12be" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb24e7be-25bd-467d-91b9-8bcab27188f5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e73a6fe3-456f-401b-84c6-6e6dcaacdfc6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:13.000Z", "modified": "2019-12-11T09:12:13.000Z", "pattern": "[file:hashes.MD5 = 'aecbbafa4553b4d32072969edb568819' AND file:hashes.SHA1 = '12ee894dbcb35650c7125c104a7beac87c0320d0' AND file:hashes.SHA256 = '4e4fb92c6c122035e705e4f30aa14be766c7671a8043fe02e48bc7dd2d79f860']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2165f1bf-99b0-4e68-9d2d-1ade377d8956", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:13.000Z", "modified": "2019-12-11T09:12:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:57:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d9d97c12-b90e-471b-acef-2ae04ee5db7b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4e4fb92c6c122035e705e4f30aa14be766c7671a8043fe02e48bc7dd2d79f860/analysis/1574251022/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "50509182-a84f-4897-bb40-bd999153827f" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6b181267-22d6-42d4-aa77-60bd1976c6b9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dce883cd-5087-4904-a7b9-023d423dd1d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:13.000Z", "modified": "2019-12-11T09:12:13.000Z", "pattern": "[file:hashes.MD5 = 'adb3db7a086544ac9418c506315ab6ed' AND file:hashes.SHA1 = '940969276ec5846fb917d9965c5732687881ca20' AND file:hashes.SHA256 = '0eb5a08a148269bfe5967ebc6175c248fc4ea4fa2f9f29127bfa4420cf7163e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--737ec17e-d4f6-42d8-b4e3-390c2de98945", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:13.000Z", "modified": "2019-12-11T09:12:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T22:41:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd0a52c5-ab6a-41b8-a898-2049c0a9668b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0eb5a08a148269bfe5967ebc6175c248fc4ea4fa2f9f29127bfa4420cf7163e1/analysis/1573512062/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1b9b9112-04e1-4af0-b2e0-2ee9816218b1" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b0953e8-87f7-4ecf-8544-fa2daeef2ad4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--227c4286-3b20-4b4d-9856-ea87c2d3bd80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "pattern": "[file:hashes.MD5 = '63d86702e882dd3aa613fd2a0d93cedc' AND file:hashes.SHA1 = 'dda46a2185ffb606f7c33f25e4afef0d69d30839' AND file:hashes.SHA256 = '19c9a16ba965f9ee777c8364b59cdaa21a82d69b742474023954d4bb43f78710']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f365c021-ac24-4d53-aaf0-e221b311837e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T18:05:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9eec0b2e-9802-4143-a9ce-096ffe4cd2d1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/19c9a16ba965f9ee777c8364b59cdaa21a82d69b742474023954d4bb43f78710/analysis/1573236325/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5b7e601b-bd06-456d-9e9e-017af166b516" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c741856-93da-410b-9fe3-0dff2929ebc8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4615e70b-359d-4f2f-96a4-ea418c5a6854", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "pattern": "[file:hashes.MD5 = 'f7e434962f3091d40dfd479a7d8926c5' AND file:hashes.SHA1 = '4633873539f8ef74e41b9f380eee56a2f85f0be6' AND file:hashes.SHA256 = 'af1e1c07f5cc6ba4314616156252bd8960c39f9106189ed754c6d673290cd399']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2fee9edd-029f-47fb-8cba-757099976138", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T04:44:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bc485a95-f376-4688-8674-35f8f3eff75e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/af1e1c07f5cc6ba4314616156252bd8960c39f9106189ed754c6d673290cd399/analysis/1574829898/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d1da307-a7b1-44e3-976f-100268c4749e" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c0411e5-9b44-47e2-a931-03a8a749a099" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c3c6593-79bd-4150-b1ba-146da9c4bce8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "pattern": "[file:hashes.MD5 = '58ea56c1e5e636ffe26099811d0f41cb' AND file:hashes.SHA1 = '8d143a6a40d8ea297cbb5a9690765f4ff2182c41' AND file:hashes.SHA256 = '54462075b75adf13fd54d56282dd200847ebaa2e43340f3555e45073fbc126f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ddd88357-7732-4691-8a56-ceacf2bee532", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:21:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b680cc0e-b76c-4f68-9130-5b3aac18b575" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/54462075b75adf13fd54d56282dd200847ebaa2e43340f3555e45073fbc126f1/analysis/1573827716/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "10f0f143-374a-48ee-a93e-e07b83d8862b" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "144897d5-62d8-42d3-ab75-a9580715b44c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9785371-03f8-4af6-9373-5909e49e5adb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:14.000Z", "modified": "2019-12-11T09:12:14.000Z", "pattern": "[file:hashes.MD5 = 'f12519c2722ef22dc151642c62dd22ca' AND file:hashes.SHA1 = '00763fded73e4c9770f37756370c9029d064e2ca' AND file:hashes.SHA256 = '7618269db455d174aa8854869da9a02cb85f53aafa61263e8192e0abb66e36c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1295c57e-bbc7-468b-bb20-8211f7c4072a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:15.000Z", "modified": "2019-12-11T09:12:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T18:02:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8fad29e8-7280-4b01-a5a8-5e058428540e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7618269db455d174aa8854869da9a02cb85f53aafa61263e8192e0abb66e36c4/analysis/1573149774/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "928d96a7-0ce2-40b7-9f69-b4af51ea3d6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "58bcf530-1cb8-489c-8117-dbe4cfcc1900" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c763fb0a-4e8c-4f68-b194-4d1b8f482e8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:15.000Z", "modified": "2019-12-11T09:12:15.000Z", "pattern": "[file:hashes.MD5 = 'd35f7b0d5384f1a4aedd4aaeacf93412' AND file:hashes.SHA1 = 'd0f60f3dc8504307baef78620cdf266e0658054a' AND file:hashes.SHA256 = '626c969f98464156d2964bc7d73d53aa83d68b0d3ee06224eae4b2a0a310d7b2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8a81d792-e18b-4e84-9be9-962c67005bd4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:15.000Z", "modified": "2019-12-11T09:12:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T06:37:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "55f3bf3d-33fc-469f-a3f5-893aff8ed65b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/626c969f98464156d2964bc7d73d53aa83d68b0d3ee06224eae4b2a0a310d7b2/analysis/1573540637/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bbbaa130-c258-4dcb-8819-d6b6fa7d4636" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "628afebe-7417-4f78-bd2b-57623df24d78" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3e51af5-e6e1-46d9-a62e-2f8e8b6fbe09", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:15.000Z", "modified": "2019-12-11T09:12:15.000Z", "pattern": "[file:hashes.MD5 = '2d90551179bf9d2da25dc53d09e94172' AND file:hashes.SHA1 = '77acff38dd5fd06dcebfa039eea8b78331a6e1f6' AND file:hashes.SHA256 = '388abec861fc7230337a22b32f349639560154d68c82e195509d30a1e8a7479c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--61c82fe5-d83e-431a-b959-73ef76e2b052", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:15.000Z", "modified": "2019-12-11T09:12:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:46:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "07bf31f8-38f2-4cb2-8d15-98c5115f3e47" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/388abec861fc7230337a22b32f349639560154d68c82e195509d30a1e8a7479c/analysis/1574545591/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9e6b44f1-5170-4bd0-ae02-f77aca4c8617" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "90ca319a-1110-4961-889a-a9449c64c457" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91864f2e-a0af-4d1c-8196-7a5a3e13f097", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:15.000Z", "modified": "2019-12-11T09:12:15.000Z", "pattern": "[file:hashes.MD5 = 'b46231965bd6d4a7bc68bd6a328a35e5' AND file:hashes.SHA1 = 'cf5ac34afaa41b8c6129508f3594a18e97786305' AND file:hashes.SHA256 = '6013c5cdd7fe8b15004ba4646b453faa61fd313ad9a00bf7d82ddbda658058d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b3fea86-801e-4f54-abd1-4adc96fdc7c1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:16.000Z", "modified": "2019-12-11T09:12:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T15:48:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab934886-fc47-4bc6-9926-c0b39d625d7f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6013c5cdd7fe8b15004ba4646b453faa61fd313ad9a00bf7d82ddbda658058d6/analysis/1573055316/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78d0dd74-9c64-456d-aeed-ded0292dd832" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ca88b7a3-e5ce-4c7b-a38c-50d255d3f3c4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0fb588b-6cf2-4e37-b528-94ae24244747", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:16.000Z", "modified": "2019-12-11T09:12:16.000Z", "pattern": "[file:hashes.MD5 = '6f4e12b65ab36d5f4b7792c3d83175c9' AND file:hashes.SHA1 = '2d5ad8832a36d1338a389fe9b115e6da85bb096e' AND file:hashes.SHA256 = '537497e066b92b1852ccc874f865e6cc09d0d6032cefcf44d6069d22c9610015']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e30f84c4-cf2f-43e7-a1c7-f4fd20ecb6a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:16.000Z", "modified": "2019-12-11T09:12:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T04:50:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3044e86e-8207-4629-bcbb-b70268c7201f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/537497e066b92b1852ccc874f865e6cc09d0d6032cefcf44d6069d22c9610015/analysis/1573447819/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc66de92-63dc-45a1-9e7c-b5a2fa9a479e" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d7681a95-02fc-49d5-a506-d70fc34398bc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0397a39e-c3a1-4b20-9b06-8da452770996", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:16.000Z", "modified": "2019-12-11T09:12:16.000Z", "pattern": "[file:hashes.MD5 = '2613bf9ca5caa6cf56aeb4511a8cfb18' AND file:hashes.SHA1 = '31856f9fecf44db0f602f7858e6f71dcc02409ee' AND file:hashes.SHA256 = 'a520390ad47a1e45c99aa8022584c650d67c7b094e144142cc87a6f3d3faf2e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b242c8fd-73a4-4479-85c5-6cc76cdc4e15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:16.000Z", "modified": "2019-12-11T09:12:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T17:11:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c47b730-154e-4156-88ab-89c947ea1318" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a520390ad47a1e45c99aa8022584c650d67c7b094e144142cc87a6f3d3faf2e6/analysis/1573837870/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f58558f8-55b9-49ac-9c43-5c9d5987d81e" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70057047-3e85-4fb4-a908-22f87670a822" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fce01ae-2da9-4ca5-b217-3e6d8f09007b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:16.000Z", "modified": "2019-12-11T09:12:16.000Z", "pattern": "[file:hashes.MD5 = 'd77eaa74ce148b9e96b25429860aaee3' AND file:hashes.SHA1 = '1dae573985d4992ab727e7d1c55d78ef67ab6281' AND file:hashes.SHA256 = '2293a2c7ed2ce7ebe8c161a286dc5e2b4d2b70afadcf972d524f02abad4e59e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b13126c2-6c1f-4311-ab60-d411f81690f2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:17.000Z", "modified": "2019-12-11T09:12:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:28:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d527fdc2-daa4-4989-9b58-6e42c83401fd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2293a2c7ed2ce7ebe8c161a286dc5e2b4d2b70afadcf972d524f02abad4e59e2/analysis/1574612937/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db37a4cd-f6c4-4f98-86bc-89413ea0fb51" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7315551-0eda-4c5d-b9fd-929845a0af76" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8cab29e2-5471-4e6f-8cba-03c645f0ad5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:19.000Z", "modified": "2019-12-11T09:12:19.000Z", "pattern": "[file:hashes.MD5 = '2eb8d7d40142610cd7847a699a6dc02b' AND file:hashes.SHA1 = 'db32b29580d0b2217bea26ad39b26c48557af7d4' AND file:hashes.SHA256 = '2443279e31ab6247ce24de7144d024d6d7ffd792541a813972e9db803716f533']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--41d9ccab-aa02-48aa-ab67-c8896f3361f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:19.000Z", "modified": "2019-12-11T09:12:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9ccbe0f-b73b-4b77-915d-6838d203612d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2443279e31ab6247ce24de7144d024d6d7ffd792541a813972e9db803716f533/analysis/1574936815/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7edfd00e-7d5c-4846-8858-7788c484b627" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c234e121-4b82-4652-a4b1-332e12c25b6e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7018491-83b6-48a1-aa51-93df57b590f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:19.000Z", "modified": "2019-12-11T09:12:19.000Z", "pattern": "[file:hashes.MD5 = 'f9de51404660c6ed6605fae026cea924' AND file:hashes.SHA1 = '9cee7bb1ce915a476f70331a7a5c21a65821cc66' AND file:hashes.SHA256 = '5cc8d0a2996968160ea9607cd9d2f3ff49227be3de15b096150e08198658c24a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5cb084df-c303-4674-8237-aa97afecf9a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:19.000Z", "modified": "2019-12-11T09:12:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T18:57:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c70a6b7d-d351-49d0-960a-460ee2d5a860" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5cc8d0a2996968160ea9607cd9d2f3ff49227be3de15b096150e08198658c24a/analysis/1573844221/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d189f38e-c3ba-4d88-9a68-b3246b8a07e7" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "86746a9a-3aec-44d8-8a9b-75b742badc0f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68b9968f-45de-443b-8299-dc750d617381", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:20.000Z", "modified": "2019-12-11T09:12:20.000Z", "pattern": "[file:hashes.MD5 = '40b28f20e7f78bf4147717ca25b650f1' AND file:hashes.SHA1 = '89c8011ca9124b34e000eea145dfc79f64b7c6d6' AND file:hashes.SHA256 = 'e8c42093d0f6424ed018d43b6e416a645700dc291ea90ca5ce9bee7090a533b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b72f4f4b-d1a3-48f2-a061-670fde18a5f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:20.000Z", "modified": "2019-12-11T09:12:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:25:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aaeb5e94-4ca2-437b-aa4c-1f7f90b3711e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e8c42093d0f6424ed018d43b6e416a645700dc291ea90ca5ce9bee7090a533b6/analysis/1573737930/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "24873b60-3a47-4a3d-8735-7ec2f84b30dd" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c127e40e-f159-408c-a484-c109fb26724c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b4cbbf2-4357-4e8f-ae26-33269481bf84", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:20.000Z", "modified": "2019-12-11T09:12:20.000Z", "pattern": "[file:hashes.MD5 = 'ec6854fc500e39d5a4cd071ce4c811d9' AND file:hashes.SHA1 = '67b50458bf954434119696b09d3c83046d868f57' AND file:hashes.SHA256 = 'd864793695bea272f2c43877db5140cfa18e348e6788f2b5d3fcb189db868fb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--45db8aea-a407-4e78-b0b9-ab2c702c6065", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:20.000Z", "modified": "2019-12-11T09:12:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T12:27:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6da42fde-0b4e-4021-b0b6-bd97a4d3ad8a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d864793695bea272f2c43877db5140cfa18e348e6788f2b5d3fcb189db868fb6/analysis/1574771230/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d6bb7be-6ca0-451c-8c2a-2b91538cbd10" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "edcb414e-3598-4264-903f-ae364df563ad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6b22457-eed6-4d5e-b732-90f99716391d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:20.000Z", "modified": "2019-12-11T09:12:20.000Z", "pattern": "[file:hashes.MD5 = 'b12605c95ec09bf0e1926529511a767e' AND file:hashes.SHA1 = '91fe53705f823a93cfaa985032ab7ab1ede391a5' AND file:hashes.SHA256 = '08f45213adedd2a8d89b2b5ec74288087cef2c7a90b214f00ddfa0d7329f098c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--968e5b16-fffb-4839-8985-44ec199de187", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:21.000Z", "modified": "2019-12-11T09:12:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:30:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "adc6a112-a56f-4c60-ba4c-3ad68ffadb3e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/08f45213adedd2a8d89b2b5ec74288087cef2c7a90b214f00ddfa0d7329f098c/analysis/1573421442/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f4b4896-e64d-49d4-8025-1ea9567d7eaf" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf30809a-011c-4086-8e39-5daebe7b0956" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a5e8842-f40b-4d5c-93fa-27aab8c66247", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:21.000Z", "modified": "2019-12-11T09:12:21.000Z", "pattern": "[file:hashes.MD5 = 'b403657cfd44ec6e49f5a5fdbb47a194' AND file:hashes.SHA1 = '2f953b990ea3b745882279a87f506ab6d8a7e0f3' AND file:hashes.SHA256 = '301435e44ce79e819700be21046eaa6bc26fe28f7b94d85419f55c32c18b68ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4252292f-16f1-418e-bc6f-4136e41d34c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:21.000Z", "modified": "2019-12-11T09:12:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:38:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4976d865-6717-48b8-8eda-355d9f67160e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/301435e44ce79e819700be21046eaa6bc26fe28f7b94d85419f55c32c18b68ae/analysis/1574332725/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "acdf80ab-1e75-4da7-8835-f40c0192d0c9" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0b0f7b51-432b-4764-b735-ae9b7523f28d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe7b840b-0746-4f15-b5e2-c2724a31afb0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:21.000Z", "modified": "2019-12-11T09:12:21.000Z", "pattern": "[file:hashes.MD5 = 'b51576591bf3af02aa6f94ca6b084b1b' AND file:hashes.SHA1 = '14c6c056d9c5ae05145d5206baf43f0b2b6942f7' AND file:hashes.SHA256 = 'cc0e31c60f0ed3caa59feb0d1d1304f96cf23c6312270fd8567e4ed87cb7c71d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c77341c1-5bdd-427f-bc06-695839e43ffe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:21.000Z", "modified": "2019-12-11T09:12:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:22:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ac6a0f3-ddee-43a9-9f96-3b787cd76d0a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cc0e31c60f0ed3caa59feb0d1d1304f96cf23c6312270fd8567e4ed87cb7c71d/analysis/1574612522/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f83fd08-162f-4290-a613-1c4c48395376" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "30474ddb-babe-4013-a52f-dc92e90b1463" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--792ae878-47da-478e-910e-83ab193363f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:21.000Z", "modified": "2019-12-11T09:12:21.000Z", "pattern": "[file:hashes.MD5 = '034b964770dc6e6e2a66d5edcbe63cb7' AND file:hashes.SHA1 = '05b42c2225fe2cf223d8efa0144bb7b9b2dc36bd' AND file:hashes.SHA256 = '5950774f554812943b76eb930e90f82aef3e0d1483dda07546db29898dc6c336']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ea550ad0-34cf-487a-af08-c26076576a4b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:28:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9fe1d598-82e4-4b4f-9e41-fa948752ff57" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5950774f554812943b76eb930e90f82aef3e0d1483dda07546db29898dc6c336/analysis/1574612932/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6b5b0512-8ee6-4253-81ba-5b9464560d14" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3badee1d-a6ee-4fb6-b9d6-c46955ad11cb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79c73e7e-d39e-4082-a90f-e28f84cf3aae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "pattern": "[file:hashes.MD5 = '6fb1b41f6f680148cf4a713c3259f8cf' AND file:hashes.SHA1 = '24fdbdb24858cec4779a26f31879e0058f80b99e' AND file:hashes.SHA256 = '6a3b484113c16cb513fd220541c556f211ec9aaf0cf2737cddb960ca8425f63c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cc868828-7f2e-42b7-bd44-bf6720650d94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T05:24:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ed2ac8d5-3578-4201-b6fd-ec1e0acf8af8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6a3b484113c16cb513fd220541c556f211ec9aaf0cf2737cddb960ca8425f63c/analysis/1574918655/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5cb3e7fc-d2ae-4123-a76f-466f50b44362" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "42043af8-b2c1-4108-8d1f-94b2d6af7284" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f989944b-ad68-4918-8627-6c73f89ce3e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "pattern": "[file:hashes.MD5 = 'df709377538c9d19057607f68a63f9d5' AND file:hashes.SHA1 = '5832161eb9344939f48e0559b6ce58cbf77f893b' AND file:hashes.SHA256 = 'f878ab6f2fa0e5b01e61cb5deb5188bd0d31ba16f31fe8a88d2cc17859f66ef6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b0bfc06d-a41c-4026-8a6a-73ec7789424e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T17:10:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b86666f-df1f-41b5-a1b6-0bd688c8c218" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f878ab6f2fa0e5b01e61cb5deb5188bd0d31ba16f31fe8a88d2cc17859f66ef6/analysis/1573837855/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "09b3ff57-0d8d-470a-b911-a8c67e6ca748" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3a8d6c40-a137-47b1-9f49-d923ff758e32" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3c53c632-de7e-41cf-a444-246d60627cb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "pattern": "[file:hashes.MD5 = 'd2b88f123ef635c5344fee05b3f3f7fb' AND file:hashes.SHA1 = '408a9e287e48ce2030da93ae236e76c6afd188e5' AND file:hashes.SHA256 = 'a2188ff2dcca659807db8898153c88520d41033b8f446ecb932957abb6237abb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fa188133-68e0-4fe1-b887-c29a3608077f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:22.000Z", "modified": "2019-12-11T09:12:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T18:28:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "355962fe-2f88-451f-8aea-39fd247b7524" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a2188ff2dcca659807db8898153c88520d41033b8f446ecb932957abb6237abb/analysis/1575311330/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7fba3674-946e-47dc-9897-022316876ad4" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/63", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7642b8d0-71b6-4420-bb88-3946b03e7f1f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--811f3acc-01fc-4343-b0c8-0c88fee826cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:24.000Z", "modified": "2019-12-11T09:12:24.000Z", "pattern": "[file:hashes.MD5 = '2008ea091cc699a9a708e56e887b2e5f' AND file:hashes.SHA1 = '7c00ede7400fb8e41f2184bf48e0ae646bb23100' AND file:hashes.SHA256 = 'afe106ae1b74031acfea1585c78a8db20fe3b99ae1f099e9a1812945f8008498']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d77e9949-c73c-4884-8b13-e42b494681a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:25.000Z", "modified": "2019-12-11T09:12:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T19:06:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "18d70050-c000-4e18-b21e-671a5a453052" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/afe106ae1b74031acfea1585c78a8db20fe3b99ae1f099e9a1812945f8008498/analysis/1573153618/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8f45775-5577-4391-871c-8a9d20b9da0b" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8906c219-23ed-4592-a836-9dc516522730" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2048516b-a06e-4511-a074-769e60b4d1b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:25.000Z", "modified": "2019-12-11T09:12:25.000Z", "pattern": "[file:hashes.MD5 = 'd7e3bbbfa5568dc4968a3e157c89e3b1' AND file:hashes.SHA1 = 'a6478f794b0ff8cfde6db7a42afdfeea4f08007c' AND file:hashes.SHA256 = '8dd6ac6c539d10c74f76cedde68adbed0393e880ab9a305a9297316884f360c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e270fb81-2868-4e01-ae02-006bb56ab6bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:25.000Z", "modified": "2019-12-11T09:12:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fcbcf606-7208-4470-b503-5043c9c468be" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8dd6ac6c539d10c74f76cedde68adbed0393e880ab9a305a9297316884f360c4/analysis/1574936778/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f0b607e5-3b0f-44ca-9b38-30e49ea5d87a" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d70b4c1e-bc5d-4c3d-93cb-cb592e568c67" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ea063d5-3da9-4c37-b761-32429100b994", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:25.000Z", "modified": "2019-12-11T09:12:25.000Z", "pattern": "[file:hashes.MD5 = '4d3e0ad8cef6d4898cecc07944a5b5ab' AND file:hashes.SHA1 = '52f639d70b4e13f96e40b524bef32de6702b1831' AND file:hashes.SHA256 = 'e4370b0ab4dde24b3f8634e6a154e243a1d96e447c5b03d17005226ef4815cd9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76ffc2c7-5151-4fae-a2bd-64b87bf32ffb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:25.000Z", "modified": "2019-12-11T09:12:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T06:00:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "65e50b2b-6958-4857-a1b9-d253b0ea79e1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e4370b0ab4dde24b3f8634e6a154e243a1d96e447c5b03d17005226ef4815cd9/analysis/1573624837/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2433f15a-ce9f-405a-ad08-ee74e1a0fa7a" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c47b1b79-888f-46e5-bd4a-98e278b3c2ea" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a59ea309-176e-4054-86e2-2b6cf6269370", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:26.000Z", "modified": "2019-12-11T09:12:26.000Z", "pattern": "[file:hashes.MD5 = '306ec237b988b01e21151ce2261e796c' AND file:hashes.SHA1 = 'a59769c50b88dd5f4bd91f3281ba19439c746d7b' AND file:hashes.SHA256 = 'd2ae0171b71d401548bd41dd28a7aa9a4fe5f32a92fbce9cd860bfad79d3eb21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--826cbe2a-4f33-411b-98aa-d29ceadddba2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:26.000Z", "modified": "2019-12-11T09:12:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T03:30:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d8d53d0a-8111-4670-9c0f-ea746c4ea138" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d2ae0171b71d401548bd41dd28a7aa9a4fe5f32a92fbce9cd860bfad79d3eb21/analysis/1574825410/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a841cbe3-5b85-44d7-9c4e-797cde8a1d4d" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1451325-2dd4-4dfe-a350-3fbaf27983f5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a50d9267-5c10-438e-bd54-c9227c0a2fac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:26.000Z", "modified": "2019-12-11T09:12:26.000Z", "pattern": "[file:hashes.MD5 = 'f267b452b13987cf458a2386cae18ba1' AND file:hashes.SHA1 = '90e3af924d3f91068fce6ed4c207385f8aa7b229' AND file:hashes.SHA256 = 'adfc6aea1314ebaef8bfe956ead4223322da266c696a2f4d054fbb157f8d5abf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a73f542c-92e8-4f71-88af-aa96ac8aeb3c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:26.000Z", "modified": "2019-12-11T09:12:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:54:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27fd2ad4-9f9d-42de-a55a-d856dec5f318" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/adfc6aea1314ebaef8bfe956ead4223322da266c696a2f4d054fbb157f8d5abf/analysis/1574546051/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06d88747-9daa-46c9-9be8-556877fb05db" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eeec9770-ae32-448f-8ef5-837760243f86" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5ee0663-e589-4f86-a285-ae5f253a4372", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:26.000Z", "modified": "2019-12-11T09:12:26.000Z", "pattern": "[file:hashes.MD5 = 'ab0e0424b33f5286264f2f2ef14b310a' AND file:hashes.SHA1 = 'edd0717b9bf8b7093252aca2ab6aec48edaf68eb' AND file:hashes.SHA256 = '6bbba3209752c404e353cd13947b9e851aa3865a6f83493b5e42be1ce586f963']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e4be0c7b-a75b-43ed-b9cb-fa765780eeaa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:26.000Z", "modified": "2019-12-11T09:12:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:59:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "abf9d70a-7abf-4441-9f32-4caa39027cc8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6bbba3209752c404e353cd13947b9e851aa3865a6f83493b5e42be1ce586f963/analysis/1574333990/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "441dc1c7-7808-4f67-86d3-2c5cb7256617" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "629e01a6-fc02-43c5-b830-be8b6b0577a9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--703e20b5-a285-49e3-b875-f69c6bda2b2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:27.000Z", "modified": "2019-12-11T09:12:27.000Z", "pattern": "[file:hashes.MD5 = 'a11bef65a0b7360f98c1fcfe90934a0b' AND file:hashes.SHA1 = '23f5562426ddfd26c298a44f66c0652bf9f8b838' AND file:hashes.SHA256 = '490cc1a82b65b83687a798282fffc65893ba472fc55d106204cb54434f04d582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--017e3262-94cb-4836-9d37-b898ec560f5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:27.000Z", "modified": "2019-12-11T09:12:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:22:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d90638eb-43ef-410f-b2b3-6938de723399" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/490cc1a82b65b83687a798282fffc65893ba472fc55d106204cb54434f04d582/analysis/1574331736/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e7ba7bb4-001b-4b5c-af45-f9e7f5ace24c" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9832e518-a251-4af6-8dd2-f0c22b5880dc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95607ff3-30bf-4d79-ab38-35bffcaae0e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:27.000Z", "modified": "2019-12-11T09:12:27.000Z", "pattern": "[file:hashes.MD5 = '36983d085c9c02570e947ecadb16775c' AND file:hashes.SHA1 = 'a6ad7ecd92f4e426ce86de2a649f20ac957abdf2' AND file:hashes.SHA256 = '66dcbe7ca3b5ca2636ed3d8de7a57b2955091a0cae30731005d82efc9cae0c79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2befcedf-2a62-4201-996d-456460ef219d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:27.000Z", "modified": "2019-12-11T09:12:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T12:14:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2afb122d-acab-4ff2-be70-5c8adc75093e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/66dcbe7ca3b5ca2636ed3d8de7a57b2955091a0cae30731005d82efc9cae0c79/analysis/1574338496/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48a74232-bd1a-487a-9d00-4b9df2df3df4" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5139768d-2904-4ac7-b535-3581a0c89c9a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5f853df-553d-40db-84e5-5d44443c0ac9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:27.000Z", "modified": "2019-12-11T09:12:27.000Z", "pattern": "[file:hashes.MD5 = 'b1fbe9238cfa3422e517483691dc35c2' AND file:hashes.SHA1 = '33827b621bbcc30813aeb627ec0f9b97ed436bb2' AND file:hashes.SHA256 = '4974552078e1f43540ee29a04b40618df797bef3299cf60cc46e5d68a4bf77a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--55ce3116-9eb7-42bf-b0b5-08a50c2f3e84", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:27.000Z", "modified": "2019-12-11T09:12:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T13:20:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2df9067b-9546-41c8-8d6f-6d4a3b048388" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4974552078e1f43540ee29a04b40618df797bef3299cf60cc46e5d68a4bf77a7/analysis/1574083251/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf8bd49e-0b2b-40c8-9f6b-c4c5db550c66" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b80d494f-d3db-4b1e-90c1-ce5b9a610eda" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9e63164-4df3-4e70-b9df-d525f1c39b3e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "pattern": "[file:hashes.MD5 = '615168470c5af34cdb04c08506e5a17a' AND file:hashes.SHA1 = '611b905657d3dcdb114b3a6a94362f47c2aa32e6' AND file:hashes.SHA256 = '7ce5efcdc40d2b8e157c16f4281c84478eec5d8a6604351b005723b80135a5c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f4053517-9fdc-43de-ad33-48cf4532a0ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T22:43:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c9a18347-f9dc-452e-8d4e-dd58da2fd923" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7ce5efcdc40d2b8e157c16f4281c84478eec5d8a6604351b005723b80135a5c0/analysis/1575067403/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8443993f-9fbf-4b70-af40-253261a24037" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e809dba8-b6dc-46f0-a36f-c9104b83ea0f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11a82cb6-d88a-4b25-b8c3-ea78a7d2f0b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "pattern": "[file:hashes.MD5 = 'ad196fc53be64b6a7b82f6ec26504561' AND file:hashes.SHA1 = 'e65c0cffd5ba375663677e4c98ebbb2d7f0f43d8' AND file:hashes.SHA256 = '91eaf9d913402a7c3378f4b7a2b068e5b73ade4abbc929d65407106602f0f463']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--031c14e0-1d94-429d-a43d-418379e2e106", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:18:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f66d92d8-b55f-4f9c-8a71-7847784bce09" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/91eaf9d913402a7c3378f4b7a2b068e5b73ade4abbc929d65407106602f0f463/analysis/1574335128/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d29d25b8-37d2-45ef-ab26-0b936dde2730" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "160f1d6e-9529-472c-8fdf-7213f2289d58" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--912985d7-e6d6-440f-81d4-8d6dda944e60", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "pattern": "[file:hashes.MD5 = 'e5ad3a8443e283f9760232e6f8462503' AND file:hashes.SHA1 = '7ade070b70806d8b51ca7cdcf8567405ad9e9817' AND file:hashes.SHA256 = '2acba73e75dc9f2fec4a30a81387a50b86079e0facbe3c3edbe436a6bf28b825']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ec51409c-24be-4755-aecc-23767b6fb830", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:08:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71648426-39d7-4489-ba42-40c044627cd4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2acba73e75dc9f2fec4a30a81387a50b86079e0facbe3c3edbe436a6bf28b825/analysis/1573873707/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b046c104-a34d-47f5-aba8-83baf9d71481" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06f21e7f-384a-4875-a23e-32a6cde029b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92e64b60-b791-4af6-ae65-a768d7dd4b86", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:28.000Z", "modified": "2019-12-11T09:12:28.000Z", "pattern": "[file:hashes.MD5 = '1db3ef23a5335c99564139439cf3b1f5' AND file:hashes.SHA1 = '2fbb80ffb8f032391850571d78f797bdc7207ed7' AND file:hashes.SHA256 = '50cbc24760b13fc6069311028b7728e1d6a183c4802b38516918d95cd3999ad9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fee6a89b-8825-4d28-9495-546fb2d908b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T02:56:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c566a7a-9f0a-4a40-a96b-cd9b377f078b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/50cbc24760b13fc6069311028b7728e1d6a183c4802b38516918d95cd3999ad9/analysis/1573872986/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc18e203-e690-432f-a9bc-0c61cc6f202e" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ec14111-5542-419c-a23e-4c096d713e49" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d00daf8-7db3-4c1c-8275-0adf44757068", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "pattern": "[file:hashes.MD5 = '0bfd8e3c0351f1711ee62929639f40de' AND file:hashes.SHA1 = 'a36faef0c97f43c4a592f9d98d397667f62369f0' AND file:hashes.SHA256 = '29a19ca5aaf2c175255067ce165dad2510991ccd21f9be422471f4318e52cd63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a05cd184-793f-4944-afba-2d4324aa7bab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:49:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e36bec46-1b97-4d92-85c1-232693ccd9a6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/29a19ca5aaf2c175255067ce165dad2510991ccd21f9be422471f4318e52cd63/analysis/1574250577/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53df8895-93cb-449a-9c0f-b8850fc3d24c" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/64", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1f73df45-d7b4-471c-9885-bb7144eea74e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbe55622-c9b0-4ec8-884b-5ed210d004a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "pattern": "[file:hashes.MD5 = '009663576c3814e1390d76d7871f0b22' AND file:hashes.SHA1 = 'a784d0377b96fe6eccdf3e82be73f1b538000659' AND file:hashes.SHA256 = '1ecd294c05fbc67ab487162c4c55992821f3c9dd00cf7d4e29750cc70e6b7552']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--01d3c818-a783-4f52-bc32-26bc2d9e26dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:11:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fad5eb04-007f-46a3-a482-b14d1483ec8e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1ecd294c05fbc67ab487162c4c55992821f3c9dd00cf7d4e29750cc70e6b7552/analysis/1575177079/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "254904e5-7efc-4899-837d-6c33a10525e2" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cd74f67e-9efc-4feb-aa81-44e3dfb57678" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04b75cca-c00d-4806-87e3-3247296ea953", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "pattern": "[file:hashes.MD5 = 'feb6072d1e1f657f3f21f9e77ead98e7' AND file:hashes.SHA1 = '7c15b2dca4598e029343b4ba49ec7eb917318d14' AND file:hashes.SHA256 = 'c85d5d8c7e16c27fe40e17513ffce6a84c1e44aabd583411fc37d774bf7c6a2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--86eca76d-8be5-4d39-88af-7dc5d879477d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T19:48:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f1c263f1-1b05-4c50-8695-8ff66cb92bd4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c85d5d8c7e16c27fe40e17513ffce6a84c1e44aabd583411fc37d774bf7c6a2f/analysis/1573588136/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c0b92539-26fe-447c-b289-831e5593241c" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "530f65ca-e736-46e5-a3dd-9c70c37a55cd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbe76aa3-6d36-4f5d-a686-c2298c1f4504", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:29.000Z", "modified": "2019-12-11T09:12:29.000Z", "pattern": "[file:hashes.MD5 = '89e5ae3e6db29c22040d42de1c3ffefc' AND file:hashes.SHA1 = 'cf3f911f8d9a2c2c9c80757f730c783decdd4fe8' AND file:hashes.SHA256 = '7c4a3468a02545ca7dc7fef06b9bcc5b37f5a892695bb9c64bf898aae81545f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--588d9160-539b-4771-bfc7-6aabe09bd0fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:30.000Z", "modified": "2019-12-11T09:12:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T13:52:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7bab9d8-9ac3-47b4-9788-4f6620305e11" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7c4a3468a02545ca7dc7fef06b9bcc5b37f5a892695bb9c64bf898aae81545f6/analysis/1573653130/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "96e42cbc-5c16-4dfb-9e7b-d9d332585cc2" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "40eb303e-bbc9-44dc-996e-0173648501e0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a09bb37-eec3-4d1b-9e41-20762a731531", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:30.000Z", "modified": "2019-12-11T09:12:30.000Z", "pattern": "[file:hashes.MD5 = '26ffba21e12cc05f98420cd02cebd3db' AND file:hashes.SHA1 = '1cdebd4b70b673f4590506906f694af2fffb7909' AND file:hashes.SHA256 = '12cf9d677b1ff4e8a97b43bccf1ee7081737ff556c65907ece0debb4a2cc590f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c01c4c9a-a410-49b4-bde5-52efb20221cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:30.000Z", "modified": "2019-12-11T09:12:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:40:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7aeed31e-5b2c-4753-a740-becc2c32f473" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/12cf9d677b1ff4e8a97b43bccf1ee7081737ff556c65907ece0debb4a2cc590f/analysis/1574332808/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1647ec62-788a-43a8-a7c5-23bf4c47c8a2" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "966e8fb3-e3aa-4fcf-aece-848495b06822" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e504ff3e-46da-4aa7-a8bc-7f0464cd214f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:30.000Z", "modified": "2019-12-11T09:12:30.000Z", "pattern": "[file:hashes.MD5 = 'cb6c6bcfdb31e131d079fd6ec0ba2bab' AND file:hashes.SHA1 = '6f6070114bc7cde1b17a5f13a07f0c30223afcd1' AND file:hashes.SHA256 = 'dfa71ba3111d266b909ba4e3c8b0e165f0741b448f8dd4c582cd2c6a92b1ff26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4aea2bb2-1381-4acc-b920-c260e90ecc75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:30.000Z", "modified": "2019-12-11T09:12:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T04:04:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "261d75b3-625d-4b85-bd85-5cfbfc6df231" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dfa71ba3111d266b909ba4e3c8b0e165f0741b448f8dd4c582cd2c6a92b1ff26/analysis/1575173062/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a697e0de-5fe3-4eee-8875-3e682ea53a53" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "41e6903a-0294-4392-921c-2f65341c31a2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb0c4692-fa82-49a2-bc09-ecbc22668e9e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:30.000Z", "modified": "2019-12-11T09:12:30.000Z", "pattern": "[file:hashes.MD5 = '0dcdc809b80bfeffbc020eeb1ba6daf3' AND file:hashes.SHA1 = '3a4787cd1fedcbc7693c584e01f5e0f2437c20f9' AND file:hashes.SHA256 = 'd0a85bfe1329577c7d16bb6a52f6b051b1db4eebc4a1a18948bc8bc4b324f653']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9146a4a8-cb4c-4b93-8c6a-f63fd451c46f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:35.000Z", "modified": "2019-12-11T09:12:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T07:11:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c71413a5-b18e-472f-bc9e-11d2c15a6e4b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d0a85bfe1329577c7d16bb6a52f6b051b1db4eebc4a1a18948bc8bc4b324f653/analysis/1573888262/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "03dcf548-8423-40e8-b66d-020b1bf0ded8" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c682fa06-ad84-46fe-ac4e-062e9c8f10c7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc0a500a-b0f7-4f79-ac43-727f41467b2d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:38.000Z", "modified": "2019-12-11T09:12:38.000Z", "pattern": "[file:hashes.MD5 = 'fc5709340cd917ceac167045bca43823' AND file:hashes.SHA1 = 'ea0aa3f8410997f75d74218e5fe0e9cfba448619' AND file:hashes.SHA256 = '58f45d651ba2fc5d8a1c4a0b338208aa0a7946afe933c7d34d35cdfa2af5c2d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--793774c5-ce1d-4e06-a8d9-4d3795eb9e45", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:38.000Z", "modified": "2019-12-11T09:12:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T23:02:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ea230a25-62f1-4202-a27a-b4c64a3688fb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/58f45d651ba2fc5d8a1c4a0b338208aa0a7946afe933c7d34d35cdfa2af5c2d2/analysis/1574550173/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "17c2072e-8973-4130-8cd7-2ee46ed75766" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "04d02e5d-7dce-4e37-9a51-a029ea5db0cc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21de6575-e36e-4e45-aa23-54c3da749d74", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:38.000Z", "modified": "2019-12-11T09:12:38.000Z", "pattern": "[file:hashes.MD5 = '30f4db76d5e1c585fa79d17562eac74f' AND file:hashes.SHA1 = 'e554596122d1c02c5da8ddf966e26caaed1b000e' AND file:hashes.SHA256 = '8abe40eb8d28d1ff22b5626f888ab4b2693ed5211887bdd83679762fa2b1f046']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0ccefa28-3e07-41a8-9c33-f6790da24de0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:39.000Z", "modified": "2019-12-11T09:12:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:48:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d8ac299-4142-4190-a418-c82b3594be55" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8abe40eb8d28d1ff22b5626f888ab4b2693ed5211887bdd83679762fa2b1f046/analysis/1574250495/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "92195b3d-fe3d-4d0f-9894-185b005c080b" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ba716e66-9aa5-41c1-b8cf-3f42f69eb004" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5a4ca5c-d36b-46e8-9f2b-9122c2403840", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:39.000Z", "modified": "2019-12-11T09:12:39.000Z", "pattern": "[file:hashes.MD5 = 'e38ee517fa0ab1ae34e15706c487a235' AND file:hashes.SHA1 = '27a4c6a647a31005bb15248de05e333bf3aaaf92' AND file:hashes.SHA256 = '02af85494ac863e6d7d67143ed6227bfc886663ee339c9ef2f95ce28cafa2baf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e49f5e2f-84c8-411a-9531-2f810fc29476", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:39.000Z", "modified": "2019-12-11T09:12:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T17:58:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "56ede62d-eb94-4e1b-9029-812e4e8d0889" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/02af85494ac863e6d7d67143ed6227bfc886663ee339c9ef2f95ce28cafa2baf/analysis/1573840690/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "475c7d26-b9fc-4790-94bd-11dc1990fb11" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c077a12-35d3-46a3-8789-be52d3da7bed" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5503207-cc23-4648-ac81-6faef28c9580", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:39.000Z", "modified": "2019-12-11T09:12:39.000Z", "pattern": "[file:hashes.MD5 = 'a12ad5d1ac06ee86e91d6617e58ec9b1' AND file:hashes.SHA1 = 'a693f5ff731174fd67a757b50789ddcccd868347' AND file:hashes.SHA256 = 'a33ebe9f8b0eafc1dc8dd220a5525ca66f328713992f43cc68d829d4fdb00f21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cebd7ad9-b557-44d1-9ee0-92cde95295f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:39.000Z", "modified": "2019-12-11T09:12:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:05:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6af70a0e-8b59-4e35-809d-ce53cb1541bb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a33ebe9f8b0eafc1dc8dd220a5525ca66f328713992f43cc68d829d4fdb00f21/analysis/1573985122/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "765990bc-c0b0-43ad-afad-6bfb925bac57" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2cb74dec-7b22-4e43-bc59-c0c343d43356" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ab29f6c-8c90-420a-ab5a-54356a3489e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:40.000Z", "modified": "2019-12-11T09:12:40.000Z", "pattern": "[file:hashes.MD5 = '04056d9b69fd3367c6c760f9e175d22c' AND file:hashes.SHA1 = '0638b5302a0a1db3b46673cbf14fa82df6857edb' AND file:hashes.SHA256 = 'c7c3bd15e6546015a1dc1805d5dff9fdca0a103e010c9538c84a66a632a0493b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e5617155-752e-4667-9122-5277e51bac47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:40.000Z", "modified": "2019-12-11T09:12:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:44:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc26090d-215f-4697-b9ea-86ce758215f3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7c3bd15e6546015a1dc1805d5dff9fdca0a103e010c9538c84a66a632a0493b/analysis/1574545457/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "97e87168-1920-4805-9ed7-4f7ad3df2512" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d424b6ac-c699-4acb-a764-743279d5cbd1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce3923cf-7981-4adc-a3bf-0e8fd340dbe9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:40.000Z", "modified": "2019-12-11T09:12:40.000Z", "pattern": "[file:hashes.MD5 = '4d7996f4104a5215b46f60d6c4149081' AND file:hashes.SHA1 = 'f0a81ff52484a1db403e221aec5690e8e7a464eb' AND file:hashes.SHA256 = '83206a7a5354107957375b1d37c0f87c5013a06a7e7b6bbf4d9a02cec2f2c199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f417ecb1-4728-4ca3-84b1-e8d39801de4d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T17:47:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48bcd825-6c13-4a9a-ae3d-20512c741ef9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/83206a7a5354107957375b1d37c0f87c5013a06a7e7b6bbf4d9a02cec2f2c199/analysis/1573062424/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8c442d8a-9a81-4cd5-b7e8-aa007e15a0df" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d437576a-44b0-4c14-85c3-bc9e491e6a0a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--51afc6c5-9417-458d-bac7-9bc3595baac2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "pattern": "[file:hashes.MD5 = '03b1fdc4c393f0005c41735b7d7bcece' AND file:hashes.SHA1 = '873d2b9e91ef273da4f16e2f61e242f3e78c4c74' AND file:hashes.SHA256 = 'e961b4444035266889c97a282c5cd8f36a43bde005abce430362567314dba99b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b68cdb99-5f9e-46d3-9f51-2dc28f0fa4b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T01:03:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f9e9d8ab-5f70-4f9b-8d3b-041f5db11d07" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e961b4444035266889c97a282c5cd8f36a43bde005abce430362567314dba99b/analysis/1573779829/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "65d028d9-41b9-43ac-819e-b5320ae40585" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "00397e5c-cab4-45db-b973-28791508f801" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7cd4670f-d35b-4dcd-bd9b-3ad0f9656c67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "pattern": "[file:hashes.MD5 = 'b0df5586b39acc2d333971942a201c1b' AND file:hashes.SHA1 = '407e839b89a1957d06e8d20c1422207b20555639' AND file:hashes.SHA256 = 'e50a761781915101a0fec4e4b7c2c6d8c8baf89fb70060580f09a07a8e1eb846']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2bb66712-a7a4-438c-ab0a-20a9f3add41b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T16:32:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "996a08e9-5ed3-4a73-945c-d5ba26f6e025" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e50a761781915101a0fec4e4b7c2c6d8c8baf89fb70060580f09a07a8e1eb846/analysis/1572885171/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9f9da7d4-f8c6-46b5-a3ef-4082b19e9403" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aca99bba-6547-43fa-998d-816bd5b367d2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8150ad7-0d87-46fe-a423-859cf8f3a3da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "pattern": "[file:hashes.MD5 = '207ee3e7300b79adb794355d15b9d870' AND file:hashes.SHA1 = '08cb97d83202c65862e6b3251cbfd49f5cfaeee0' AND file:hashes.SHA256 = '63476988992a922fa9c1b2ca608557701306bbbc5f2f062e3477d31947efbb62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e61fb1a3-6d54-44cb-ae75-960669681b7e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:45.000Z", "modified": "2019-12-11T09:12:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T05:41:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e8d2fc9f-9823-41e6-924d-0297e35abdab" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/63476988992a922fa9c1b2ca608557701306bbbc5f2f062e3477d31947efbb62/analysis/1575265316/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "32e5506e-6f82-4be7-a61f-d992159877eb" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4111b9c-3fd6-4c33-af64-a5ee4c765f19" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8658e4c3-d242-46fa-9e30-a377c972aa27", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:46.000Z", "modified": "2019-12-11T09:12:46.000Z", "pattern": "[file:hashes.MD5 = 'cdc8ff1303dd1893c03ede2c36f50f5d' AND file:hashes.SHA1 = '1e4082c22c6f25ca47ca8e903a4e53bd551f8745' AND file:hashes.SHA256 = 'b3660101d3c25aded77d1a9694b16e311d8e708e1d586e9baf0bc988552a378f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed6a57ce-6012-47aa-83eb-1adf17a1cd48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:46.000Z", "modified": "2019-12-11T09:12:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:32:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e129175d-abda-4bdb-b164-3e03c6695f39" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b3660101d3c25aded77d1a9694b16e311d8e708e1d586e9baf0bc988552a378f/analysis/1573421523/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d667f3d2-4c44-441d-9eb0-41e768e54f05" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aae10158-1251-4caf-b581-a7d9aaacc4a1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76d4ad83-bf9e-4a34-b0f3-face750649be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:46.000Z", "modified": "2019-12-11T09:12:46.000Z", "pattern": "[file:hashes.MD5 = '1882f807e21d1cc62446cec0e7a57017' AND file:hashes.SHA1 = '1b749b371e4ba3270f9714320cc9684972cddd3c' AND file:hashes.SHA256 = '7e43b88207db6991ca9a1e5bbdbcce511d9907667f24b7dc34514120cf469855']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:12:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1af73b85-9b9e-48c3-87a8-a2f0ddd2d0c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:12:51.000Z", "modified": "2019-12-11T09:12:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:06:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "83bfdeae-9e7f-4982-93b7-ecf9c5764996" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7e43b88207db6991ca9a1e5bbdbcce511d9907667f24b7dc34514120cf469855/analysis/1573826761/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "453399e9-c29a-4716-bed4-e231f8f328b6" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a88a95b5-efb4-4f1d-9add-9f2c83220171" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bd44dc0-9ce1-4c93-b808-9edd63a0562c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:03.000Z", "modified": "2019-12-11T09:13:03.000Z", "pattern": "[file:hashes.MD5 = 'ca14ff6363e7a67277b2d60583a4be6b' AND file:hashes.SHA1 = 'c5a8d29e69ab9c2e72a28f69511bef0b498e875a' AND file:hashes.SHA256 = '161a343cab2f3e862271b6d5010e8800388cb2e221f54f197330792881938e51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--701928f2-a29f-459b-8a12-ea8780384c70", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:06.000Z", "modified": "2019-12-11T09:13:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:24:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "686c9c18-bb66-4924-94a5-5f586db1a26f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/161a343cab2f3e862271b6d5010e8800388cb2e221f54f197330792881938e51/analysis/1574612667/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5f9bd8e7-0e08-4aa2-bec3-b9f9f87c9650" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5be09e86-1002-4fbe-b6f6-5b69480e2166" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d636a4f-2779-44fc-9e5e-b771a0becc28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:08.000Z", "modified": "2019-12-11T09:13:08.000Z", "pattern": "[file:hashes.MD5 = '4e20ebae2036e8b00cb276d60b697ad5' AND file:hashes.SHA1 = '0f473a44822b661e5570efb26daab8bd2a207a16' AND file:hashes.SHA256 = 'b0485232103de6831e588c1fe1b52ae9ec3fb554b12dd29843c7d535fcb676a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dff4ed7c-9449-4bd5-ac33-80c689df3ce3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:09.000Z", "modified": "2019-12-11T09:13:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:56:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1041484-6212-45e0-a3d3-9f0f9b5de250" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b0485232103de6831e588c1fe1b52ae9ec3fb554b12dd29843c7d535fcb676a4/analysis/1574546192/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b05e41f-31a5-4e16-9d98-623ef6e093bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5e674465-8ad6-4c76-8122-6ecd6b682214" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d00f453-c339-4ce6-9d89-6a99535a78eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:12.000Z", "modified": "2019-12-11T09:13:12.000Z", "pattern": "[file:hashes.MD5 = '2a1d8dbe27c0f96cf623fc2383938c54' AND file:hashes.SHA1 = 'effd0d29a48151a2bea2d540fdc17a15655f8f33' AND file:hashes.SHA256 = '8e90c30ea85486b8fbcf0bfc45bed76cb8981c83d84c066ed196067b87266f05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--118d0b85-97df-48d0-8dea-b2dc5350e6ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:38:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be0b0f40-2888-4bd5-aa3f-6e57c16be672" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8e90c30ea85486b8fbcf0bfc45bed76cb8981c83d84c066ed196067b87266f05/analysis/1573897125/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "19cef179-0140-41ce-853e-72b208320950" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b15def85-817c-4cac-b92c-ac36936e0b7f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--771a406c-48bf-42d3-8b02-aee08d35f04d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "pattern": "[file:hashes.MD5 = 'ac800d24fffaab17a4ff7c9d9ca55ed9' AND file:hashes.SHA1 = '598fe1baf11c56a8b1b943f0868c2bb5d2727f63' AND file:hashes.SHA256 = '6ef46a0abeae802a3517a22ba0d5e2cfee6edfce2c1ee135747d8d4f2983d100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6e01b19f-072b-48f3-95ed-ee6ae14fcef2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T18:35:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "945baab7-7a01-48e8-818e-a2d8f40bb420" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6ef46a0abeae802a3517a22ba0d5e2cfee6edfce2c1ee135747d8d4f2983d100/analysis/1573151723/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "045b97ad-fb50-4312-9ea9-c28d404a288f" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d72a79ca-9d34-4515-9a32-b8f4910534e5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9588712e-97cf-429b-8ee5-0de0ec6cf2ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "pattern": "[file:hashes.MD5 = '529d779363ddcb5311f92d40da0beb7a' AND file:hashes.SHA1 = 'ce0874cdf6e70d1e68b6afb2adfb519e3d875ddc' AND file:hashes.SHA256 = 'ff35cf673a2eceec026cba6050750170456568b307bbfb2ba984a7b0d6d5f2ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d5d92559-46fc-4f99-9520-5bcf358132c1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T01:24:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2bd1f59e-bd78-43b6-a006-073ca9817174" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ff35cf673a2eceec026cba6050750170456568b307bbfb2ba984a7b0d6d5f2ed/analysis/1574990644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d06384f2-4d04-4acf-aec5-3344d1ce6859" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "80f7ceb8-c29a-4094-9648-f78bb5595909" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d56b00b8-8795-480c-87cc-4e229ebac191", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "pattern": "[file:hashes.MD5 = 'a131dc8bc5b75ef4e7f6be0d174c6807' AND file:hashes.SHA1 = 'cf4048d3b17405e0625415209d9e3f50b5b1d5f0' AND file:hashes.SHA256 = '7090aa4a651779e03dd59527dc2ba2f73a727828d0f5886f9fae62db71526709']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--67cdee52-5fbb-4ff5-a4f7-58aa082e62ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:13.000Z", "modified": "2019-12-11T09:13:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:43:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f597345e-c457-4b72-a9ec-f65797c4b13b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7090aa4a651779e03dd59527dc2ba2f73a727828d0f5886f9fae62db71526709/analysis/1573893829/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22cd0af1-75b9-4ce5-be74-2c3e3986d72b" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ec8693d-b312-4587-8615-978b369d8d73" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9d72436-9ebf-41ed-ae1e-9029ecc2c48f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "pattern": "[file:hashes.MD5 = 'f59f0bb564f0117c21b55c1371ab40e3' AND file:hashes.SHA1 = '083efbdc8638d79103dd3766f6861b715854b1ae' AND file:hashes.SHA256 = 'a679240bf4af8ef69fabc147e123bacb020ee58a055abe272c0e1e20b36be5ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--24b6e7d5-9323-4686-8c86-98456f98f499", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:24:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9bb7d42f-7ec7-4f68-9f52-d15e21e0aea3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a679240bf4af8ef69fabc147e123bacb020ee58a055abe272c0e1e20b36be5ca/analysis/1574612641/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "710e8b17-bf02-49bb-9a83-d2e25a4bba5c" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e6d3ef35-3b17-4be8-81e5-27e08472ef0d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1c0949f-3fdd-457c-a678-9a40c7ff23a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "pattern": "[file:hashes.MD5 = 'ab13db3296ec29389ca59f30b8e6ffe9' AND file:hashes.SHA1 = '7c7f76b32cfece86b692dacbbf4b0e8681ec0048' AND file:hashes.SHA256 = 'ab7cefe8c033c0d37cb5afa1a15697ce47d2c74d46384e4ca572c4c012230b19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--40fe5ecd-bbf8-44ed-aa75-f300463ff28b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:27:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db6a5148-edd9-4ffe-b600-c35864d4af16" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ab7cefe8c033c0d37cb5afa1a15697ce47d2c74d46384e4ca572c4c012230b19/analysis/1573824448/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc72a446-8c40-44a5-8c8f-e6a276eb31be" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "96ce809e-6c11-43ca-8393-b1196f2d0a8c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92564276-0cea-45f2-aa41-b9e181a9eab0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "pattern": "[file:hashes.MD5 = 'ae46efeeb270ae08a8c98f057018abc1' AND file:hashes.SHA1 = 'cac69aa50df348acd8cd4eb07236f87f4589113d' AND file:hashes.SHA256 = '1c9ee620d0aaba03b3aadbd044e1e266e25085edf5315f573e6e4844ad9aae27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--835be3b9-e8ed-479c-8020-5eec9a3d77ef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:15:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "30a7d422-44d6-473f-88c1-b82c28cbf7ba" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1c9ee620d0aaba03b3aadbd044e1e266e25085edf5315f573e6e4844ad9aae27/analysis/1573985731/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f5fa2eb4-82ef-4227-8ea9-2a29c1fe7b1f" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "97cfdc9d-cfbd-470b-97a5-f6dd273ca3bd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a71a4ca8-5de1-4c88-86a0-682e56066cea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:14.000Z", "modified": "2019-12-11T09:13:14.000Z", "pattern": "[file:hashes.MD5 = 'a2df53a73a1e6f916f1177f93d370341' AND file:hashes.SHA1 = '2a8d87fbb8212109b4a8d2d14c681ab7904c532f' AND file:hashes.SHA256 = '7588964a824a72edfeb379ad77aa2a4f719878c8749910630d5563ba59ef2478']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--803358ce-285c-408b-9e90-c914b7760d9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:15.000Z", "modified": "2019-12-11T09:13:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:16:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4ee2841e-ae7b-4d9e-b2cb-a4acea46abc9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7588964a824a72edfeb379ad77aa2a4f719878c8749910630d5563ba59ef2478/analysis/1573874163/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "45605548-6580-4345-b4d3-0a1d3fe72e91" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c84dadb2-98bb-40c0-a663-ebcbe5f9ec05" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdfadc4f-a9d8-431e-9fc7-9e5b4b98df81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:15.000Z", "modified": "2019-12-11T09:13:15.000Z", "pattern": "[file:hashes.MD5 = '920643f6386a18590a7792854e42c32b' AND file:hashes.SHA1 = '5e6585ca170b16e0d43b8f7a880af9e041b36ebb' AND file:hashes.SHA256 = 'd54a2943b17d93852b875925a279199374e1e9eb78a34d8f1c5eede1b27bd179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--83c5c1d0-4e7f-43a6-9c06-d0ed11674427", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:15.000Z", "modified": "2019-12-11T09:13:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T02:22:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "25fd46a1-05f0-4266-afe8-9c3d159189e3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d54a2943b17d93852b875925a279199374e1e9eb78a34d8f1c5eede1b27bd179/analysis/1573957369/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7679dbfc-0940-4278-91a2-ff40a7a650b7" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ef9b639-0e90-445f-b979-3b3b1da6c37c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66790000-1165-43e7-ae30-76adb333f2b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:15.000Z", "modified": "2019-12-11T09:13:15.000Z", "pattern": "[file:hashes.MD5 = 'd2f8c74609f9d548939e3b4bb5e9927e' AND file:hashes.SHA1 = 'a50b98cba1231231a8c4ec5ffb2076f49cb5a175' AND file:hashes.SHA256 = '6b98f3a7e0c7ed16b5cedbc2017f43d05da15776e7a51b0fcd8a3f01eb785d80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4c6d8003-f746-4b01-af91-6279d3a9e511", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:15.000Z", "modified": "2019-12-11T09:13:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T23:17:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "039d22fd-0ecb-4e06-a560-6d7a967939e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b98f3a7e0c7ed16b5cedbc2017f43d05da15776e7a51b0fcd8a3f01eb785d80/analysis/1573341449/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "76a2b33b-331b-4e1d-8c2b-dd229691ea12" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ecc586a-d94a-49d4-a3ad-572cb3c01edd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e124f8eb-d4d0-47cd-9734-d7b6c627f041", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:16.000Z", "modified": "2019-12-11T09:13:16.000Z", "pattern": "[file:hashes.MD5 = '21f0541e3a01b62d291d720df94deaac' AND file:hashes.SHA1 = '9aa365b2c9e9a80b34ae2bff9d7248a8d283e742' AND file:hashes.SHA256 = 'efff02b0d3d86d0e27d7854f382cb7e4ec25fcbdc50276bb3d181b02750fe2f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e1815cd8-7eac-44a5-b4e7-f10eadf09968", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:47:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cea05ad5-7400-403e-a1a7-ebaed48e4072" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/efff02b0d3d86d0e27d7854f382cb7e4ec25fcbdc50276bb3d181b02750fe2f8/analysis/1573469221/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "42a55e4e-b7c5-4233-a9d8-a585080ef603" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "930a4954-1bab-4b12-a781-b05d482ba47c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6df16b19-c9ad-479f-bb73-98e47933b4b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "pattern": "[file:hashes.MD5 = '724b1e8ce277e389d41b9540cc5bb434' AND file:hashes.SHA1 = 'd9c874ab68b93e19cbf9698f3a762eaf6be55665' AND file:hashes.SHA256 = 'c4cf061f764535f06af80e3a1e8b9bf87617a509cb879dc26278ad9577310c6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--65ed45ea-d8a0-497e-be76-7b65ad16e7ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "746dccb9-5bda-45cd-bd8a-ea9fa8738148" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c4cf061f764535f06af80e3a1e8b9bf87617a509cb879dc26278ad9577310c6c/analysis/1574936813/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cecb6836-bd58-4e84-a395-4feb615a09bd" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c3540de8-20c2-4b72-a74a-68174142cede" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aae2070a-93bb-44d1-b5ca-d7cc8f8c15e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "pattern": "[file:hashes.MD5 = '702780f57a667792efed85a007fa1038' AND file:hashes.SHA1 = 'aadd24a29a946189fa1a966012c232a757bdb459' AND file:hashes.SHA256 = 'b888ddfa1dc6067ff6b46d81c13a46c66c3a55eeb635ccdc29b386bc21d0f66b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5abeb690-e725-4e26-8208-787592f0f1b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c7a9b468-0663-48d8-8b53-da376f60352a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b888ddfa1dc6067ff6b46d81c13a46c66c3a55eeb635ccdc29b386bc21d0f66b/analysis/1573722654/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31d5a1fe-89d4-4457-ba01-4bd3f9347565" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9c52702-03d4-40ac-9980-9d0bcc6f1967" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49eeb9be-1ac5-4343-a6a1-981e07e76921", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "pattern": "[file:hashes.MD5 = '9e551e874d0976195892334b20f8338b' AND file:hashes.SHA1 = '83bee3fc63b7a9327422aaa19d1369253368735a' AND file:hashes.SHA256 = '97e16593378bf75c26944f5a84af8d6364a062bfdf5bd055f2e5d76a0f2b94cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b24a4e92-c146-44ad-93c0-56ddc0bcd972", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:17.000Z", "modified": "2019-12-11T09:13:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:46:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "39e452e2-fc19-4b20-a74f-3107f8721256" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/97e16593378bf75c26944f5a84af8d6364a062bfdf5bd055f2e5d76a0f2b94cb/analysis/1574333196/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "30c5b28b-50c0-4f58-a2f8-b45be0d9ac4d" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4435e508-8ccd-42c6-94b8-6b2c6cf35249" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4d2e885-37a4-4cdb-b556-03fb55ffc38a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:18.000Z", "modified": "2019-12-11T09:13:18.000Z", "pattern": "[file:hashes.MD5 = '7d8821ea25f8794e42e578aebf43b285' AND file:hashes.SHA1 = '014520d36874b7f063fdc7e756b08123f62843fa' AND file:hashes.SHA256 = '568c38c9adb0c2c1ff87043cad3004ab4a537b1c2deccd2766da616867dc634b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7f67077f-37ac-4bcb-b5d0-e39f3200aa4c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:18.000Z", "modified": "2019-12-11T09:13:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:20:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a72b0495-22d2-40ba-b5f7-277e640f029c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/568c38c9adb0c2c1ff87043cad3004ab4a537b1c2deccd2766da616867dc634b/analysis/1574547620/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0ef35c8-ea8c-4705-a77b-d02381958e85" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "77157c7e-fae6-4aa7-8dbb-8cfd7b722399" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf5814e9-d3a7-4a6e-81ac-a4bc952b9598", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:18.000Z", "modified": "2019-12-11T09:13:18.000Z", "pattern": "[file:hashes.MD5 = '948c3f56226b515b13e58ec8d4e37df7' AND file:hashes.SHA1 = 'cea27349a06b75fb53f994d83709e28b8c1e13d8' AND file:hashes.SHA256 = 'f19871a464a805925b8df6749bacf04657f788bfe3fd9f09a9b0f26082b216f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--30e6c4a2-b11f-4ebf-8f73-7c4b88e31fde", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:18.000Z", "modified": "2019-12-11T09:13:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-09T02:20:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e078c6d7-d65e-4401-b699-16a6f8dcebe1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f19871a464a805925b8df6749bacf04657f788bfe3fd9f09a9b0f26082b216f4/analysis/1575858054/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "18736a26-5b49-4119-9944-b0820f82b510" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d95227b-787d-4310-ad4c-a1c070233e00" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--60718162-7fb8-4b61-8e86-d67989c5a68f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:19.000Z", "modified": "2019-12-11T09:13:19.000Z", "pattern": "[file:hashes.MD5 = '2447a1f147d67815b2755d651bb7306e' AND file:hashes.SHA1 = 'b1c1042fefe364772419412379dbb8b348408f9f' AND file:hashes.SHA256 = '3a546325ce2a949223db646115b4fea6a9c596e3b81c529ec3c3b6dd96b17b0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4eb6be7-83c4-423b-a48f-b4441352f138", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:19.000Z", "modified": "2019-12-11T09:13:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:04:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e0a3cb79-f734-4944-9a95-947fa15d5b78" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3a546325ce2a949223db646115b4fea6a9c596e3b81c529ec3c3b6dd96b17b0f/analysis/1574251465/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "52bcec93-8d48-43eb-964f-cdd2192c463a" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "afc7f6fa-3f32-43db-ab18-33feb9f94fcb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e358fe3-3b73-456c-8de6-16ea58413da9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:19.000Z", "modified": "2019-12-11T09:13:19.000Z", "pattern": "[file:hashes.MD5 = '773c92ed379f757df8dec961b5842f71' AND file:hashes.SHA1 = 'e3b2832579acf76532aa21d6dc9a6dcfeaeae954' AND file:hashes.SHA256 = 'e805efb48554e98574bfb9cf2de17610d46b6be0f68d5c0a267e5b3e2ed3264b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--05703f1e-495f-468b-a6fc-270cf1f16f76", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:19.000Z", "modified": "2019-12-11T09:13:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T09:12:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9b1afa34-cf58-42dd-bd6a-7dea7e05903e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e805efb48554e98574bfb9cf2de17610d46b6be0f68d5c0a267e5b3e2ed3264b/analysis/1573981940/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf44f747-1908-4249-b336-723b1dc5b51f" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "16e45b4d-afb7-441d-944d-caa829f700ac" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8e369fb-f4ee-4a34-bb02-3517f677f58b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "pattern": "[file:hashes.MD5 = 'ed31c8d81f39248acd37071a10e7227c' AND file:hashes.SHA1 = 'a69e75739bb82cb5592270ae0487a1e20b81d32b' AND file:hashes.SHA256 = '051e3737e6b617a96ae1c2f74881c1a32296073a6a351230942f1d07c1f8ba4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--40abe2ca-14db-47c3-be79-1cc5cadec350", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T00:24:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "555d3114-bd14-4247-9cfd-71761d82934a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/051e3737e6b617a96ae1c2f74881c1a32296073a6a351230942f1d07c1f8ba4a/analysis/1573518250/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8a5a3d22-f0ed-42b3-97ee-b9fa30a2022a" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0ce86b78-bba7-4a58-9ea0-dd68ed7f3e71" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da8863b2-b371-4638-99d5-dba8ed6b7547", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "pattern": "[file:hashes.MD5 = '3fcc73fefe3ab99c5017df079e6a3759' AND file:hashes.SHA1 = 'df23a8e4e879d757e5a4e725b8dc1bdac74cafd2' AND file:hashes.SHA256 = '4b87e402b89a0ab65ab8bc89c95cbcfe7c08358e43d18cc1b04ebad1823c8e00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d48383bf-a7a8-49f2-a317-458f5135c42f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:06:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6f24130e-deab-45f3-bf6e-2eafe70fa670" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4b87e402b89a0ab65ab8bc89c95cbcfe7c08358e43d18cc1b04ebad1823c8e00/analysis/1573826765/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "35c989d5-afd6-474b-8c63-6e46e277a251" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0372188b-a80d-4c0a-bf7f-0b9acd1aebbd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f5efc3c-a86a-4c53-90d2-f40b9b6e0561", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "pattern": "[file:hashes.MD5 = '7eb1e8b0fbdc3d02ca16db4c6a048e27' AND file:hashes.SHA1 = 'b4ee38b901114dcfa8169020c5a5e715ad531520' AND file:hashes.SHA256 = '8f51e9c67c3eb7abb83b6bcfd35da0d71b256f3f00aaaf2cce8dc06a346158de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b5497f51-98b9-4ab4-b1ba-829ff0a67a2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T09:24:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1533cf3b-9fbf-4ad3-886a-98c9df663501" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8f51e9c67c3eb7abb83b6bcfd35da0d71b256f3f00aaaf2cce8dc06a346158de/analysis/1573205055/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "847fd1a1-294a-40f4-b9ed-e68166400dae" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db27bcb2-f2c9-40aa-91a2-721443b6c10e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7114461-2135-4f55-a0ac-839e7873665f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "pattern": "[file:hashes.MD5 = 'f8f49721f823ce919abba1a19f6e4e45' AND file:hashes.SHA1 = '6b9c50a56a0c4149764a43e7cac061d500523392' AND file:hashes.SHA256 = 'afbf46d05691370ebdeff78aa5eb1aa362b7787fc4c68efa979ae344b9a328f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--22699978-01ec-48a8-8388-6b6bc9793dfa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:20.000Z", "modified": "2019-12-11T09:13:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T01:11:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a95ab5d3-5964-4481-a7d6-1adf15a036b5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/afbf46d05691370ebdeff78aa5eb1aa362b7787fc4c68efa979ae344b9a328f4/analysis/1573434677/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c2f9f48-e318-4849-8421-df0172961bf3" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "331c0dae-76ed-4467-a6f9-8594ec96b31e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87e201f2-9162-440e-a953-12c5daea9c25", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:21.000Z", "modified": "2019-12-11T09:13:21.000Z", "pattern": "[file:hashes.MD5 = '4c1522c58ff80b7c0f51723568e1fd4f' AND file:hashes.SHA1 = '91d2fa395dbeca47033907790def8fd86919dfd8' AND file:hashes.SHA256 = '91c3e558704960cbfc8f2e0a781d3ca3d2adc4ec82a978f6c598bf842d267186']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--204a06dc-125a-4ade-9673-6385e113c794", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:21.000Z", "modified": "2019-12-11T09:13:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T03:24:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "571fc68e-41d0-4aa9-9cfd-ad056f0e5e49" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/91c3e558704960cbfc8f2e0a781d3ca3d2adc4ec82a978f6c598bf842d267186/analysis/1575343492/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "00246860-aa53-4882-9b95-f71cf2749e05" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ac4eb2a1-e90a-4da3-b5a6-a0262e6db7cd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b6a50ab-f744-41c5-a7f7-300cec021f20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:21.000Z", "modified": "2019-12-11T09:13:21.000Z", "pattern": "[file:hashes.MD5 = '2da68528d3ae8f36da95331c43f8db5f' AND file:hashes.SHA1 = '2a19e173f509ffde2429649baed4312a61bcef72' AND file:hashes.SHA256 = '0323579935236a84bddce1f305ab4202cb706e89f910ad18758e118689af546e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c970f396-119c-4222-b0cf-76fd8564f7a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:21.000Z", "modified": "2019-12-11T09:13:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:13:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b183731d-c1a7-44c7-83f5-88b66a4e8b47" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0323579935236a84bddce1f305ab4202cb706e89f910ad18758e118689af546e/analysis/1574547211/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "70ac0a93-38b6-468a-bdc3-087bcff79f3a" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a50e0fd-0af6-4593-a203-00abb35a38eb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d6c1bfd-c5c0-48e2-844d-3fa7b1827af6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:21.000Z", "modified": "2019-12-11T09:13:21.000Z", "pattern": "[file:hashes.MD5 = '6fc5446ba05cc912bbbb927a6b42f401' AND file:hashes.SHA1 = 'a5765bef4a6eb6c44777fc9bd676a42c8245542b' AND file:hashes.SHA256 = '935277a274a40581ca73699a0b61d0bf06800e21e3fb127279a994307aefa9f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f228630c-9773-4179-adff-a48f7cec0f97", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:22.000Z", "modified": "2019-12-11T09:13:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T13:56:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f394011-c8da-44fb-91ab-70c9a3af39c9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/935277a274a40581ca73699a0b61d0bf06800e21e3fb127279a994307aefa9f6/analysis/1573653393/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0b6f762e-6c72-4ceb-9802-bac468e4546e" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0e09389-126a-42df-b3ba-b20efebc5ceb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec79408a-e990-4718-bd7d-75a9f4fdb706", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:22.000Z", "modified": "2019-12-11T09:13:22.000Z", "pattern": "[file:hashes.MD5 = '63183caf63d239c253bc35c6270c6f5d' AND file:hashes.SHA1 = '6ded30783ef9a0472ca567bedbf1307038683ed5' AND file:hashes.SHA256 = '94f064392a539b996c0b823d2c25ba7e0e852907c3925864e82eed9522939269']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b963ea7e-e6ef-40f4-81b8-22568807c1c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:22.000Z", "modified": "2019-12-11T09:13:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T22:22:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "efa4767d-d8d6-410f-971f-82ae769cb8c6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/94f064392a539b996c0b823d2c25ba7e0e852907c3925864e82eed9522939269/analysis/1573510928/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "23526139-3d98-450e-ba2b-4f4b1dcc96b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "84793ad0-665a-45a1-aa44-c028602ce383" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92b2a253-ea2e-40e3-809e-92184164dc01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:22.000Z", "modified": "2019-12-11T09:13:22.000Z", "pattern": "[file:hashes.MD5 = '322149036a4ec0c37ee540db535b4625' AND file:hashes.SHA1 = '13776c068d3af43fbbe950d3e35d09419f154d50' AND file:hashes.SHA256 = '1707ff37285a6c1d552eec29c1a7a4439c7787500a665cf8d34703d65af52788']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6c701979-b232-45ca-a78a-a23622e497e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:22.000Z", "modified": "2019-12-11T09:13:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:37:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "801312b6-7f24-4034-a669-83d878e7b16d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1707ff37285a6c1d552eec29c1a7a4439c7787500a665cf8d34703d65af52788/analysis/1573961871/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "331a33cc-4fd7-452f-9ec3-624788a5cb75" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "045783f9-6cfd-4e56-ab1c-6e320d113b7b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--853405ee-f996-4132-af00-959e61bfe8e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:22.000Z", "modified": "2019-12-11T09:13:22.000Z", "pattern": "[file:hashes.MD5 = '9a9e27c9547085f9322727145d103cfe' AND file:hashes.SHA1 = '689982f7078fe97e32469ca8c49d8f1ed9aa5f82' AND file:hashes.SHA256 = '9d6d21f59f7c7160b5f784da15bed3750cb5b2a5ccd0c736aff71702a7e71e63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b91dbdae-2b3b-401c-ba36-e8a9320fbed3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T04:24:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae5fad2d-b867-40a9-9095-6933abd17d83" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9d6d21f59f7c7160b5f784da15bed3750cb5b2a5ccd0c736aff71702a7e71e63/analysis/1574828662/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "75d957a6-e681-40c4-a5fe-66d61fb4df4a" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1b43580d-f235-48d4-819b-4633e79cb82b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dcda9e06-88e8-4217-a09f-dc647e46e65e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "pattern": "[file:hashes.MD5 = '8d64e858a8f152c11bfcfd09faaeeac2' AND file:hashes.SHA1 = 'a48f19fecc4833b0ed0e5e631a1469a958e0573d' AND file:hashes.SHA256 = '82b1489f223b70fa1ce9da30d6477dd00abd48a274e99f32bcd82d92c2af808f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29edf574-988c-4686-aca5-a01b9f33ba91", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T04:04:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3cdfbe4f-2b38-4901-9c97-3dfa2356c514" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/82b1489f223b70fa1ce9da30d6477dd00abd48a274e99f32bcd82d92c2af808f/analysis/1575518644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "095548e3-63f9-485c-b374-b362b21716d4" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c3445b72-1c06-4675-a22f-ad5184c15edb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dcd28e92-8066-4ff4-b055-191ca78b8486", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "pattern": "[file:hashes.MD5 = 'aef8d852b01be0755f5e5b2aed59f613' AND file:hashes.SHA1 = 'f4ff02606909d80ef18b95b046581cfce450e354' AND file:hashes.SHA256 = '88dcac0d38c3b5deac8490ae8bf4c74f9028d90b72573b299439a0769502acbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--16df8b30-00a9-45c2-8223-6e76ed652385", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T10:29:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f31f13ef-f722-4604-87e9-252292429a3b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/88dcac0d38c3b5deac8490ae8bf4c74f9028d90b72573b299439a0769502acbf/analysis/1574072946/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fe0e70d7-fa99-4d98-bac7-f50b6c47e42c" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eb493615-5721-4b68-b03f-b02bbb8caa95" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f12e532-3625-439b-934f-80a21041e6c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "pattern": "[file:hashes.MD5 = '6504e3d07874753bd3b03c7231cfc500' AND file:hashes.SHA1 = '4f8a039bc61b8659c8d6aec3cd6bd0e40287e9ef' AND file:hashes.SHA256 = '82048f464c16ff7008e7495cc87fea4fcc5cf04d958a12fb1b3dc613fd33efa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c91a948f-cbee-47f6-bb9c-628c67aa0532", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T05:33:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "79e748bd-ab17-4b58-8b36-4e1d3d985c19" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/82048f464c16ff7008e7495cc87fea4fcc5cf04d958a12fb1b3dc613fd33efa4/analysis/1575437627/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7ee1b0cc-b57f-4427-a50d-6a4a1e497fde" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "79034555-f8b6-46e6-abe4-0057e6295f88" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4edc7773-8cef-4ba9-b89a-9a78d66ab684", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:23.000Z", "modified": "2019-12-11T09:13:23.000Z", "pattern": "[file:hashes.MD5 = '5b31712a76193336a11c5da1604295cf' AND file:hashes.SHA1 = 'a67d183da817cb30364653f70aae878a9cfb367c' AND file:hashes.SHA256 = 'ee7aa5f506aea586027a892f3142b0e63a69493356a69f47fdd020ea7e681c65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6829fbe4-2201-46da-a95b-da4a68e290bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:24.000Z", "modified": "2019-12-11T09:13:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T12:24:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02e58b73-f10f-4f13-81e5-0141a47150c9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ee7aa5f506aea586027a892f3142b0e63a69493356a69f47fdd020ea7e681c65/analysis/1573561467/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "783963b4-dcd5-4b0e-b351-013db1212b02" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "96b26779-f4d6-4d73-9103-b1288722b74c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--995a7853-9b67-4488-9db9-f8eb3240c136", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:24.000Z", "modified": "2019-12-11T09:13:24.000Z", "pattern": "[file:hashes.MD5 = 'fe3d4da68299fd0feb27f1d2fe320a79' AND file:hashes.SHA1 = '342197f5a0045e629accaec2f2890925bb0ed999' AND file:hashes.SHA256 = '60c66d7f9bd30008dd2f4549940d46afd9cb84df073892766c8f2c5cbb58ab1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--500e591d-65c4-4d06-8bb9-dd335e43fd56", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:24.000Z", "modified": "2019-12-11T09:13:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "42d78c20-9edc-4d1b-8d0c-acfd75faa86e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/60c66d7f9bd30008dd2f4549940d46afd9cb84df073892766c8f2c5cbb58ab1f/analysis/1574062643/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8274977c-0b05-4a37-aca8-acba3edb438d" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "28d759de-7c16-45bc-9889-186eb857b555" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87be7c75-1120-4806-a175-4343f80793c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:24.000Z", "modified": "2019-12-11T09:13:24.000Z", "pattern": "[file:hashes.MD5 = 'e413f125600f42d199d76a6a8fc3d888' AND file:hashes.SHA1 = 'f9eded4dd8b53458f5029fca1e758bb51ae23afa' AND file:hashes.SHA256 = 'b5bb9daca3aea592d67391824b3765985e10e17bcff43270305a72766a6348eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bbd29299-8016-4ec7-b5d5-b7a13ef57670", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:24.000Z", "modified": "2019-12-11T09:13:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T07:08:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "18ffaa81-1c78-433a-be1a-d88f74f0d939" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b5bb9daca3aea592d67391824b3765985e10e17bcff43270305a72766a6348eb/analysis/1573888133/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f3993906-9a27-4edd-9093-ad398b14e358" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7f7b7785-5023-417d-ad8c-26c4a2121c0d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b39cbaf-c11e-4c8a-8b8c-dc91948a4b2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:24.000Z", "modified": "2019-12-11T09:13:24.000Z", "pattern": "[file:hashes.MD5 = 'b1c6b676a0406c97d155e551757a7718' AND file:hashes.SHA1 = '7d6552f718b7a129820425f8816a74e6b62e1c40' AND file:hashes.SHA256 = 'a29724b0d16f55a8ec4fdfcd5aac29de9ea7165b1e915a266184b8b16e351dff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d599f193-3395-4fa5-9806-26bf4cea5c41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:25.000Z", "modified": "2019-12-11T09:13:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T09:17:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0fa1d09e-3469-417f-a9e7-bd74b6ba8d0c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a29724b0d16f55a8ec4fdfcd5aac29de9ea7165b1e915a266184b8b16e351dff/analysis/1573982278/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0ed7acdb-f3e8-47d7-ba25-b0d2a1261228" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b97673b-6600-485a-a549-7d4088039f74" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bfcdfc7-5c40-445e-b378-46929764eccd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:25.000Z", "modified": "2019-12-11T09:13:25.000Z", "pattern": "[file:hashes.MD5 = '6fa1f4615000e29286e7ae7b4d05609f' AND file:hashes.SHA1 = 'a5df23d36fb303d96e4cb95ba2abbc77e10abf43' AND file:hashes.SHA256 = 'f653d73237175f1ac319de0af0395bf4ffa82c2eeaed813f978cc68ee6e9ac2b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--341d4026-5090-4861-b225-d306d1177ea2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:25.000Z", "modified": "2019-12-11T09:13:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T02:42:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eeae142d-4f3a-4969-ba23-d3975fea954d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f653d73237175f1ac319de0af0395bf4ffa82c2eeaed813f978cc68ee6e9ac2b/analysis/1573267338/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "759c7520-ec37-4929-8792-362f258c8853" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e8cc84d4-ea01-41fd-8089-0b1bc28a0595" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca84aa69-d149-46cf-bfdd-11623cbbc9a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:25.000Z", "modified": "2019-12-11T09:13:25.000Z", "pattern": "[file:hashes.MD5 = '0fa79b6b4a5ac0fced88dd0593a72be8' AND file:hashes.SHA1 = 'aed4f278d2acae6c3306fcda711a654d33addea3' AND file:hashes.SHA256 = 'e1d6dcab11869cb619a173440c998f0957162ca36e2b43f1e2757e11541fad05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c4f6358-07e1-41f6-b1eb-28882358c0a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:25.000Z", "modified": "2019-12-11T09:13:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:37:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cbc8c181-a810-47a7-899f-765e9ae19614" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e1d6dcab11869cb619a173440c998f0957162ca36e2b43f1e2757e11541fad05/analysis/1573897020/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "069e0c6d-1e9b-4db5-ab64-51ef0a7c4a46" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd74b39f-54ae-4f5c-b111-8ccf0402a440" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ffc627d6-146a-4114-9309-4070796ebe8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:25.000Z", "modified": "2019-12-11T09:13:25.000Z", "pattern": "[file:hashes.MD5 = '6b9aec5bfc6f1053522b9999153033c1' AND file:hashes.SHA1 = 'f9a3e68d4e0a4212bf713571d6d5599178602a9e' AND file:hashes.SHA256 = '94d2a8a51f525a51f4b7d3266240e9172c94f8562c695a2f908539cc46666087']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--40f54b0d-7ae1-457b-8c11-454d858024f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:26.000Z", "modified": "2019-12-11T09:13:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T17:06:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b97c8994-13ab-48e3-a76a-83094595047c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/94d2a8a51f525a51f4b7d3266240e9172c94f8562c695a2f908539cc46666087/analysis/1574269599/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "37baf035-89ab-4d8f-a853-2cc674d16a31" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8df5babe-cec7-4b74-9669-27fb6178c088" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc3bffeb-184a-4e00-9879-3bf00bea009f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:26.000Z", "modified": "2019-12-11T09:13:26.000Z", "pattern": "[file:hashes.MD5 = 'f08dc608dd9aeb243ac2504378e25c15' AND file:hashes.SHA1 = 'a07b91af9cc0f27915a51af7b35b286a3621b75d' AND file:hashes.SHA256 = 'ef2a74ce32cdf501f3b83be8f3de48c80535f160ec0830effddfb4f3d3d61ee8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--64672c5f-fe7f-4193-9af6-73aaed39d01a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:28.000Z", "modified": "2019-12-11T09:13:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T19:05:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d0dbd948-fb66-466d-bf49-43591d65d1f1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ef2a74ce32cdf501f3b83be8f3de48c80535f160ec0830effddfb4f3d3d61ee8/analysis/1573153522/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "caf68726-6925-4d1d-ae29-5d3406a54428" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ea74dabc-7547-402d-9c3c-6d105e129bbb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37e3db40-5907-47b5-839f-ec72520222e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:28.000Z", "modified": "2019-12-11T09:13:28.000Z", "pattern": "[file:hashes.MD5 = '0a9690456e1822c684a3ffc7296fdb83' AND file:hashes.SHA1 = 'bc289dd536d2a25d62d7ecd11476c2116c749d12' AND file:hashes.SHA256 = 'aa5825680d7438a8a58f6361cafce56c333f7857e9117c027544008895b5dd31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ff50118b-23b0-42f1-bb98-b3838dcac4b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:28.000Z", "modified": "2019-12-11T09:13:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T12:49:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e0057444-cb91-4132-9f02-753236dd91c6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aa5825680d7438a8a58f6361cafce56c333f7857e9117c027544008895b5dd31/analysis/1575463749/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6a93b32-b0a1-435f-8a42-b79cf7284f9b" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c68a9d5b-2262-447f-97dc-ef054bcaa60d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e1b4cbe-8bbb-4494-a91b-31e2bca2e0ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:28.000Z", "modified": "2019-12-11T09:13:28.000Z", "pattern": "[file:hashes.MD5 = 'ef42e92e59abe7c7b506bf42186f87ee' AND file:hashes.SHA1 = '1b1e4df33a2b770dfffa50384c98e0669cd1139e' AND file:hashes.SHA256 = '54ac5748d75d1963e2c5b753e31044813ba9e116532d73815a862e469879260a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--543e7e9a-349b-4cf9-bdca-8a0e4e3aeb83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:29.000Z", "modified": "2019-12-11T09:13:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-25T01:26:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b891489-6907-414a-87e5-98608ab08889" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/54ac5748d75d1963e2c5b753e31044813ba9e116532d73815a862e469879260a/analysis/1574645174/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "326b04e1-c1c3-4167-876a-84dd69268225" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5906bdc5-f1df-4e1e-83b6-d453d38b1ce0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1544ebb-6bed-4e66-a981-54b89d137019", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:29.000Z", "modified": "2019-12-11T09:13:29.000Z", "pattern": "[file:hashes.MD5 = '8c4f85600e35e3ddfdbbf80123e85de0' AND file:hashes.SHA1 = '8fd1719aae32fee90579b1d16a42380294d5db66' AND file:hashes.SHA256 = 'a9db489b00bc4306cfc3e85a66746229b5669e2134840c3005feda5c554f6c87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b4b1cc7a-2025-47f4-896c-4994f9415843", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:29.000Z", "modified": "2019-12-11T09:13:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T01:31:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b369b2a7-a3a4-4d2d-8831-9a7c610aef2b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a9db489b00bc4306cfc3e85a66746229b5669e2134840c3005feda5c554f6c87/analysis/1573522317/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ecbe7343-a65f-43fd-8014-46850f4dcb89" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "816f97d1-e326-4507-9dca-85297fb0f2ae" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66d3ebff-87c0-4e11-8e47-3b1728bd0a30", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:29.000Z", "modified": "2019-12-11T09:13:29.000Z", "pattern": "[file:hashes.MD5 = 'de292ebe67a291ecbce7c98ea3a83186' AND file:hashes.SHA1 = '89d1d941f92c046330d77baecdcfe6d2c74707cd' AND file:hashes.SHA256 = 'd2e1649eb93dc513bd8285f44f2631cdb7a8282acb626dc7873b6f536f10fec8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8770a5ba-82b8-43bb-bc0a-90265aadfad9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:30.000Z", "modified": "2019-12-11T09:13:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T14:13:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bc8bd9f8-924c-41d7-bbef-d0543b6511c7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d2e1649eb93dc513bd8285f44f2631cdb7a8282acb626dc7873b6f536f10fec8/analysis/1573913595/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f2f47d89-ca0e-4b7d-950c-0e5d2f392317" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "af4ceb22-398e-49f3-bf72-cad289a987bd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--347e854e-079b-4802-897e-d55cac01354c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:30.000Z", "modified": "2019-12-11T09:13:30.000Z", "pattern": "[file:hashes.MD5 = '8f6f3993750929c6e478d0681f10a936' AND file:hashes.SHA1 = '1a31402563caf0be736de2e36190baec14743fbf' AND file:hashes.SHA256 = '3ad66d92af7445f4dc1b339299f95c7e08372bf8b1b5055fc9f48f07481552c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ab50559b-977c-4921-85d3-be33babde326", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:30.000Z", "modified": "2019-12-11T09:13:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:47:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc561622-dd46-43bc-8d49-b81c51c0c014" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3ad66d92af7445f4dc1b339299f95c7e08372bf8b1b5055fc9f48f07481552c3/analysis/1574333270/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4bae128-0462-4a4b-8ed9-d4d276e45d7a" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "539b03ae-6ed0-42c9-8414-1cbe0e1512e7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6742f631-878e-41a4-89b4-15eb2ee3ba79", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:31.000Z", "modified": "2019-12-11T09:13:31.000Z", "pattern": "[file:hashes.MD5 = '22a9b2980ae055381a351964359cd1d1' AND file:hashes.SHA1 = '501145f0c2665600fd640ea6f6ec7677e340b766' AND file:hashes.SHA256 = 'd902651a98c1f0d139bb18d2eff730e2b06af7b5813c3d170475a284cb25b04b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1aec21d9-7e0d-4052-8d93-c9c7a1ca1b00", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:31.000Z", "modified": "2019-12-11T09:13:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T14:30:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3d8f0def-e124-4d38-bcd7-9d5bd80668cf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d902651a98c1f0d139bb18d2eff730e2b06af7b5813c3d170475a284cb25b04b/analysis/1574778610/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3ebee241-374a-4a7d-a46e-9a527aef2438" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "682a5d33-fc56-41ac-a71c-8b44ac39a7d9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0802a423-f23f-44a7-8a82-ca2642f437fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:31.000Z", "modified": "2019-12-11T09:13:31.000Z", "pattern": "[file:hashes.MD5 = '47e5216a3402cc6217f8528e9d3ae42b' AND file:hashes.SHA1 = 'd153f4748d53273ba2187281404b5b6d29e87c68' AND file:hashes.SHA256 = '2b27cf8d46e3dc99cfa4b0381f7e2489b203b4c079bdce5c107629c7957456a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fad90066-9bb1-47d6-bb1b-7a77784f2739", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:31.000Z", "modified": "2019-12-11T09:13:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:52:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ce89fb6-2035-4e39-9700-50290105afd9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2b27cf8d46e3dc99cfa4b0381f7e2489b203b4c079bdce5c107629c7957456a4/analysis/1574545947/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "395c48c3-5fc8-4252-85d1-229452d05b65" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "80a11012-e75f-4688-834b-64c12d924118" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0f22fd8-caa5-44c6-aaf1-fa5814db7c29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:31.000Z", "modified": "2019-12-11T09:13:31.000Z", "pattern": "[file:hashes.MD5 = 'eb5836a6388cb6960feed5bd5307b84d' AND file:hashes.SHA1 = '081b900768b78dcb06401db55164ff470b1906ba' AND file:hashes.SHA256 = 'a3eaf8b097433b8b607bbcb8f7bb4e435431c6ff825dca3e6541c2dbb88514cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fced3284-f0bc-4407-8b21-e26732cbae88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:32.000Z", "modified": "2019-12-11T09:13:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T02:36:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3ded1bc7-2a3c-4fab-bc46-b5a0c2a4d5cb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a3eaf8b097433b8b607bbcb8f7bb4e435431c6ff825dca3e6541c2dbb88514cf/analysis/1574995000/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e7ca06ee-b563-4a27-b430-aa5187d4e919" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "771db83d-8177-4554-9ec0-e4d339dcc63c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f750cbf2-ce34-454f-98f4-f6fdde8fbec3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:32.000Z", "modified": "2019-12-11T09:13:32.000Z", "pattern": "[file:hashes.MD5 = 'f2570a9bb7f0cc312ff52252e71f782f' AND file:hashes.SHA1 = '350b29baaac2fbe5d82880d52fbf4419809023a4' AND file:hashes.SHA256 = 'c2758f27013aa2fd4cd57d3fa6aae6c61c43cac869f7622de24c0910165c6805']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--06cc4d37-a03c-4523-bfca-3b62b5ac3618", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:32.000Z", "modified": "2019-12-11T09:13:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T04:56:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0fc49caa-e122-42e0-b62c-61e9be19878b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c2758f27013aa2fd4cd57d3fa6aae6c61c43cac869f7622de24c0910165c6805/analysis/1574830611/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd34b66b-506e-4c7f-a79e-cdb41ec42b7f" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "51c7b16a-3204-4c80-afda-5f24bd06d955" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f27ffa02-ca85-4ffc-9d0a-d8f10ee9f08f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:32.000Z", "modified": "2019-12-11T09:13:32.000Z", "pattern": "[file:hashes.MD5 = 'b6525cede0225a68e659ce3673b6e38f' AND file:hashes.SHA1 = '5bed98c1de776d76fcc7a3806e6ebcf1cebbb339' AND file:hashes.SHA256 = 'c1258f15e48eb097453ca8bfb959e887d98d128759070034665d95314bef1cc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4b509471-e9a1-4881-95a4-aef78539177b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:32.000Z", "modified": "2019-12-11T09:13:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:56:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c29b3f8c-1afc-48de-a2e4-9f64a0ecc29d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c1258f15e48eb097453ca8bfb959e887d98d128759070034665d95314bef1cc4/analysis/1574333786/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a0b41ec6-61cb-4025-816c-a62a492276fc" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa466db5-3757-4b30-bf92-de0f44c68614" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7397a20-e912-4960-a191-ecfec70aff18", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:33.000Z", "modified": "2019-12-11T09:13:33.000Z", "pattern": "[file:hashes.MD5 = 'ec36c119d3d35998e4f6102234a665b5' AND file:hashes.SHA1 = 'a93538a9f01f9b68775e77cd64e7f97cb39a435d' AND file:hashes.SHA256 = '387d4ee7df6dd6fe6321789aaaaf2c9752b2d07b001d13b446c559b73902b633']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--556043f5-281e-4848-91a2-9aa85e3a8c1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:33.000Z", "modified": "2019-12-11T09:13:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T08:25:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "32cd02e5-2391-487a-9c14-55537bed60bf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/387d4ee7df6dd6fe6321789aaaaf2c9752b2d07b001d13b446c559b73902b633/analysis/1575015958/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6724a980-a534-424e-b1b7-7233dd8afd18" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93223a70-c188-4b4d-85cb-da674e5c0cc9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc4dd3f6-2b8d-4b7a-b668-05be37166b6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:33.000Z", "modified": "2019-12-11T09:13:33.000Z", "pattern": "[file:hashes.MD5 = '30be1fd8c68b962f1852297df098f90b' AND file:hashes.SHA1 = '8f92b7d26a06cb351abf56cf9db56f084f188578' AND file:hashes.SHA256 = '4d758688de62b69c69b98dcaebae6e98dce463b4eb0f62591cd2df371ad54535']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--91742e2d-4b6c-4a6a-8572-1a33f5b66383", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:33.000Z", "modified": "2019-12-11T09:13:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:23:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "454e592d-2de0-4699-b8b5-9604deb82f7d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d758688de62b69c69b98dcaebae6e98dce463b4eb0f62591cd2df371ad54535/analysis/1574612621/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db2ccd5d-4c46-4b66-911d-1fe82acbbdd1" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f1cb739f-8ab6-4019-9c4f-96e8d0a029df" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d635259-0a09-4cb9-9288-79215da8904c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:33.000Z", "modified": "2019-12-11T09:13:33.000Z", "pattern": "[file:hashes.MD5 = 'bf361b5fd29ba4cb755698a7ba012c58' AND file:hashes.SHA1 = '706851038b977e714b85824464d64d8045128330' AND file:hashes.SHA256 = '20826d7e9b4bd1e27ce9d055aec859720dfc89dfc3ea640c680dea6c9cd5588e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c9e45bc9-c121-4773-8fa2-98776492baa5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T14:00:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4519e084-0b93-4416-bf5d-9edcd7833921" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/20826d7e9b4bd1e27ce9d055aec859720dfc89dfc3ea640c680dea6c9cd5588e/analysis/1573653657/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "77a97096-67c4-45a5-9f29-42f13fe916d3" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "76fdcf62-295d-41d5-b4af-de0f80675ff0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbba8bfe-e2b5-4c49-9566-d663036dbfe5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "pattern": "[file:hashes.MD5 = '92cc62616b249141da6c7e7482747a0a' AND file:hashes.SHA1 = '14d27b2cea611b3b613d3ccdf176b9d21f7733c7' AND file:hashes.SHA256 = '885ee30a74554d4d5009337cabf839fe5c4ea16d5a4e4a799e1041ebd709f243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--511b7be9-e361-4374-b0ea-3f7e8fbd80c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:26:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "774be4c0-a84b-4243-86d1-40e8d0fcfe8c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/885ee30a74554d4d5009337cabf839fe5c4ea16d5a4e4a799e1041ebd709f243/analysis/1575177975/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3bca40a9-f42d-4b61-9580-a156ba2a51ce" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6287e33-9d79-4bc8-b9cf-6a1ce72781af" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--390023c7-060e-4856-bee5-0e1e817eaeb3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "pattern": "[file:hashes.MD5 = '7df2077f3a8ded0dbd2c1980aeb50f8f' AND file:hashes.SHA1 = '924e4760c05b2a7b22cde41f6a3ba353be201144' AND file:hashes.SHA256 = '2bf45addcc29bc985a90492f5364af1ff8386de6d0de1dc10d432fa6fd7a2829']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dcf3ddf3-be51-4573-9d8f-22ff6e475120", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:47:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8f85330e-4a58-44b6-b885-afeb0fbc7f7f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2bf45addcc29bc985a90492f5364af1ff8386de6d0de1dc10d432fa6fd7a2829/analysis/1574776039/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7490323c-b0b6-4bdb-a93d-d0688aa013e5" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "905f15a2-222c-4795-b98a-76d5b718725a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf030cc3-9f11-41be-a3d5-5bb43972f2d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "pattern": "[file:hashes.MD5 = '1fab15db11ee352bed487c6390c6036c' AND file:hashes.SHA1 = 'e70e3ae3fbf94b88f5e16f12784ecb8956035188' AND file:hashes.SHA256 = '1765ebda60085d53187e136384a6badff0a6041b6ee4761ced2f11e20b060802']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--28f8ef49-f459-47d8-844a-3ca98d72d604", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8db1dc68-7c15-439d-b53b-d12c25ffea55" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1765ebda60085d53187e136384a6badff0a6041b6ee4761ced2f11e20b060802/analysis/1573722650/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4e30125-f637-48ba-81fb-763c7d55a1b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4843a4b2-28ab-4dae-ad87-50b0037a2ae9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49ea3782-8d97-443b-b549-362ff8d11df8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:34.000Z", "modified": "2019-12-11T09:13:34.000Z", "pattern": "[file:hashes.MD5 = 'd1ac6bfe49ffd27a0f1ad1196152672b' AND file:hashes.SHA1 = '33a10c48420da9ce7537f37a72d6a2a7bbb14c17' AND file:hashes.SHA256 = '1a52d43768e4c1b16d7aebfcbbe52b23ea082ed91cf7afc01219b9a739e82df2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29f28d31-ab8e-4eb8-bc0a-0bbcf7e9e078", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:35.000Z", "modified": "2019-12-11T09:13:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:55:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "364915c1-55a9-440c-b580-1dd214d93aed" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1a52d43768e4c1b16d7aebfcbbe52b23ea082ed91cf7afc01219b9a739e82df2/analysis/1573894535/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "01a07caa-611b-4d43-a81f-ea9646cd1fb3" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/64", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ed00684a-e6b9-4fdd-a4b6-2c0282f454b3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd08e4b1-817b-46f6-b5b6-cef63cbd0916", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:35.000Z", "modified": "2019-12-11T09:13:35.000Z", "pattern": "[file:hashes.MD5 = 'c148db8d5cb3b6353d7b7855682ff4a8' AND file:hashes.SHA1 = '58d05c668aeaf5c74423cf6adb75f13afbfa3f9e' AND file:hashes.SHA256 = 'd3e28102b217faa33b3c16ed5d3ef631eb423955492b61067df4862515df8b7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--44ff5482-47d1-49fe-8d7a-756fffe06448", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:35.000Z", "modified": "2019-12-11T09:13:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:06:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5df2c6fc-8421-4d16-935a-7256a749d005" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d3e28102b217faa33b3c16ed5d3ef631eb423955492b61067df4862515df8b7d/analysis/1573985214/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e285c1ad-2071-4663-b9b9-c40c06d89d0c" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3802c28f-f409-473e-84ea-4835d6349fef" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f59c0559-e449-49d5-b744-2ca87005ed03", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:35.000Z", "modified": "2019-12-11T09:13:35.000Z", "pattern": "[file:hashes.MD5 = '374a7fa7c7b1d66afb28d4ae6803172e' AND file:hashes.SHA1 = '2a2462d7dfc7abf3b366f1452bf9c2613be7c247' AND file:hashes.SHA256 = '173e1f595031f1a862d18cb31e4fa49ad74ea93eeaec8a0dd830d5e59fa13a66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8abbde30-d6a7-4f02-b021-3f759b76aaa3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:35.000Z", "modified": "2019-12-11T09:13:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:54:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "08291871-f531-4f0b-8483-8526e68eb75c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/173e1f595031f1a862d18cb31e4fa49ad74ea93eeaec8a0dd830d5e59fa13a66/analysis/1574250855/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "065b8470-5573-4d57-823b-12bb7ae22140" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3df4f6fe-187f-4713-bb65-69e9cd41fe38" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--433edd6f-8b51-4930-a303-ef7182bdd062", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:35.000Z", "modified": "2019-12-11T09:13:35.000Z", "pattern": "[file:hashes.MD5 = 'c94ba260c69b54812abfbeca9eb9559b' AND file:hashes.SHA1 = '6a4c543c3a062bdec346c557797403ac2b09021a' AND file:hashes.SHA256 = '67d6299bf2670476be5dddff75af12aa5151f94f7544334dba5ce5bbe8598f35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a1af993d-3e48-4c1f-b0e2-a7662fbc2561", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:36.000Z", "modified": "2019-12-11T09:13:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T13:49:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c9257fd-12dd-497d-91fb-c5d8ca99a507" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/67d6299bf2670476be5dddff75af12aa5151f94f7544334dba5ce5bbe8598f35/analysis/1572961763/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ca384a68-f40f-4bb4-84f0-8567460d7af0" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b36a126-855e-40bf-817a-6d407ff5966d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4358cca-2e7d-4887-b45a-95aafe27e443", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:36.000Z", "modified": "2019-12-11T09:13:36.000Z", "pattern": "[file:hashes.MD5 = 'b6a49405897515f965eb8e597db9f1cf' AND file:hashes.SHA1 = '4c94b19a780d51f1574e70cce5135b25ae30de6e' AND file:hashes.SHA256 = 'e64c25696f03af4f410cd66ba85fd2ddb951d224bd98cd5a1e29f171cd3c3730']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9c81e46c-d140-4e77-9114-25e385fd3439", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:36.000Z", "modified": "2019-12-11T09:13:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "892fef66-0bdb-4fcb-95ba-b17e0f4d01b2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e64c25696f03af4f410cd66ba85fd2ddb951d224bd98cd5a1e29f171cd3c3730/analysis/1573722646/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cd40ac13-20b3-4a0c-a4d8-c74f97b15cf8" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "454d9db6-0f9f-4988-acfb-377dc72a0f38" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e51053e7-eac0-4122-b4a1-4fb362590a52", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:36.000Z", "modified": "2019-12-11T09:13:36.000Z", "pattern": "[file:hashes.MD5 = '13464b6e71f1530afa0488127a332159' AND file:hashes.SHA1 = '84c17c95e27ddec6a258fd65b2842706aba499f2' AND file:hashes.SHA256 = 'e375336fb2bb058946e20c09411545ce280ef5dc6b390df3a480145789c4b119']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--253c787f-cccb-4b0b-8a9e-ac9986485b34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:36.000Z", "modified": "2019-12-11T09:13:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T12:17:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bdb6f8de-bf6f-4bb7-94e7-fd34fdb082ed" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e375336fb2bb058946e20c09411545ce280ef5dc6b390df3a480145789c4b119/analysis/1574425022/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0832eff-3c68-4e07-ae46-777eb78fc482" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be0297a7-a68d-4109-8038-999c67a8d6e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9b31733-b0b6-487a-9c37-e4ee40bae3a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:37.000Z", "modified": "2019-12-11T09:13:37.000Z", "pattern": "[file:hashes.MD5 = '4b76fe9ba8b84a36dfd3a3706ff6ef82' AND file:hashes.SHA1 = '49ffd828306b2f0c22ddf04cf86e2bfccd85fa78' AND file:hashes.SHA256 = 'bdf0e2f23087864019f07a05a071efc3d0d5a6d8932adfcd7102ec9646d9f433']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c965737b-60b6-4b4f-aee7-83508d341199", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:38.000Z", "modified": "2019-12-11T09:13:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T16:01:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c812c4aa-81a9-477e-9951-fd6b3ad26cbc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bdf0e2f23087864019f07a05a071efc3d0d5a6d8932adfcd7102ec9646d9f433/analysis/1572883288/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9f704b34-5202-4d29-a30c-6006033243d8" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27bf97d6-914e-4c98-b229-279153f4ae0d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73413171-74ab-4bc5-809a-b48278e48791", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:39.000Z", "modified": "2019-12-11T09:13:39.000Z", "pattern": "[file:hashes.MD5 = 'b5df1d3346b3f7d0d69b11bf3bf74200' AND file:hashes.SHA1 = 'b2dd1833e94c38c5eef5b64c2ef98ed41bd0154c' AND file:hashes.SHA256 = 'a9207aed06e769610fc9ea357bae1e1462c180d10c1cb05e49db1f499d48592c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--89d6b195-c0bc-44eb-b981-fa928e93c985", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:39.000Z", "modified": "2019-12-11T09:13:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-07T11:07:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b69adbad-afd4-4d5e-84bf-e58241aa17b8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a9207aed06e769610fc9ea357bae1e1462c180d10c1cb05e49db1f499d48592c/analysis/1575716878/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd4743be-51bf-4c6c-9d35-824c80960cb1" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4f4a3ff-812d-4c8b-9ecb-b4c84788cc0a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--833cf2de-3176-4bef-bfc5-e1957f91f345", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:39.000Z", "modified": "2019-12-11T09:13:39.000Z", "pattern": "[file:hashes.MD5 = '8ff4a7a498a4676022cc382841f7d542' AND file:hashes.SHA1 = '90cedafe7d393218bbb2faa05c407bddec895af3' AND file:hashes.SHA256 = 'a841bdaf836ef681193d2affef3c586ed5f98589e470da5f3b4ffb2e98a292b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bffca5a3-f581-4bfb-b887-0fa4ab93529d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:39.000Z", "modified": "2019-12-11T09:13:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:29:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce642dc6-de9d-4afa-9087-a181061c3c77" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a841bdaf836ef681193d2affef3c586ed5f98589e470da5f3b4ffb2e98a292b9/analysis/1574774964/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31e6b744-47da-4c4f-a156-b551c588c4ad" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ee589b2-b0bf-4da7-bf90-dbcc24e5211f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ff168f6-cabc-4940-ac70-b6721693196d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:39.000Z", "modified": "2019-12-11T09:13:39.000Z", "pattern": "[file:hashes.MD5 = 'bdda2829c77c7929726e8f6f91a70409' AND file:hashes.SHA1 = 'ef3cce2a61b74df5a03d1848cc09e3c9c0744e99' AND file:hashes.SHA256 = '5ab0950fef12f8ffc21e6484750821405dc522e9b8c48ae49d9372904cd0be80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dd6819bb-f333-4dc4-8444-46017b82edeb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:40.000Z", "modified": "2019-12-11T09:13:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T05:37:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e8dfdb6-3355-46f9-a7ee-e51f2028a529" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5ab0950fef12f8ffc21e6484750821405dc522e9b8c48ae49d9372904cd0be80/analysis/1573537059/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "880ee2aa-8988-4ece-8ca3-2be2efaa1c36" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "190d7c62-58ba-4ae4-afa5-5ead43f02984" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b58ce546-ad9b-4543-9cac-c40fed7ad12c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:52.000Z", "modified": "2019-12-11T09:13:52.000Z", "pattern": "[file:hashes.MD5 = 'a40eb2b9549f63259d7a331c8959d45a' AND file:hashes.SHA1 = '9c001f6f9aaa41d3f6ecd6dc8888bbb6d1800710' AND file:hashes.SHA256 = 'adf0001edca850a68fc0a04e1635cc3d4849cb9662197b2ed689a11b1a0843bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6b6be089-fb35-4a02-add1-6879c84503b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:52.000Z", "modified": "2019-12-11T09:13:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:50:34", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e2684f51-e622-428f-ba19-4803509a421e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/adf0001edca850a68fc0a04e1635cc3d4849cb9662197b2ed689a11b1a0843bb/analysis/1574250634/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2e9866f-8b41-4a3d-97cc-fe6c172793ea" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71c9171f-97f2-4659-8846-8f82fd352cee" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68ab1dc1-97d7-4324-a850-c61b41914184", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:52.000Z", "modified": "2019-12-11T09:13:52.000Z", "pattern": "[file:hashes.MD5 = '4e7f0bb9073f7ae76d01a0559324300b' AND file:hashes.SHA1 = '1910b13aa1543d95a0b34c7fc105d3ef38bc916d' AND file:hashes.SHA256 = '2c579f40cb18b3b9a207ca0598b5cb88aadbcf6c892bae840fb6c8098b011075']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0d7f48a7-9d64-4d2c-93f9-7783f3c712c2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:52.000Z", "modified": "2019-12-11T09:13:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:15:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e1dbee9-aad2-4525-8537-83074facff1c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2c579f40cb18b3b9a207ca0598b5cb88aadbcf6c892bae840fb6c8098b011075/analysis/1573985745/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d4e610f-8dcf-4830-a86b-c7228ab34803" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88e453ec-ed64-4474-8de6-336a67e31e8f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02f546b6-230b-46bd-9dd1-1f0796744045", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:53.000Z", "modified": "2019-12-11T09:13:53.000Z", "pattern": "[file:hashes.MD5 = 'd28ef803a83f4bb6d5154ca41d9f282c' AND file:hashes.SHA1 = '3fe2b693e9dc9a837e8f5d8cf7b8a8c7582c0baf' AND file:hashes.SHA256 = 'dd970118732e36438b0af85413668925c73f2fe7983bc085b0cdeab3582f271e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c32e1e82-252e-420f-94d0-c018ff0ffaa2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:53.000Z", "modified": "2019-12-11T09:13:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T18:55:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb3d81c3-22ea-4e65-9b06-5968ecce9b60" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dd970118732e36438b0af85413668925c73f2fe7983bc085b0cdeab3582f271e/analysis/1575053722/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c5f1fef-0adb-48f3-b810-cc7edc4b4034" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "43c1c4ca-62f9-47d8-b146-e36bd93d6995" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--865a96d7-07a2-4448-b542-395de055c747", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:53.000Z", "modified": "2019-12-11T09:13:53.000Z", "pattern": "[file:hashes.MD5 = '8b5600b80508d1a9851a0e2a6260338f' AND file:hashes.SHA1 = '600f180fb7b76bc192f8140b529243f7deeaef83' AND file:hashes.SHA256 = '758360f2c03ae4e1a19238c748a2e0e72cd7466a9caf387e5f1839ab3daf3d57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3b97f4eb-85ff-4981-b88a-62c62ca0e62b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:44:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6d6d811f-fc96-4346-ad69-4b65e6454f6e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/758360f2c03ae4e1a19238c748a2e0e72cd7466a9caf387e5f1839ab3daf3d57/analysis/1573893848/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2838465a-625d-42de-a90e-313d53433bf2" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e8cf3d89-88e0-4ccf-8974-5086295df6b9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02eeba7f-705a-4125-88fa-8e4923d5a61f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "pattern": "[file:hashes.MD5 = 'b6dc15121a1c3643136c950da719d7c4' AND file:hashes.SHA1 = '48bd9ee710ed022d3f240228ad54679986742324' AND file:hashes.SHA256 = 'e0c1209a7ea3ca2f78b0c9e33b25a074491ca7cd4208b84d8e1908db76da8d77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--18c7fd1f-7ed4-4efc-b3cd-70fdb06189d8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:45:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "83c0dd49-af6b-401a-b754-5416258a6e52" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e0c1209a7ea3ca2f78b0c9e33b25a074491ca7cd4208b84d8e1908db76da8d77/analysis/1574333126/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7355ab72-b99c-4160-98af-5e12144862b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "45f3e1f8-eefa-436d-9ce1-73c11eb8da65" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e2c30a2a-c656-4741-9d56-e361a22c15da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "pattern": "[file:hashes.MD5 = '68e66f62f2e4b0956a030fc7741b2316' AND file:hashes.SHA1 = 'db87f203cb20bde46390d8027a47de81e260c25c' AND file:hashes.SHA256 = '8fe9321b5a511874984558d77aef49e79bd297d6a6b8c40186260bcbbdc8ee30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--179036f5-708c-48d8-8712-c87f2f35ce2d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T13:27:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b12f5349-a112-41c5-bb0e-d161f78801ec" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8fe9321b5a511874984558d77aef49e79bd297d6a6b8c40186260bcbbdc8ee30/analysis/1574083669/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ebc62f9-7ef0-4172-9924-98053c40d072" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "afdf4cf4-80ba-4faf-a735-dfbd27cff5ef" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e5bcca4-e030-410e-9c95-ef622e38167c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "pattern": "[file:hashes.MD5 = 'a0f431bd78e3fc2fade8f98dc72ffe02' AND file:hashes.SHA1 = 'aa6cc7082f3930672fc8c9e35ba644081a329b25' AND file:hashes.SHA256 = '16931d251d5a0eec6f7d5f9440836ed897092905d9b4fcf92188773cb292a586']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--57fe645b-611b-4634-aaf5-9736d2f7512f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:54.000Z", "modified": "2019-12-11T09:13:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T09:28:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d1ad1179-f19a-42ce-8fd6-bc85350ff689" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/16931d251d5a0eec6f7d5f9440836ed897092905d9b4fcf92188773cb292a586/analysis/1573637283/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eb1fb359-f1ec-4706-bd92-343f5ab95da1" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7e064a7a-faf7-4438-aac0-89b8ed029afd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef9ea3c0-0b45-4e2c-88d3-b0c4afa71389", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:55.000Z", "modified": "2019-12-11T09:13:55.000Z", "pattern": "[file:hashes.MD5 = 'b63a7751886fdf655459a79fddfa20ba' AND file:hashes.SHA1 = '180e39d5253ab1a141fd1b0eb5d15ea829c1ca78' AND file:hashes.SHA256 = 'c904c857a88d375b1d7647230fad0cbb4cc8e173ff5f874faa6e4daf3ebaca01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--285921ca-386a-4821-bcdf-1ca48d14ab28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:55.000Z", "modified": "2019-12-11T09:13:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:00:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3ec20278-6f2e-4d13-817d-7e0a2ac16bee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c904c857a88d375b1d7647230fad0cbb4cc8e173ff5f874faa6e4daf3ebaca01/analysis/1574546408/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "56da829c-55a2-49c6-9396-ff087a40eae4" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e67ef725-2e09-43c5-bd79-94a127a83891" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f632ffbb-fe0f-4b7d-a6bd-9aba0218708d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:55.000Z", "modified": "2019-12-11T09:13:55.000Z", "pattern": "[file:hashes.MD5 = '1351709ace33253531bd0283ddb5f076' AND file:hashes.SHA1 = '0e72d098c6d62b831ea4f1762c793269a2f59c49' AND file:hashes.SHA256 = '2e91ec0a6c189ad8def886d10a30c668fb8e0817f804875b5b30fba17fafbbff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7359d420-7e56-4c90-bd7a-97f8c96c3fc7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:55.000Z", "modified": "2019-12-11T09:13:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T17:36:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c2408af-4fd1-4987-a4e7-58cd3353425a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2e91ec0a6c189ad8def886d10a30c668fb8e0817f804875b5b30fba17fafbbff/analysis/1573666584/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cfcd50ad-dee4-4890-b6ac-4a95977ee834" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dac63bfe-5b31-4ed9-9486-88ccf952f2e4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52e1b715-63da-4894-9e90-a1ababb25d07", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:55.000Z", "modified": "2019-12-11T09:13:55.000Z", "pattern": "[file:hashes.MD5 = 'aa8445a39e49106408c83c87f14d9136' AND file:hashes.SHA1 = 'ba8ac38d67eeda153059f9430de8952841fae55f' AND file:hashes.SHA256 = '792afe6ffd358114c28e78aa2a93ef26b1e482cdcc7452cd9dc717282d867a7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8910927f-2b82-4e20-9142-364070f878da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:55.000Z", "modified": "2019-12-11T09:13:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-11T01:39:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2bcb8659-04eb-40d2-b74b-b779d5a36155" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/792afe6ffd358114c28e78aa2a93ef26b1e482cdcc7452cd9dc717282d867a7c/analysis/1576028384/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "423aabcf-97a4-43af-b0de-432e5d4fbb50" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d7d38224-a80a-4566-bb45-61c394fc70f5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe89bbd5-e34f-49b3-8b68-ce51d82a0552", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:56.000Z", "modified": "2019-12-11T09:13:56.000Z", "pattern": "[file:hashes.MD5 = 'd0f38f75f867b0e8ca1dd11c5bd99315' AND file:hashes.SHA1 = '248b65ac7e736daabfea6d2a8790dc305902c6c7' AND file:hashes.SHA256 = '8cbe01bb083603ccd65892664cc93caa09ba65515337f1ec69ef28c818c6afbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f9b41a2c-03bb-4fb6-b971-36b49f7dee14", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:56.000Z", "modified": "2019-12-11T09:13:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T03:43:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06a5c9be-55ef-4519-9b30-712804b3055a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8cbe01bb083603ccd65892664cc93caa09ba65515337f1ec69ef28c818c6afbf/analysis/1575171831/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b3e2f453-7a62-42b2-b772-813b378b2a36" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2bd17de2-1be3-44a4-827f-aac345fe2ad2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--058bacec-120c-47b3-a012-988377948f34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:56.000Z", "modified": "2019-12-11T09:13:56.000Z", "pattern": "[file:hashes.MD5 = '07275d608db87f8f9abf23f87c40d398' AND file:hashes.SHA1 = 'd747ff202788775037eb4d789fcf86f9b8e24aef' AND file:hashes.SHA256 = 'b7ccab9717b1469e44bdd4682dfbb66706a067deee8f841cecf77e598a69062f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--36fac7a7-808b-46f8-95d6-b637bbe18361", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:56.000Z", "modified": "2019-12-11T09:13:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:25:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "67a48a87-50bd-4b2a-9aa2-90acf0fbcb9f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b7ccab9717b1469e44bdd4682dfbb66706a067deee8f841cecf77e598a69062f/analysis/1574335526/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c254867b-84bb-4cda-b37c-59a054f11af7" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b2efd310-34ea-47b5-9838-88866e8e9f60" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34c7f1cf-9c69-4a94-8048-eac6dbfa2fdf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:56.000Z", "modified": "2019-12-11T09:13:56.000Z", "pattern": "[file:hashes.MD5 = 'c006471785008d9616a3518a25128ab9' AND file:hashes.SHA1 = '529449de5616c55e1421e5cd2aaf5b3e2c5c8b87' AND file:hashes.SHA256 = 'a34cf6ad6f2360d699f96d8b825f6d99469f3a922586e7492f2f5fca982cd9f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a0c68808-b067-426b-8c86-bb17f86624d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:57.000Z", "modified": "2019-12-11T09:13:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T16:47:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3e452cb-d89f-4de5-8a69-5097bd73d30e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a34cf6ad6f2360d699f96d8b825f6d99469f3a922586e7492f2f5fca982cd9f4/analysis/1572886063/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5488397b-ac65-4856-bc82-6022d83044aa" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "28a59974-4c91-48ec-aca9-ba54c6c9ffc5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20d8f135-5262-42fc-96e5-45d58f28e490", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:57.000Z", "modified": "2019-12-11T09:13:57.000Z", "pattern": "[file:hashes.MD5 = '3b99828eff188e8ab57fa4c5ccac00d8' AND file:hashes.SHA1 = '87dd9b6e1ce6b1dad366a47a531bcbb817c57032' AND file:hashes.SHA256 = 'f8aaf313cc213258c6976cd55c8c0d048f61b0f3b196d768fbf51779786b6ac6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--faed525e-6cae-465f-94b1-78ed5816b3eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:57.000Z", "modified": "2019-12-11T09:13:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-10T21:05:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "03798ce9-9fa9-4c17-b5d9-9864ed2a4234" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f8aaf313cc213258c6976cd55c8c0d048f61b0f3b196d768fbf51779786b6ac6/analysis/1576011950/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "20e0cd43-ecd2-4594-8939-3359fe2c5af3" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "57a91f04-59c1-4266-8688-90266d306600" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d03f098b-2e04-4fa1-81dd-56b75b20b877", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:57.000Z", "modified": "2019-12-11T09:13:57.000Z", "pattern": "[file:hashes.MD5 = '27c650717b8d785c2253b3930dc9978c' AND file:hashes.SHA1 = '12d002826d53ae85a34fc37f46c28a5076140302' AND file:hashes.SHA256 = '84fc44d957d32757e27bb509c32d7cba01768a7510b2fbac950e602aec9bceaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ba74af6a-6f09-4d21-8a4a-18b6704151aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:57.000Z", "modified": "2019-12-11T09:13:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:26:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d97bd9f5-d91f-4a66-acc3-5e571bc5bc3d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84fc44d957d32757e27bb509c32d7cba01768a7510b2fbac950e602aec9bceaa/analysis/1573874786/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1fa8cbb1-971e-42a4-a8f8-94347c5e6ec9" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e16e6c5d-2f39-47ba-bc20-63c70eeeacb5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30ffb310-60df-42df-b35e-80ddfc891d0d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:58.000Z", "modified": "2019-12-11T09:13:58.000Z", "pattern": "[file:hashes.MD5 = '0b9293db1894df0824e3b1021ff7f39b' AND file:hashes.SHA1 = 'f4367ee96d99185d6d17cd9eac4238a3e1799fab' AND file:hashes.SHA256 = 'bf33725115b8b645f205947c3d252589b4fbe732dc64f5ebb9c10cc9b92877d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--33d540a4-2645-49b7-bdb2-ff74d2a68a12", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:59.000Z", "modified": "2019-12-11T09:13:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2dbe45c9-8858-416b-b98c-5a3188016259" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bf33725115b8b645f205947c3d252589b4fbe732dc64f5ebb9c10cc9b92877d9/analysis/1574062648/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6c1540d-94e5-41e2-92b2-3b2b1e1e30cc" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7879128c-360a-43a7-a92a-c2ef9af6bd3a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69ad7ddc-87fd-4aff-9f37-6590316bd742", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:59.000Z", "modified": "2019-12-11T09:13:59.000Z", "pattern": "[file:hashes.MD5 = 'ef3f79b9eb02cc5f1d02b1ff622ed2d9' AND file:hashes.SHA1 = '2e67043e4a92f129256983b2b1616438807a2f39' AND file:hashes.SHA256 = '7a368fd689c7f3e7c95d7d67f963d4438fd8fc417623931bd17b03f0a9da6ff3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ea1baf81-4893-4970-9437-75572e348717", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:59.000Z", "modified": "2019-12-11T09:13:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T06:08:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d0157ca0-8e86-46ec-b1dc-1ca870240b73" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7a368fd689c7f3e7c95d7d67f963d4438fd8fc417623931bd17b03f0a9da6ff3/analysis/1574921293/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "69914ed4-5ef3-42ba-918e-ecb5eb3c26cd" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4e5e9720-ad8b-46cc-bbc6-a7519e3243b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f8eb9b50-76ed-4eb8-9826-12f72a7c5260", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:59.000Z", "modified": "2019-12-11T09:13:59.000Z", "pattern": "[file:hashes.MD5 = '00c5b8eda11a70bf6cba4267a3ac1968' AND file:hashes.SHA1 = 'ff6b627454430d395cb5ce92579fde13aef47cfd' AND file:hashes.SHA256 = '73d2fdb420a1f0e4ae42b362f54c6cfe39f197f8f9b8c8c2c7581da53de7e144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:13:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c4fdf570-3629-4b1e-944a-155f5c54f20b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:13:59.000Z", "modified": "2019-12-11T09:13:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:28:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c3689a89-ab04-489a-8aaa-2dc66f795800" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/73d2fdb420a1f0e4ae42b362f54c6cfe39f197f8f9b8c8c2c7581da53de7e144/analysis/1574548106/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6855a59f-48fb-432e-902e-552c41c9676d" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27e40fb7-64f0-421c-9b66-f36a801a8a29" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59ef410d-f214-4619-84e5-a441cf642aad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "pattern": "[file:hashes.MD5 = 'de8887943e0927f6792656d2ccc6db40' AND file:hashes.SHA1 = '3ef761b201b25d361a4367eeb5ef2595b6f8f08b' AND file:hashes.SHA256 = '5870f5bd63135a66a45a7f2d87741e211be129c74fcab5f43f2106af2eeae894']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--efce9314-bc8d-4a28-9926-69401d823d6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T11:41:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a5134967-f7fe-496c-8e39-67c90b968042" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5870f5bd63135a66a45a7f2d87741e211be129c74fcab5f43f2106af2eeae894/analysis/1575200504/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0bed9dd3-5afa-47d4-9528-01cbe81aa243" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "72ee8891-c41c-43da-80f3-afffd6cc81f0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b18c4fa-c251-44c3-bbb0-16203a07ba72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "pattern": "[file:hashes.MD5 = 'd5fdc444afc0a079809a0c93269dba30' AND file:hashes.SHA1 = '7ebbdc696101f96840bf432a004b8359ded07aca' AND file:hashes.SHA256 = 'f3bc9d6bbf6c7609fba43c3ace9bb9e6a134b92c048b1c3712d31d906b489725']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dbfc2cb1-1ae2-476f-a72c-d7beb9e77ec6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3bec2127-b9a2-4132-8d14-3f5ab4a70e25" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f3bc9d6bbf6c7609fba43c3ace9bb9e6a134b92c048b1c3712d31d906b489725/analysis/1573722644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27382d38-45f6-4ff1-bf94-7303e2b0735e" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "082c173f-1372-4b21-a5e5-8a0b4bd45383" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b582897d-0656-4ff5-bdda-eeed85d5818a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "pattern": "[file:hashes.MD5 = 'c9430ce8ce51de908ae8925bb3282895' AND file:hashes.SHA1 = '1fbf7d464c65c1b8885b068dc088efca7850c7f3' AND file:hashes.SHA256 = 'a1c52643e738eeff690993a22fb679a98c8ef2057eda04a3c5edbd2632b3c2c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4b6862a9-0ab2-4c83-9386-aacd572ee6f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:20:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15a389bf-fc07-448b-8fc9-de8de1885880" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a1c52643e738eeff690993a22fb679a98c8ef2057eda04a3c5edbd2632b3c2c8/analysis/1574331645/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ab14623-c3d0-4261-a6a1-cc4167279860" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c86b07d4-fb0e-456c-9be1-608cd5d67d5d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db1ed8f2-c742-4725-b847-d099864c4db0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:00.000Z", "modified": "2019-12-11T09:14:00.000Z", "pattern": "[file:hashes.MD5 = '04c52b7adcb186e6da853bc3787a0198' AND file:hashes.SHA1 = '15a8db84780be73e4434baf41dff4c7eab8f428c' AND file:hashes.SHA256 = '66b07500943b483ace74a8d7a2da84d8b80ed3bd176af7ade8fde076b3095604']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b2177994-2d20-47f8-b480-8aded52942e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:01.000Z", "modified": "2019-12-11T09:14:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T06:31:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e4b71b80-ce80-406a-80bd-8e5bf8708c59" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/66b07500943b483ace74a8d7a2da84d8b80ed3bd176af7ade8fde076b3095604/analysis/1573194661/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "96f195de-7224-470a-831e-31ebcc9894bc" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c60444c2-ceb1-47ce-86f8-349344a0a424" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97847982-368c-4a03-a8c1-441ad84613c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:01.000Z", "modified": "2019-12-11T09:14:01.000Z", "pattern": "[file:hashes.MD5 = '58c67e27e8173790d5797b53e94010ec' AND file:hashes.SHA1 = 'c09f017eea374ce3caac0462c5184d40a5a23b5d' AND file:hashes.SHA256 = 'e8e600692047c465576edff769cf9e5f82fa277de9ebc0f962a64317984573af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b0f3da7d-4277-44ee-9202-ffae44b71da5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:01.000Z", "modified": "2019-12-11T09:14:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:26:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a0987241-490a-4d47-8fb2-92e80e4cd6df" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e8e600692047c465576edff769cf9e5f82fa277de9ebc0f962a64317984573af/analysis/1573421219/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9dde2626-9582-4c9c-b1b5-f5853623edec" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9db033ad-2601-4ad7-8c46-c5a1acaa813b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f1622e3-4b08-4970-bf9b-8ab7a3e432c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:01.000Z", "modified": "2019-12-11T09:14:01.000Z", "pattern": "[file:hashes.MD5 = '144d21f779c9ac87c76facc4773476f0' AND file:hashes.SHA1 = '7715cc15317a38607cf7c9653a84fd807efe8e8f' AND file:hashes.SHA256 = '6152b2318b2b975ccf7239afb2222156bde9f1dd338023b5ef6801bcd6e4ccc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--41c7d3c8-ded2-4c65-b002-60136f8eae1c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:01.000Z", "modified": "2019-12-11T09:14:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T20:43:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "89a9a24a-29f2-4a2d-8145-05055d8805e6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6152b2318b2b975ccf7239afb2222156bde9f1dd338023b5ef6801bcd6e4ccc2/analysis/1574541782/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6332c5dd-953b-4488-9857-4f9705ac7d33" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27ffc851-4db1-4815-abea-fee44d3e0bb1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5a90394-db82-4471-8e8d-4db079f7e7b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:01.000Z", "modified": "2019-12-11T09:14:01.000Z", "pattern": "[file:hashes.MD5 = '50d1fb48a486d0fd9fca2d0f8a76f409' AND file:hashes.SHA1 = '49559ff4894ee5f057a74eaa3f0b65308d8b0a76' AND file:hashes.SHA256 = 'ccd47c869d3573eadacdf04e8ae5294ae8e193a68bb05aef6d0e4eb563f54bcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cae7ba7a-da53-4120-b59f-b7e8c4e47cd5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:02.000Z", "modified": "2019-12-11T09:14:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:49:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3e07e014-a004-4896-a0ac-523e240a78dc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ccd47c869d3573eadacdf04e8ae5294ae8e193a68bb05aef6d0e4eb563f54bcd/analysis/1574549386/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b862123c-088f-4d87-93f4-ebf6a090b851" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7c2f89c0-e271-452e-a864-4ffb1265710f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--53a1fb49-2212-4701-a6e6-3ca822352ab9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:03.000Z", "modified": "2019-12-11T09:14:03.000Z", "pattern": "[file:hashes.MD5 = 'da00946f38a280f68df2e811d5ff603b' AND file:hashes.SHA1 = '61b38a1e8bda7f22be88a9970e35585f5aabbfe0' AND file:hashes.SHA256 = '38d39eec91474ab3b6fb64bfc0880539e47351b9ac2a907bb8722e94c516088d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ee991046-2a8b-402f-a917-1f704f429029", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:03.000Z", "modified": "2019-12-11T09:14:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:15:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f93e793b-f3ce-4b6d-9798-74c0e102e2cd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/38d39eec91474ab3b6fb64bfc0880539e47351b9ac2a907bb8722e94c516088d/analysis/1574252118/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a650ac7e-bf33-4e42-be1d-8364e0025148" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8e0545d-07b1-45cf-95b9-e5dd644ef99a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5512cc85-e982-4144-ace3-81b2e289fbc5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:03.000Z", "modified": "2019-12-11T09:14:03.000Z", "pattern": "[file:hashes.MD5 = '00101a80ec75bb63b4f8c8d7d04bbb92' AND file:hashes.SHA1 = 'af57099f96e9a478dde6db82a67f217f375ad769' AND file:hashes.SHA256 = 'ed2c195cdd3386c450856322d3bfc69369f3a787e4476249fa74e1440895f708']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c461ecd4-af71-4fe6-b511-38f1f5e4e326", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:03.000Z", "modified": "2019-12-11T09:14:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T01:21:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7bcbb6c-1b3f-43f9-80f5-62164de28dd6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ed2c195cdd3386c450856322d3bfc69369f3a787e4476249fa74e1440895f708/analysis/1573780905/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab7e1219-d883-4e07-bec4-4825ca385177" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b51a5dd4-7d9c-473c-981a-a4b9c7d25377" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5733791-0a50-4f85-b0f9-c1c5e8e45ca6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:04.000Z", "modified": "2019-12-11T09:14:04.000Z", "pattern": "[file:hashes.MD5 = '9e4c83aa2595134161c7ff09ef20fb42' AND file:hashes.SHA1 = '0acfd3d2a2173cfdbf6f9edf386b64c22d3cd06b' AND file:hashes.SHA256 = 'fa6a3b7f70c5c1aa4d083523146abb2f0b5af84b74c8c019c6c4feb3e01f751a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fb6e6769-e229-4b35-b8dc-151e22070f2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:04.000Z", "modified": "2019-12-11T09:14:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:20:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1be272ff-26fc-4ff7-8cfe-73f07d009ac3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fa6a3b7f70c5c1aa4d083523146abb2f0b5af84b74c8c019c6c4feb3e01f751a/analysis/1573737622/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab3619f7-cf1c-4bd1-bdb2-6d2f7ff7741a" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7d4033e1-f1ea-4f65-9879-0120008e8224" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--843fee68-0293-4764-a937-af5de8e097f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:04.000Z", "modified": "2019-12-11T09:14:04.000Z", "pattern": "[file:hashes.MD5 = '1650b22b155f272bd521f66fedf0e052' AND file:hashes.SHA1 = 'a090bc98a375efce335e99df23cdd914a9ee3b49' AND file:hashes.SHA256 = 'd7a483de1fb445fbdf5408875f2bd1694e8a746a3b0e9dbb3b01a63714ce5729']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a0fd2f59-19d7-4303-b65c-8ab271666a8b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:04.000Z", "modified": "2019-12-11T09:14:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:39:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "91614b69-97be-407d-85c3-d6278d108177" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d7a483de1fb445fbdf5408875f2bd1694e8a746a3b0e9dbb3b01a63714ce5729/analysis/1572889168/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "83c91d82-5312-48d6-b0b3-3d94440a3e62" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26720b88-1d42-498e-9245-3c5ea1827ba8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad9a1f53-356a-49f7-bdc2-a6fefab36e80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:04.000Z", "modified": "2019-12-11T09:14:04.000Z", "pattern": "[file:hashes.MD5 = 'b63814068905d56516ee8bee1ed6c77e' AND file:hashes.SHA1 = 'a39740c312813f470ebc84b0de3da7812c4d72cd' AND file:hashes.SHA256 = '8df4b1705188fae1a6472b1456db8af87269efd2a2caff5863ac165adacb88c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1a96e2ef-ba18-4a69-badf-760a9efd9a94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:05.000Z", "modified": "2019-12-11T09:14:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T20:32:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a087dbf7-cda8-4fc2-8c96-e7b2b2b1d3a2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8df4b1705188fae1a6472b1456db8af87269efd2a2caff5863ac165adacb88c8/analysis/1574973175/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "33dc4462-a6d4-4a6c-84cb-a91ac111eafd" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7af6fd2-7456-45e5-9700-87cca3070240" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77f1a4c9-2809-4734-a95c-d1da6258502d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:05.000Z", "modified": "2019-12-11T09:14:05.000Z", "pattern": "[file:hashes.MD5 = '3936b6a7a95629a0c9727c09cb55d3bb' AND file:hashes.SHA1 = '983b66e5981e3f1e526b67fdcc2d60c7cb84b13f' AND file:hashes.SHA256 = 'c04d8b1efe722ffcc7d6e5e8e0757be9fa8f529bbd74c2dc25790e1c9e078b2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ebfdd4d7-ce07-4499-a795-358cb4c8304f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:05.000Z", "modified": "2019-12-11T09:14:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:31:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a5543a6-0ca2-4980-88ee-cfe7b6cd5830" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c04d8b1efe722ffcc7d6e5e8e0757be9fa8f529bbd74c2dc25790e1c9e078b2d/analysis/1572888712/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d5c3ab15-0913-4dbb-9410-8ff86c250948" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "474e175c-b6ec-476f-93b9-dad10abcec67" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58242813-9dcb-4652-8f0c-89a3f8f0fa5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:05.000Z", "modified": "2019-12-11T09:14:05.000Z", "pattern": "[file:hashes.MD5 = '69ef0e244bfd0ce2ee76cf357a5e0a8e' AND file:hashes.SHA1 = '1c1517c6ac77e248321a56f859b8cdcd121dffde' AND file:hashes.SHA256 = '7f2be3d7de95745bafdd1a69d077dc92d66b40f0005433c47d8323c1c0fdc61f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0f9fb0de-2c25-4ae2-90f6-9860a8755eed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:05.000Z", "modified": "2019-12-11T09:14:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:39:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2833b38f-f448-4f96-879b-2957a1b39d91" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7f2be3d7de95745bafdd1a69d077dc92d66b40f0005433c47d8323c1c0fdc61f/analysis/1573468781/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "44729eba-6f1f-4426-9a5d-62176b8eb784" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "38f2af50-5a0b-40e0-9cc1-739a12f5db88" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5eb4789a-68b2-4326-9701-beea94a87318", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:06.000Z", "modified": "2019-12-11T09:14:06.000Z", "pattern": "[file:hashes.MD5 = '4602350d11a38502bd47fde873846710' AND file:hashes.SHA1 = '34da7f6959a5841c22d7029bb40611736852a03d' AND file:hashes.SHA256 = 'f9b97e51603687908067e0a7da3e3b7b7ec893cc01f28a66244e0180d8c47abc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d08edf4c-4105-4c8b-9ff2-2a86ca3e55b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:06.000Z", "modified": "2019-12-11T09:14:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:52:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8aaf35b3-5834-44f4-9c1a-6c2e88e95ebb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f9b97e51603687908067e0a7da3e3b7b7ec893cc01f28a66244e0180d8c47abc/analysis/1574333522/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c8e2f8d-b2c5-401b-90c8-318796d6397e" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "87c161e6-a02a-4fe0-9fb9-52ce4aec943c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81313716-2908-40cc-afc1-69a373c5f08b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:06.000Z", "modified": "2019-12-11T09:14:06.000Z", "pattern": "[file:hashes.MD5 = '974d39d03e9cd38b1bf76cf18b99605f' AND file:hashes.SHA1 = '21c418bb1cb727fb9e6bd314622e532e4875c748' AND file:hashes.SHA256 = '75b9d0e27a84949cab71ffe158f026f88afc72abeb7c1fa25d8e78bd7a13c6ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8212d8ac-4cca-4eac-b678-6346fbb79895", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:06.000Z", "modified": "2019-12-11T09:14:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-06T10:27:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "689a05da-4ef4-4ecd-bd42-645a07491420" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/75b9d0e27a84949cab71ffe158f026f88afc72abeb7c1fa25d8e78bd7a13c6ce/analysis/1575628047/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7febde30-479d-421a-a835-1f01d9a2af9f" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd785040-b8ca-489f-b757-1ddc57bb0337" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52f91f3a-83ab-4a57-bb43-4dce436633eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:06.000Z", "modified": "2019-12-11T09:14:06.000Z", "pattern": "[file:hashes.MD5 = '5a736efd0f8b11c220d9e7103d8c4974' AND file:hashes.SHA1 = '7d5001f513f70a4a39d28f839e9f4f68482d98b8' AND file:hashes.SHA256 = '504a762eec4cf52c11196700afedf0416a8edd206e1ce24cf792ec269fd8dbce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d1d5d919-bf56-4eeb-947a-904985b078f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:06.000Z", "modified": "2019-12-11T09:14:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:29:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "041cb8be-699f-4ac4-b3f2-38ea61ecb1cf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/504a762eec4cf52c11196700afedf0416a8edd206e1ce24cf792ec269fd8dbce/analysis/1574612982/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2246d665-4498-4ce5-b62e-06c84ee293ce" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "284eb05f-7524-4796-9fc0-a88fbe1a7146" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--453546c0-85f6-4be9-8dcc-d1bce32a66fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:07.000Z", "modified": "2019-12-11T09:14:07.000Z", "pattern": "[file:hashes.MD5 = 'fc3e616f87df230bc11cad3b6a38cc07' AND file:hashes.SHA1 = '1b20a50d819a5cba0b4e10b7ee5eda12bfc025e6' AND file:hashes.SHA256 = '1473aa4c297929bcab0b67f502ef90b5214113b442ed01910442fda077692f4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d73824bf-8527-42ba-85e2-0cecef9a56f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:07.000Z", "modified": "2019-12-11T09:14:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:24:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fdcf42eb-554b-417d-92d0-bff314a04cf4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1473aa4c297929bcab0b67f502ef90b5214113b442ed01910442fda077692f4f/analysis/1574331883/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d43cbc2-47a6-4b78-9318-3539e72fc666" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7975a5dd-dff6-4bb9-a78e-97601927ea83" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec35b74e-09b2-4023-a42c-cd4c03ce65f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:07.000Z", "modified": "2019-12-11T09:14:07.000Z", "pattern": "[file:hashes.MD5 = 'adf7aa309e3477e42a47513ab6406eb0' AND file:hashes.SHA1 = '899ebd3dfc9693e1ae278ecf22d4c94ca7cf8db4' AND file:hashes.SHA256 = 'af0dc865455bb67362237f2bc15828385b122578d5ec53d9eaa6fdd0e1f08445']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7657c0bf-49ee-419b-8f48-91a7baca55e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:07.000Z", "modified": "2019-12-11T09:14:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:47:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "368ac720-f56c-4090-b542-9d8edc48a8cf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/af0dc865455bb67362237f2bc15828385b122578d5ec53d9eaa6fdd0e1f08445/analysis/1573829261/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6df36723-7eba-4d9a-bf8e-f64ea8e63773" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a4b1a203-85bc-49a4-86dc-5e92afa6ee74" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6bef3e87-fc5f-4cd9-8e13-630858d8c597", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:07.000Z", "modified": "2019-12-11T09:14:07.000Z", "pattern": "[file:hashes.MD5 = '7e6f6520775cbe0c63ac340ecc080b0f' AND file:hashes.SHA1 = '76676099e937f62b53a502ebef54ae0ea522a321' AND file:hashes.SHA256 = '9edc0ce20c2ae14ea9c587e0a6d6f7663d501542168fd6382d829ef85073a594']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9582f930-237f-4d6a-95cd-f02170e86da9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:07.000Z", "modified": "2019-12-11T09:14:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:23:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "785ebb80-78af-4bed-a24f-7804bb2d5323" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9edc0ce20c2ae14ea9c587e0a6d6f7663d501542168fd6382d829ef85073a594/analysis/1574612598/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ef9aaea1-e19c-4a86-b5ff-fa2b8918053b" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6a42831d-c3c0-4d59-ac78-b7b20f44519a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b1f60bf-71c6-437b-8d6d-1a6b8d1a12ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:08.000Z", "modified": "2019-12-11T09:14:08.000Z", "pattern": "[file:hashes.MD5 = 'b41c22b8a7f3ccd8832ef98eab16c414' AND file:hashes.SHA1 = '537f122e7db93cb32be87b4fd26b0b7c9a675183' AND file:hashes.SHA256 = 'a68b9516432bb43b24b47c9767f852cacd160c3069c7864d075be33f0070dd0c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--407be71e-132a-4b52-b977-c571e1dc13d6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:09.000Z", "modified": "2019-12-11T09:14:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:05:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8470fa81-65ca-4d1f-abef-3bbdc9df1e90" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a68b9516432bb43b24b47c9767f852cacd160c3069c7864d075be33f0070dd0c/analysis/1573826730/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ce8b658-2d31-4baf-b89e-7ec46059492e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "645bcb26-ad60-4b33-bc81-3bf7b4ce98bf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dcb1f7ef-4e2b-4be7-8211-1547ed9305cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:10.000Z", "modified": "2019-12-11T09:14:10.000Z", "pattern": "[file:hashes.MD5 = 'e38fe3b45bf477f1f217dd04e736f355' AND file:hashes.SHA1 = '69ace162a595d95227411f5052a361f70aa8267d' AND file:hashes.SHA256 = '8a18be5d3739b3ebe39b075757c60354cee2e680b8e08de49b32085cfe69ea53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf704e96-c15e-4eea-9d24-8085c659cc6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:10.000Z", "modified": "2019-12-11T09:14:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:36:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eaa7aa96-44d9-4935-afb3-90b4b815bda1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8a18be5d3739b3ebe39b075757c60354cee2e680b8e08de49b32085cfe69ea53/analysis/1574332573/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f68bffca-6d1d-4535-ba95-84366340bbab" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e9602d34-fa9d-4518-bbe9-89a930ceb90a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86c58388-e9f8-492d-97c0-18c8b31b9793", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:10.000Z", "modified": "2019-12-11T09:14:10.000Z", "pattern": "[file:hashes.MD5 = '3f4051293c8c1a84409ad95624ada1d3' AND file:hashes.SHA1 = 'aafd7f91744446d9fbae81fe6fbfbabc7f70e315' AND file:hashes.SHA256 = '9ec4804cc76160ed4915684a2d4328fc3e87e01f84d0be78cb4c6179cea97c0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c11a9cfa-5986-4160-8fd2-de980114fcad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:10.000Z", "modified": "2019-12-11T09:14:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:12:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4249e473-ec30-4af6-ba6b-96b65216650c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ec4804cc76160ed4915684a2d4328fc3e87e01f84d0be78cb4c6179cea97c0b/analysis/1572887542/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8c485c76-ba5d-4b17-bacd-41713b3e9f03" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7ba70b6b-63b0-490c-9f25-6590e6ea484f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c998b408-f43c-41cb-95c0-2a783c244a17", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:10.000Z", "modified": "2019-12-11T09:14:10.000Z", "pattern": "[file:hashes.MD5 = '83d6a08bfcd59a85c8abd1d00430767f' AND file:hashes.SHA1 = '0002d327a6164e4e9b21705ddbe170c0a1def764' AND file:hashes.SHA256 = 'c0c02334dc523867f02a593cbc860e1520158da1b3ff9c1370bcbaeef70d4009']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--906613a8-9ba7-4e57-bcfe-dbd2e48705d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:11.000Z", "modified": "2019-12-11T09:14:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:53:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "755bd41f-aac4-4cb4-b21f-8abc6c665df9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c0c02334dc523867f02a593cbc860e1520158da1b3ff9c1370bcbaeef70d4009/analysis/1574549586/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "87c68c57-7f58-4731-ae76-db59b046bdba" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3e7905b6-d929-4984-82ff-662c3ffd6725" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e62278a5-9c99-4067-9c30-d19dea8912a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:11.000Z", "modified": "2019-12-11T09:14:11.000Z", "pattern": "[file:hashes.MD5 = '067701e8564f41f0b8b7f95a7fac6486' AND file:hashes.SHA1 = '372db02974044b42042227c8a91cc644c826bc6a' AND file:hashes.SHA256 = '3a1261fb978ac7806c43c420a2d92e5dcda896b1846fbba341909e33f5256bd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7f4685e6-11ff-44da-83ee-18d216c61e85", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:11.000Z", "modified": "2019-12-11T09:14:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:20:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9679ba4f-20eb-4507-9a24-0e062fbff685" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3a1261fb978ac7806c43c420a2d92e5dcda896b1846fbba341909e33f5256bd7/analysis/1573395625/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5dc0914d-ec76-42ea-89aa-d26cd9bb1304" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "37519e2c-561d-4337-aee8-db28013aa859" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae7a8ab0-c3c2-4429-8b07-f035b3b56f0f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:11.000Z", "modified": "2019-12-11T09:14:11.000Z", "pattern": "[file:hashes.MD5 = '479155fed3e93774861f045904ff32b1' AND file:hashes.SHA1 = 'cefb6f61b3f63851cbd9088ba17f11efb8bcfae7' AND file:hashes.SHA256 = 'edb030d018d707cf2130b990e1ba80b4b2fd5415aa67c004fb129494ecb235d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--04cae305-5c94-4f59-a0c6-8ed1a49accbb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:11.000Z", "modified": "2019-12-11T09:14:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T07:07:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db9baedc-cb5d-418b-b127-94b1668d786e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/edb030d018d707cf2130b990e1ba80b4b2fd5415aa67c004fb129494ecb235d2/analysis/1573888035/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "03297c7d-79e9-4ad4-a8e7-39e04b3fc7d9" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f45e0bdf-e123-4004-ad0e-4e66d58ca930" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d807e00a-0236-4b9a-b492-46fe9ac63458", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:11.000Z", "modified": "2019-12-11T09:14:11.000Z", "pattern": "[file:hashes.MD5 = 'f624bc39013fac58b895ebf8572bcca6' AND file:hashes.SHA1 = '0c811198db4a28dc5fa7877484fbf0c8f6e74080' AND file:hashes.SHA256 = '237ef9a6a2b26b732e37978d07b9e4866eabc0f18a2eeebb7290db2ab348482a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--261076b1-5676-4375-acad-1842a29b5769", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:12.000Z", "modified": "2019-12-11T09:14:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:20:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c6f39f7f-a601-45ad-9ff5-1bd833a78da8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/237ef9a6a2b26b732e37978d07b9e4866eabc0f18a2eeebb7290db2ab348482a/analysis/1573824005/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f5b643de-30c3-4955-8ce9-8c67fabdf489" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c9145f7-1d56-46d1-87b8-ae582fc267d4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--43cb2dd3-323a-4782-819d-1eaf7c480862", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:12.000Z", "modified": "2019-12-11T09:14:12.000Z", "pattern": "[file:hashes.MD5 = 'b2bdaac7ffd6f1908afbc8c709199b7e' AND file:hashes.SHA1 = 'ed3982d00a3631735960da1a4164aac436c5384f' AND file:hashes.SHA256 = '737ff4b548bdc34e02aa05235d906b33fa44a38622e0551844c8bb0fb02e55e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c4821d7-a588-4682-a5d7-5e36c8f0f783", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:12.000Z", "modified": "2019-12-11T09:14:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:56:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aafa41cc-86c5-458e-b948-67646f5e8021" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/737ff4b548bdc34e02aa05235d906b33fa44a38622e0551844c8bb0fb02e55e4/analysis/1574250991/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1615bea1-7005-4117-8c07-169e079733fd" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2dcc8aef-dc42-4006-b48d-725cdc71352e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff194367-6c13-4a6c-a833-2db3884542ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:12.000Z", "modified": "2019-12-11T09:14:12.000Z", "pattern": "[file:hashes.MD5 = 'b1da0cb611fa21abcac359b5cea2c231' AND file:hashes.SHA1 = 'cfe0c925eb35994eb031767d584e109f9231172d' AND file:hashes.SHA256 = '7860674666bc7c299809637998310b9aacf6a4965da0d852b61c67742edd8b62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f4909c2b-72e3-4ccf-88c9-a681b1d7bd5d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:12.000Z", "modified": "2019-12-11T09:14:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T00:55:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99f120ae-5e2f-46d4-aa1a-98bea1e25c65" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7860674666bc7c299809637998310b9aacf6a4965da0d852b61c67742edd8b62/analysis/1574384149/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa4038f3-cdce-417c-91af-d7cd47af5b36" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0d2a60c8-5d6f-4d7e-a7ef-0bf5253bf776" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8a0e84d4-35bf-4663-a96c-b7a0b8d738f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:25.000Z", "modified": "2019-12-11T09:14:25.000Z", "pattern": "[file:hashes.MD5 = 'b1e47da3a19610fa3934e37a29ebc3ee' AND file:hashes.SHA1 = '600219a0293d4177fb5d5602ddb6707f65cf8a97' AND file:hashes.SHA256 = '673dd35ef657718612f06f89ce98781f0861f261e5a4a3906e80acd27c249bbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1a713b5f-e818-45a3-a0bb-38b0051e7cb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:25.000Z", "modified": "2019-12-11T09:14:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:34:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab36c756-b9d8-4bae-bfe8-77735ef538da" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/673dd35ef657718612f06f89ce98781f0861f261e5a4a3906e80acd27c249bbf/analysis/1573961654/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27a2e164-3a11-427e-bc9c-c366244904ea" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c64d8c20-0f74-4727-8b2d-2327011d90c6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b048e551-b041-42c5-89ba-6b693421ed49", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:25.000Z", "modified": "2019-12-11T09:14:25.000Z", "pattern": "[file:hashes.MD5 = '87a608d5786bde3cc3515dd58f81c955' AND file:hashes.SHA1 = 'e9a367ae6019e12d14cd01f0e8b3bc2d6323a5a7' AND file:hashes.SHA256 = '8affd6ae38dc7e715fb703a1341f835840c98fad83fba7466b9d5bf3b881771d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0a043ed1-ce60-4bae-bb7a-231dd60e2888", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:25.000Z", "modified": "2019-12-11T09:14:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f5098efd-39ba-4b12-9fd5-25f69dddda96" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8affd6ae38dc7e715fb703a1341f835840c98fad83fba7466b9d5bf3b881771d/analysis/1574062638/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "067d06bc-b5a7-468e-b188-dc4f248aa92c" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fcf5a9e8-c9a9-4996-b0fb-a6be560a980c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--932f5a4f-3614-4a5f-b91a-bbee7c97a5d6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:25.000Z", "modified": "2019-12-11T09:14:25.000Z", "pattern": "[file:hashes.MD5 = 'fee8a2c0a4166b3add28fb91a7b07ed0' AND file:hashes.SHA1 = '07dec2e0c04e223f53845275964021ad31df411d' AND file:hashes.SHA256 = '328152999c4b148033dc91e85e068419cff0d51614a0ffb81a851b9b61032940']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c3077bf7-1383-46e6-92a1-e41279097a1c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:25.000Z", "modified": "2019-12-11T09:14:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T01:24:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "121f1a9b-99d0-4083-9a47-a654d76a9560" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/328152999c4b148033dc91e85e068419cff0d51614a0ffb81a851b9b61032940/analysis/1574990643/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b550889-3478-48ed-a901-09e5a5f1c25b" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4a18a45c-5757-4e62-bfce-efd8b087da19" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1941e2e-0bf4-450f-94c5-75a6f82f374d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "pattern": "[file:hashes.MD5 = 'fb5021874fcdb7be961d1a0df3dca997' AND file:hashes.SHA1 = '21602ac0cd9a55d506d8cd7058d8a9ee5181cab8' AND file:hashes.SHA256 = 'e3a17ad287aa54ed67f4f802957d87810e5173c06b85d60dd742a05184fbce25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8cc36cd5-a417-45d1-a01d-964e17af8489", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:20:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "efae6c36-0f58-4dfc-bf89-17764437eb86" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e3a17ad287aa54ed67f4f802957d87810e5173c06b85d60dd742a05184fbce25/analysis/1573824035/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a4d6b614-5e47-489c-9e5b-fbacaf313674" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1b302adf-bc0e-4dc9-bc94-29fc443cf375" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00ba63be-8575-4111-986d-c44f0481c130", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "pattern": "[file:hashes.MD5 = 'db118c0958aa6493cf5005ae0fc9bdc5' AND file:hashes.SHA1 = 'b0b5b5ee5835b9ed474508c1ec68d7eaa9f1859c' AND file:hashes.SHA256 = '1a60fe01d7c1d34d24a3d00590d53573980fe420a4afd747003324acdd7023f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cfc64d8b-9351-44f9-9a0a-fd4961e5beee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T03:55:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b636fd5-6c35-4272-9a02-b7220002d257" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1a60fe01d7c1d34d24a3d00590d53573980fe420a4afd747003324acdd7023f0/analysis/1573617316/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "87c8499e-9300-4269-ad4f-4fe4880be65f" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "903512aa-0753-4618-89ec-a52d9202505c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--831fedf3-d85b-4369-a431-f06b3e36836e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "pattern": "[file:hashes.MD5 = 'fd9aaee680f1b37bc23172eef3677b3e' AND file:hashes.SHA1 = '76560276162cc698465667b8b07ca2a743fd6155' AND file:hashes.SHA256 = '31fee0d5fce984bbf2050744b0bc13c245eb70806ce260f0611e84bab2d8ce54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--faed2832-7661-4f42-856a-d42dc47c0fbf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:37:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fbdd6c59-321f-43a3-b94f-edc0caefaacd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/31fee0d5fce984bbf2050744b0bc13c245eb70806ce260f0611e84bab2d8ce54/analysis/1573961836/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c445f2d0-71cb-42f5-917b-719058ae3fe7" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "29bc51c4-c3d6-43a1-a2c5-1f2a50209819" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b65c3e8f-b07e-4fa3-b209-3185df28dd88", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:26.000Z", "modified": "2019-12-11T09:14:26.000Z", "pattern": "[file:hashes.MD5 = '3733644b76cf17b158931799d659cc64' AND file:hashes.SHA1 = 'e4c3be7d04d3fbf690840d8d000bcc4aecb296e7' AND file:hashes.SHA256 = '5f80a818809cdaac0959a7bb4cee64ab1044a0444a34db5a154d6a7e060353df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d5ed534d-2134-4104-9308-430c61cd2074", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:27.000Z", "modified": "2019-12-11T09:14:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:53:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "03cc1cc9-ce19-487e-930e-8f85788eb2db" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f80a818809cdaac0959a7bb4cee64ab1044a0444a34db5a154d6a7e060353df/analysis/1574545992/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eaa17735-086f-438e-ae03-18f8c8518c2b" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8ffdead4-df00-4d69-8bdd-963f85bf32f0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7a706a8e-eb20-4d6a-8613-87f5824e2c6f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:27.000Z", "modified": "2019-12-11T09:14:27.000Z", "pattern": "[file:hashes.MD5 = '9053731f06f35aa4b19963ddcbdfc0c8' AND file:hashes.SHA1 = 'e1f8adfa925a150425516beb815f9c2456f63df9' AND file:hashes.SHA256 = 'fa0d550b5eae5ab246a42be129e71e37f8b98857b533a69c410097b34670e94c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c73ef637-3ed5-4a0d-8614-0b16c828b411", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:27.000Z", "modified": "2019-12-11T09:14:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T00:34:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "710bd247-ae28-4624-85cb-5564703835d4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fa0d550b5eae5ab246a42be129e71e37f8b98857b533a69c410097b34670e94c/analysis/1574901288/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "82d93f2d-82af-4458-8d89-55e853d1439a" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6431f58d-ad4b-43d0-9956-966f98abf118" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77f1a696-029f-45b8-b1b3-1c0ce9e75559", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:27.000Z", "modified": "2019-12-11T09:14:27.000Z", "pattern": "[file:hashes.MD5 = '0d7be34110e2c1d34f3f28fdd0b9773d' AND file:hashes.SHA1 = 'c04dacb17a992da1d643aa39b11f3e08a3334b79' AND file:hashes.SHA256 = '35bb15b3e22620842ea33c5e89614edc5fe641529374c780c06c7f573c508782']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1e0e74b7-0b03-40ee-b237-7c6652d65438", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:27.000Z", "modified": "2019-12-11T09:14:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:36:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6d7ace36-a9ee-4adc-b393-cc8429fcfa23" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/35bb15b3e22620842ea33c5e89614edc5fe641529374c780c06c7f573c508782/analysis/1573421766/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ee50ccbb-4c07-432f-a1d3-ac3e998e45b3" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "028a361a-341a-4539-8b5c-6dc383ae1af3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--008b727f-237a-4e1a-a0ab-ed4b02d30df9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:27.000Z", "modified": "2019-12-11T09:14:27.000Z", "pattern": "[file:hashes.MD5 = 'bd5df20afb30ea7f852fff5f53a1c0b6' AND file:hashes.SHA1 = '5e6738e999266a29fa729688959ee685c9a76ae0' AND file:hashes.SHA256 = '9ec099ce8747e0c8ad027da62e5388cc3ae5f84a2b4d78af452c8f79823e56dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c6a480b1-ff07-4d8d-9ee0-e3df961ca4e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T02:13:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ce8b9d2-2c3a-4c6e-bc70-7984ba076366" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ec099ce8747e0c8ad027da62e5388cc3ae5f84a2b4d78af452c8f79823e56dc/analysis/1573956801/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5750a6b9-dcf9-4755-9b0c-3e22db89aa54" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05f20d11-4220-4523-813e-5e4508b7dca8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36adc039-a5ab-49c3-b37b-eab8cdb4fb20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "pattern": "[file:hashes.MD5 = '015dcdb350ada978e125130451f11f42' AND file:hashes.SHA1 = '703ce160a264b601b9f94b132f2e8545d7a4a8db' AND file:hashes.SHA256 = '1e1f68b0b5a623c08acf5c37fe2c72505caa9783587a7ef925a25de26d950f2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d1602636-27b9-4ccf-8005-c67b24c76d5c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:09:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1e5efe97-950a-4feb-9487-67e8ac1a95fd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1e1f68b0b5a623c08acf5c37fe2c72505caa9783587a7ef925a25de26d950f2d/analysis/1574546980/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "719c2a46-df54-49cf-8750-f15b56138090" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0f63159e-7f45-46f1-ac83-a884f831e3d8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5168c613-2cc9-4859-bc2f-d5d1377e98e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "pattern": "[file:hashes.MD5 = '6e91a538e2fdec48c16b570b9d35cfd7' AND file:hashes.SHA1 = '80909b6c5ba45d0c7cb04a91ea6d8eb8452adb5e' AND file:hashes.SHA256 = '050df8f1889c7a3c31a91ff07e9b4cc51ec203f6d9d25fb87a1ee0399a37f1c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3504dd66-01cb-4f36-a5ee-ff65bfee9302", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "faeaf889-0b4e-405b-b44c-5155765aca1f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/050df8f1889c7a3c31a91ff07e9b4cc51ec203f6d9d25fb87a1ee0399a37f1c9/analysis/1573722650/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "df7385cd-a992-4efc-86f2-268f217170c8" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0ebf2b40-4f5d-4b84-aacf-7abfda7b56a1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f56a8d7a-95cc-4718-849e-8b33a6b96dbc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "pattern": "[file:hashes.MD5 = 'f1402800a0979cd5da2b5f5c885a6817' AND file:hashes.SHA1 = '4b1178c74b0742e9bf70410084a88f0cd573610a' AND file:hashes.SHA256 = '960279a5458f1204c009a108bc6aab5a9f6e5c9a0f257b211dcfca39796905f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d0b9f398-6696-4921-a66e-b12a8f295db1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:28.000Z", "modified": "2019-12-11T09:14:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:53:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d40401f-ec41-4e90-8f03-550a0a020fb9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/960279a5458f1204c009a108bc6aab5a9f6e5c9a0f257b211dcfca39796905f2/analysis/1573894432/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e72320a2-0512-4150-924b-f8b494bce9ea" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6320bb27-b2e8-476a-b495-490183653506" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6c96963-fe0b-4238-b04c-5d4d044a9ab6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:29.000Z", "modified": "2019-12-11T09:14:29.000Z", "pattern": "[file:hashes.MD5 = '3f803c4e863f4bd04729d4776555a1e4' AND file:hashes.SHA1 = '289ae7a48aa85a18a4149a403e19034a15b48d9b' AND file:hashes.SHA256 = '4ca8e95a0a59b48ca7b24ac6ef01fef657fe47d3ba98a4abc870e2110c174986']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a16c85bb-640b-4908-bb5e-12b09c2049f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:29.000Z", "modified": "2019-12-11T09:14:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:57:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bab72c8c-9faa-45bd-8ed7-53f221d0461b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4ca8e95a0a59b48ca7b24ac6ef01fef657fe47d3ba98a4abc870e2110c174986/analysis/1574546262/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a4fc107c-8c7c-45a4-a1a4-2784190c8538" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ce9f5fa-d242-40c7-9907-05cc3612ee2c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c642837b-e171-4b1e-84b1-e1bfe9234bfb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:30.000Z", "modified": "2019-12-11T09:14:30.000Z", "pattern": "[file:hashes.MD5 = 'b03f83d2c1a6146fe4af0d0ffcb0fb94' AND file:hashes.SHA1 = '387232c3af0e5f94e15fc332b396e37471604b53' AND file:hashes.SHA256 = 'd36a49ecd072c2df8db9f25ca792f545227219d2310efcd5cbf9c08c7cb62db7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed70f2af-596b-4afa-b2c7-93e22671eaf5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:30.000Z", "modified": "2019-12-11T09:14:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T09:50:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0c8097d7-9be6-4d01-83a3-cae7013c945f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d36a49ecd072c2df8db9f25ca792f545227219d2310efcd5cbf9c08c7cb62db7/analysis/1573293023/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "95678b26-dbe2-4bdc-bb4e-11a0532519c5" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0435206c-0d3a-4f68-ba7e-bd6fadb5abeb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6e3ab22-b8a4-42fe-ad55-6c4f84bab692", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:31.000Z", "modified": "2019-12-11T09:14:31.000Z", "pattern": "[file:hashes.MD5 = 'b8e171857abc174f8ac86aed7294858a' AND file:hashes.SHA1 = '01baf6b42575bca254880c5eeea5dc4cf82fd40d' AND file:hashes.SHA256 = '6027dd52f89684cbf428d9420f84fdfee93ee73ee35af34f469a13c76279ab71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--00f54809-a40c-472e-957c-ad15462306ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:31.000Z", "modified": "2019-12-11T09:14:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T13:55:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "416b96de-38df-4ebd-805e-664049280007" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6027dd52f89684cbf428d9420f84fdfee93ee73ee35af34f469a13c76279ab71/analysis/1573653356/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c9901f2c-238b-471b-a7fb-8a919ea963b6" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa1cd908-d016-4165-aa4d-b75c0d9c7af7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc085cfa-a323-4109-9723-2856e2449668", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:31.000Z", "modified": "2019-12-11T09:14:31.000Z", "pattern": "[file:hashes.MD5 = '956842d0acea85477b28af4e611346b2' AND file:hashes.SHA1 = '2a5f2411c465a8683bbfee68e5b93c7f49e65390' AND file:hashes.SHA256 = '1338c13050d672e0728a0b2db6d947a6c64387832e8ea6b4b575bce0a3833582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f9c8f4ad-22b2-450c-8d06-7c4894196c2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:31.000Z", "modified": "2019-12-11T09:14:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T07:32:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ebd916aa-fe35-4104-b809-b3dbb63ae99f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1338c13050d672e0728a0b2db6d947a6c64387832e8ea6b4b575bce0a3833582/analysis/1573630375/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ad979237-52a4-4a66-9b23-a88e7fa36d66" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bdd0769b-b9c1-49e0-b86a-51407b2ebad2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b2a9860-0ea0-4e21-b39e-5b1329c1e165", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:31.000Z", "modified": "2019-12-11T09:14:31.000Z", "pattern": "[file:hashes.MD5 = '205aa9346d03d08100f30eb13816cab7' AND file:hashes.SHA1 = '344ce1b7603ca5b902346e1c725e380da623809b' AND file:hashes.SHA256 = '7f1d3f304633e81b604ec757cb319d92d5a11f2f5de8e89d90dafcf872fcbeef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b260df0f-3c44-446a-8498-c28ac402bc01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:32.000Z", "modified": "2019-12-11T09:14:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T11:06:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b41d28ca-236f-4426-8b08-6e09bdb88298" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7f1d3f304633e81b604ec757cb319d92d5a11f2f5de8e89d90dafcf872fcbeef/analysis/1574334362/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de8c61a5-be0b-4167-a11f-fcc2b30be116" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "067f1762-9140-41d2-91d7-097d26eb5bcc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0873cbd-8da2-4175-9b01-88eed9046eb2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:32.000Z", "modified": "2019-12-11T09:14:32.000Z", "pattern": "[file:hashes.MD5 = 'd1d973d265a900fba6c3b5e878763a14' AND file:hashes.SHA1 = '39a5f42a0594624df5ff0bfd4605459677649439' AND file:hashes.SHA256 = '9a5f8b42ee9f40a59d99c1b33ebac6ac9290f907dae8188bbc9ac1f875c2a99a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6989c742-4270-4198-aa06-694b87a09813", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:32.000Z", "modified": "2019-12-11T09:14:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:52:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "54ee7119-5d51-4a2a-af03-16004aef2763" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9a5f8b42ee9f40a59d99c1b33ebac6ac9290f907dae8188bbc9ac1f875c2a99a/analysis/1574333549/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ddf0dd9-7b2b-425b-bade-dc9521e036f7" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b596edfe-9acb-45f4-beae-cac6af5134a6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70235016-7a6d-437e-8007-cd94349b2bc8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:32.000Z", "modified": "2019-12-11T09:14:32.000Z", "pattern": "[file:hashes.MD5 = '3f8031512d223f4f07028f20d364aa10' AND file:hashes.SHA1 = '02959b3945a09bc189e49c97942eebe6a30f17d9' AND file:hashes.SHA256 = '5171299ff98c0d226b12a2a25bebd1c00099ce90ec8545cfe461f250c9876b93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e1eec834-f129-46e4-a494-49343a144561", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:32.000Z", "modified": "2019-12-11T09:14:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T12:38:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a9b7913d-1436-4795-9d73-1b8ad8c43a8f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5171299ff98c0d226b12a2a25bebd1c00099ce90ec8545cfe461f250c9876b93/analysis/1573303085/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9499e239-51ae-47a0-b039-1250141f626f" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74934213-236e-48ad-bccf-9f60cbd49c1f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba57e38f-7f2f-4163-ad57-a9a005307876", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:32.000Z", "modified": "2019-12-11T09:14:32.000Z", "pattern": "[file:hashes.MD5 = 'fbbd706de42d79e84810d7e4bde79978' AND file:hashes.SHA1 = '41c3e32b9c85abfd47efb99c99f182977da51193' AND file:hashes.SHA256 = '9401771a55e0df0af4c8f2e73f30f622cbf2632cadf476aadb16fcdd2c7b5d46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--205e85cc-875c-4b50-a5b4-0bf576867dbd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:33.000Z", "modified": "2019-12-11T09:14:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:26:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "df141af7-b1fb-4755-8a03-b7632eb6af13" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9401771a55e0df0af4c8f2e73f30f622cbf2632cadf476aadb16fcdd2c7b5d46/analysis/1574547999/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "522416a4-1497-44e3-980b-ed803b8cef9e" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1d9d920b-22b6-4aa0-a714-e31df281807a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bca2087d-843c-461d-bdf8-43a463b026ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:33.000Z", "modified": "2019-12-11T09:14:33.000Z", "pattern": "[file:hashes.MD5 = 'a2731930479cf70c0e314024a6b144f0' AND file:hashes.SHA1 = '128b7c7a0068f0121f71234cb9c11dc0d236a288' AND file:hashes.SHA256 = 'e3eec80ccd47c6935f0fddce1d3627f5be717e90a30e2f736c3ef268bb7676f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1cdfef9d-352d-411d-9ba2-053c1034a71d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:33.000Z", "modified": "2019-12-11T09:14:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T19:00:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "828314b9-3a78-4364-b0c4-eb44efd94f70" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e3eec80ccd47c6935f0fddce1d3627f5be717e90a30e2f736c3ef268bb7676f4/analysis/1574362853/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b12c546-8fbd-407f-bb97-9d38bba2e119" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "da1d1720-2cb1-4776-8c24-cc974fa5b75c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c1f7716-5cc5-43bf-8e10-fdc7ab9176c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:33.000Z", "modified": "2019-12-11T09:14:33.000Z", "pattern": "[file:hashes.MD5 = '4e699994ad42c1a0672d6d3bd42c2b26' AND file:hashes.SHA1 = '42bdf618ba920b7d01892f47abab4b1e9af1ecac' AND file:hashes.SHA256 = '09701e1be1c1d055eaa2e910e8f0086f911ff2d83f8e52c0c56c801bb65c436e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f6d96fde-762e-49b1-b35d-41ab311856ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:33.000Z", "modified": "2019-12-11T09:14:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T08:46:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "07dbd8ac-24b2-4799-9d7b-86fb1e01b266" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09701e1be1c1d055eaa2e910e8f0086f911ff2d83f8e52c0c56c801bb65c436e/analysis/1573029963/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "724b85a6-fee6-4783-8422-6b8dfb712ef2" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78861a6b-6d06-4f37-b62d-e2bfea076289" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--654af31c-3b70-492e-9fd4-3c392cd1b3a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:33.000Z", "modified": "2019-12-11T09:14:33.000Z", "pattern": "[file:hashes.MD5 = '650c3d9057e12138298802cb01475f9e' AND file:hashes.SHA1 = '6b8b7e1dff7783490289ad16f13bca38f11dc0dc' AND file:hashes.SHA256 = '46057abf095625ca75f36b5df302f5060a21288be15a819458265da59d8f3547']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--696418c6-786d-4db4-a076-f8afa5b4e9fe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:34.000Z", "modified": "2019-12-11T09:14:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T14:21:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "649d5883-04bd-4394-81ae-a1b12abbefe8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/46057abf095625ca75f36b5df302f5060a21288be15a819458265da59d8f3547/analysis/1573827688/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "825ee59e-ec17-4e5c-9702-7d8429b52b39" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "720f410d-c046-4241-928b-3cf23fd3b97c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ca33392-186c-402b-9a1c-24980c78cbae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:34.000Z", "modified": "2019-12-11T09:14:34.000Z", "pattern": "[file:hashes.MD5 = '37a105079de2e9a1225e7194ef90a8f2' AND file:hashes.SHA1 = '0907b278e466a67c2085ced04ee4567056ff0175' AND file:hashes.SHA256 = 'aaaf7c645d38e22cef3b34153c449bb7fac3af8e0f6bf29e961018d27e6bf941']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1fd1d2cd-4aae-4483-b0b9-4d398e35e257", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:34.000Z", "modified": "2019-12-11T09:14:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T05:25:07", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c8aef888-3dc6-4c57-8ec0-05f7cfd1a7b7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aaaf7c645d38e22cef3b34153c449bb7fac3af8e0f6bf29e961018d27e6bf941/analysis/1575005107/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c68f72ce-a55f-4ab5-8ae8-a62291878da9" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "45fa6cc1-88c4-413e-b100-d3da2c454be1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f335ec2-b6e3-4001-ad79-be53421c0dd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:35.000Z", "modified": "2019-12-11T09:14:35.000Z", "pattern": "[file:hashes.MD5 = '8c98272e5144c73304ce05ab2450497c' AND file:hashes.SHA1 = '7bb941b28164d1011c45c60992c1c2798ad72b5f' AND file:hashes.SHA256 = 'ebbc69e2b6ae5e838c17deefac4a00e0e52d69fa8ca50d133fcb849667a3b3be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e3bc4c3e-33e9-463b-858b-d26d2f608ed5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:35.000Z", "modified": "2019-12-11T09:14:35.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e16dc44a-26ca-47be-85ae-2c73911ae06e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ebbc69e2b6ae5e838c17deefac4a00e0e52d69fa8ca50d133fcb849667a3b3be/analysis/1574936773/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d7a332d-2841-4587-a863-ff08b2103c0d" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2baa1158-0b71-4cbf-80f2-f49c4409b33f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c1bcc19c-685d-4c4d-98a8-66df5a4e5458", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:35.000Z", "modified": "2019-12-11T09:14:35.000Z", "pattern": "[file:hashes.MD5 = 'acff2ac90f8675fc42c2502024a9597f' AND file:hashes.SHA1 = '4419949c24e8d42629a52b3811c41d0bbb529789' AND file:hashes.SHA256 = 'cd48897f0bf376271dedecd481a6c9117a6e8303d5a3e583c034c3d33ce23c4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a35d6b3c-56bf-4d96-976e-a9923a94b8e2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:36.000Z", "modified": "2019-12-11T09:14:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T05:30:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "299dbde1-e4e8-482e-8908-fb277b8ee7f5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cd48897f0bf376271dedecd481a6c9117a6e8303d5a3e583c034c3d33ce23c4a/analysis/1574919053/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "14c54242-ef48-4875-8434-6216c5b60dec" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "82d68107-564c-4e70-84e0-3f21a9cc736d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71247c37-a80a-43c9-91c3-11f4eeca4487", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:36.000Z", "modified": "2019-12-11T09:14:36.000Z", "pattern": "[file:hashes.MD5 = 'd233feb2cda0e4940fa0a3569e71914e' AND file:hashes.SHA1 = '667819dff62a7dc798b4e3f8314fc2c41897fe14' AND file:hashes.SHA256 = 'bc210c0d9757ec34e1ec76264c63b71fee3367b7d020f81f56b3d89b75531da7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--112dff7a-2e72-4795-b911-2f4686040178", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:36.000Z", "modified": "2019-12-11T09:14:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T15:32:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ff4d9f8d-4533-47ee-b592-585b2fd90ceb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bc210c0d9757ec34e1ec76264c63b71fee3367b7d020f81f56b3d89b75531da7/analysis/1573831925/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ffcbc14b-b671-4674-acd3-90bed5a9e2e1" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0b5bed1-bfe8-4c22-8773-7025f0f552d6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--856835b4-8600-4040-a650-befc7b4a0bd0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:36.000Z", "modified": "2019-12-11T09:14:36.000Z", "pattern": "[file:hashes.MD5 = 'ac9e7cb743afc9d3a514ae59a18e8797' AND file:hashes.SHA1 = '01ae7083b569daabdc100f1e539c8b97fce13d00' AND file:hashes.SHA256 = '1918956aafe716e3d2ef05932b268bd1a876e96eb79dbf9a0f03cbdda00ce6e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d105ccb8-9e5c-494e-aafd-c43f57ceff82", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:36.000Z", "modified": "2019-12-11T09:14:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T00:23:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8029e76d-aa3f-4405-93e5-ea15bed7f3e1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1918956aafe716e3d2ef05932b268bd1a876e96eb79dbf9a0f03cbdda00ce6e6/analysis/1573777418/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d5861413-00b6-4e55-80ca-b76238cad72c" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47abb2c6-4a70-4e0e-89e4-b6662875ae3b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bc967e-3d44-4753-a154-4023da3698aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:36.000Z", "modified": "2019-12-11T09:14:36.000Z", "pattern": "[file:hashes.MD5 = '5adfab914e960dc2025569e8dd140aab' AND file:hashes.SHA1 = '9456aeb71d444de40ebca9530ac974aae468b354' AND file:hashes.SHA256 = 'f83c4792728be3bee73911473f563b776353e79811febaf30e0736ceee68298a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--affae7c8-303d-4636-97be-295bf6d84136", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T02:01:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7231db76-dd54-40b5-ad39-a95c60d80164" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f83c4792728be3bee73911473f563b776353e79811febaf30e0736ceee68298a/analysis/1573783295/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4255e368-436c-4864-8a2c-291977076c9c" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2de716c9-1ab7-4c93-9456-3edf38c46441" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1041116d-b2f5-4a15-9af5-70780985d5bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "pattern": "[file:hashes.MD5 = 'd467c6ed3db71db858eda989e0548f0b' AND file:hashes.SHA1 = '4c1864922e00a5b797b9550582fa320152afda22' AND file:hashes.SHA256 = '97a4658497adfb1b8c46c615e676d7e51308490aa1715cd78abf03662a80e145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0063f070-f011-44b3-9b1c-5090f08fbbd0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T02:09:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3994dd43-57ec-4ed9-aa2c-2aceefc022dc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/97a4658497adfb1b8c46c615e676d7e51308490aa1715cd78abf03662a80e145/analysis/1574993379/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "10d63cc3-49be-4e77-9f11-7c09e51ac333" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99d30440-55a1-4d61-804e-a16c9fee1d49" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61d882b8-8aaf-4725-8a98-000b110bd374", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "pattern": "[file:hashes.MD5 = 'd030db7e0eac0b235b8657b1c1943d2b' AND file:hashes.SHA1 = '1e5ab3c32d36219cbe5e9218290b6d15f2134a67' AND file:hashes.SHA256 = '959a7940a5d8811036a35ce12b36fb9e2675fc4ead51f8eb9d67a870194ed9e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7fecf5c4-77ba-4c00-8600-54d5cc570987", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T11:41:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4435b731-a568-49c1-8921-504bbf9e5fca" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/959a7940a5d8811036a35ce12b36fb9e2675fc4ead51f8eb9d67a870194ed9e4/analysis/1575027708/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "00186b60-b99a-4814-a771-c491a2c7c0b7" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d5507695-164e-4fbb-b65a-af6503182768" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74b7eac6-edc1-4719-aae0-30242c74d51b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "pattern": "[file:hashes.MD5 = 'a7edcde30dbd1b55f5d7f029b360daff' AND file:hashes.SHA1 = '50bbbc0bad591915d0b798a3078298adcf2f206a' AND file:hashes.SHA256 = 'bb09c8b7ba552b5200c6da5b55f9b29e5170c01b10aaa3140b0bccb85f991588']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--febdffe9-4e17-425d-a8d6-4c51cf33224e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:37.000Z", "modified": "2019-12-11T09:14:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T03:54:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7fb009f3-3a2d-4849-a21f-599ac0670832" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bb09c8b7ba552b5200c6da5b55f9b29e5170c01b10aaa3140b0bccb85f991588/analysis/1573617246/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4f06be37-e570-4c14-9a38-047287401551" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "598406da-1265-4148-b36b-2a4b9231198b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--026b2ae0-605a-41db-9cd6-dacc072e20d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:38.000Z", "modified": "2019-12-11T09:14:38.000Z", "pattern": "[file:hashes.MD5 = '9b37b5b0049aa6ca0a7e38fd0f766953' AND file:hashes.SHA1 = '4bc91885bf924959923b9c6f743d9c097eaba7c9' AND file:hashes.SHA256 = '28dd5bb9bd2a828533fb5e95793643fa5bf96a7d0f5b1799d7978d84fdea62ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cd56979c-e304-44fe-a86c-d0f0a77458f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:38.000Z", "modified": "2019-12-11T09:14:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:52:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d4c8f842-c610-4674-a226-4167581fc156" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/28dd5bb9bd2a828533fb5e95793643fa5bf96a7d0f5b1799d7978d84fdea62ef/analysis/1574250729/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02ba8b2d-163e-46e7-97eb-09e738516af3" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "261b7250-f149-463d-bf72-f4c5617ded55" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8dfc28af-b55c-4152-a857-ab4522899cc2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:45.000Z", "modified": "2019-12-11T09:14:45.000Z", "pattern": "[file:hashes.MD5 = '6dc03dd4ec7bdc74dd5dc97d5a076ccc' AND file:hashes.SHA1 = 'c7b03413eeae980999c8512278d9ee9f46a5784e' AND file:hashes.SHA256 = '4889ebb5f02c520e57a9f417df2d53cf415c9fc67d2ae3abab8b604e275df23c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4bb02d38-1f1e-48d8-8898-c7f2da8af6e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T04:29:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1798bb29-f23f-4362-bf2a-ac25285b947a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4889ebb5f02c520e57a9f417df2d53cf415c9fc67d2ae3abab8b604e275df23c/analysis/1575174570/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a3fd4046-da65-480d-a1ef-9d4ffcfe0bcd" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "647ab075-a93a-427f-9095-e243d31d7b89" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f2e12db-da2d-443b-b757-4e9e6c122ea4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "pattern": "[file:hashes.MD5 = 'feacbcc320d6bc2bb3008fd113f273a4' AND file:hashes.SHA1 = 'dfd49587e8dc1d5f846b525449f08b1a914c654d' AND file:hashes.SHA256 = '2437a58d064633e57b32149b711ff16b3b55902915b7711d6cf9e855ac08ec41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--82cce140-33ee-4095-921e-fa0543e21649", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:30:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7ec4e549-85a1-409f-b536-7f0d789ffde6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2437a58d064633e57b32149b711ff16b3b55902915b7711d6cf9e855ac08ec41/analysis/1573421437/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "16177993-431d-498a-9713-8366fe841f48" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1468e4d8-3619-4619-a071-463b69cb04ee" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--088e3039-07ee-459d-bd4f-bf7bad58d503", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "pattern": "[file:hashes.MD5 = '3191853f42c806f48dce877412d79e24' AND file:hashes.SHA1 = 'cdd0a2502e2e006526dc903810fe9b8bfc5c8ebd' AND file:hashes.SHA256 = 'ce110da29dec4756efa27fc5d4ad17eca6e6194375f8391226f60972bcd17a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9f601c7c-affa-4785-afc2-07685120de1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:15:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cea8432c-9ada-4280-be66-5b483adc1a02" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ce110da29dec4756efa27fc5d4ad17eca6e6194375f8391226f60972bcd17a91/analysis/1574547322/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d43a8ba8-7a40-49de-a4a1-40f74b1bf471" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5cd616dc-7462-4e96-bc3b-ba1f319c5fb8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--83763372-bfd9-44aa-aef3-8d6a920e5a19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "pattern": "[file:hashes.MD5 = 'c6410b764b572befd6e6b8a09f98213b' AND file:hashes.SHA1 = '7632428b8a721dca3903c74b5e46e2c8f9ca354e' AND file:hashes.SHA256 = '4d05c434412dc66eac7a44c20421ac7ab4567aa378330b9fbdb4196a5d0b1198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f5219ac5-1d9f-44f0-8bf8-99d584556215", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:46.000Z", "modified": "2019-12-11T09:14:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T22:06:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2644bcb3-3af6-463f-b8f2-47db0c0f0019" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d05c434412dc66eac7a44c20421ac7ab4567aa378330b9fbdb4196a5d0b1198/analysis/1575410776/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b81ca2e1-e0e7-4b2f-a919-bdd77f320e20" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7708ffc3-7211-400b-80b6-e3ca4056b510" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae3f4f6d-16c6-4318-b5f7-3a6c402a4a2c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:47.000Z", "modified": "2019-12-11T09:14:47.000Z", "pattern": "[file:hashes.MD5 = '0828563e7cf6ca3573bf757472aa719f' AND file:hashes.SHA1 = 'a5470c5e6f7a06d32bda07c9e71803fc538f4297' AND file:hashes.SHA256 = '6af21af6dab46946596b012550939e5fe42b78a9403b2814995796bc3b15e976']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed048d52-bf53-4d0a-9478-efca6df1480c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:47.000Z", "modified": "2019-12-11T09:14:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:34:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d831df5f-3d14-4083-889c-a407a744e3f6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6af21af6dab46946596b012550939e5fe42b78a9403b2814995796bc3b15e976/analysis/1574548449/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "918d3119-9c52-4bb7-bfd0-3044bf653e64" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "921a9f4b-4bfa-49c1-870b-951d1f87e773" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--041cac35-8f8a-4d5d-8c22-26d97e5cd563", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:47.000Z", "modified": "2019-12-11T09:14:47.000Z", "pattern": "[file:hashes.MD5 = '7d6e0ee1f994ab61fd57b2a55ab00130' AND file:hashes.SHA1 = '35c11c01e549f6968f94400377f735f4261ce6d1' AND file:hashes.SHA256 = '21db063f58ba1e3e9f7d9ceb5288e89bc9fbe023ab7b3d1296c83f9a271e0ade']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ce1ec435-a136-4044-b63d-e54d61f51cc0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:47.000Z", "modified": "2019-12-11T09:14:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:28:07", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1ce526b-6669-4c4b-8134-d5d9656793f7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/21db063f58ba1e3e9f7d9ceb5288e89bc9fbe023ab7b3d1296c83f9a271e0ade/analysis/1573738087/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "40c53182-c9d7-465b-be28-646a9359792a" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a0790991-73ed-4233-a5b8-872859b36534" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6f8a3fd-f37a-4e40-8387-00794b62d42a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:47.000Z", "modified": "2019-12-11T09:14:47.000Z", "pattern": "[file:hashes.MD5 = '542b352c90494e1f58558854d82ff5c9' AND file:hashes.SHA1 = '877ba2f500c52969f03eecb3566ddc5fd3c9302b' AND file:hashes.SHA256 = '7eb19d5b71f0994ce6a57b946172483c9951fdd66a5198e1289a4aae3a4a13e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--da743998-d540-4881-84fc-a6a575f5db2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:48.000Z", "modified": "2019-12-11T09:14:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:42:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fb26eb68-8d4c-42eb-8f74-1bd2bd76212a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7eb19d5b71f0994ce6a57b946172483c9951fdd66a5198e1289a4aae3a4a13e1/analysis/1573468939/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d02ce921-61c6-48fc-985e-8d11c7d25c45" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a5bd8d25-4397-4cf4-bff7-7f621dec8445" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da8034b7-1e05-4bde-b6f3-50cb76cc4265", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:48.000Z", "modified": "2019-12-11T09:14:48.000Z", "pattern": "[file:hashes.MD5 = '59c653000e6676d3ea2321a8549fed81' AND file:hashes.SHA1 = '2762c7ae2dc77430bf9029cc44ef356bb79b0e7e' AND file:hashes.SHA256 = '624a84231a82d8bffef81bedbd711d6adbc176861874691f13743e90b804698e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4449d6fd-d5c4-4293-8428-63cb879251a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:48.000Z", "modified": "2019-12-11T09:14:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T06:48:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "afa39583-b16b-4b09-8647-79772bd978bc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/624a84231a82d8bffef81bedbd711d6adbc176861874691f13743e90b804698e/analysis/1573627729/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1e81bfaf-f105-4a29-9f98-c9f55894c9e5" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3ecf17d6-fa47-4afc-843d-cb6a060b1fed" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe376ddc-500e-4ea3-8c7e-167ec34ee510", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:48.000Z", "modified": "2019-12-11T09:14:48.000Z", "pattern": "[file:hashes.MD5 = '48dac082f7e60848761151666cb68648' AND file:hashes.SHA1 = '83d4f7ccc3102eb2c3b17cf0789be1fdf38f9ff4' AND file:hashes.SHA256 = 'c6d1dc32460d80466b2a56eee1018ff5ed04c9b5cbf0691f8c8d69a3e44f627a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4d31d75b-99ce-4d4b-a809-d8d388cd62ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:48.000Z", "modified": "2019-12-11T09:14:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:41:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf2adaaa-ce6d-48a2-8b02-3bf5ba015649" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c6d1dc32460d80466b2a56eee1018ff5ed04c9b5cbf0691f8c8d69a3e44f627a/analysis/1573897287/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b1efdbfb-fdce-49e7-8ea3-481119f86957" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cd1f4479-9d34-47fc-96ac-1679a0fc3971" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aee0911f-f964-403c-a401-916850604e44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "pattern": "[file:hashes.MD5 = '7d5442570eed87b6701c722604fcfe32' AND file:hashes.SHA1 = '501083e29cd86b5e89c4593a4a20f3bd6f6eade4' AND file:hashes.SHA256 = '7588f5502a3583caf38ce1a497fe61d3b3f45f05bb92f5637b2510e2bcee9a6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2fe8ce5e-b959-4d89-a2be-c0b3fcba2c8b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T10:39:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d67a725-be47-40ef-bfbe-6e8159ea2178" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7588f5502a3583caf38ce1a497fe61d3b3f45f05bb92f5637b2510e2bcee9a6e/analysis/1573555182/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c85e4b32-52a8-448a-9eeb-34aa32aaf3d2" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "091e3b28-bf73-4e8a-a9a2-bdd414a7c2c9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d36921ed-1ed3-4be6-a86c-cecd0f8c20ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "pattern": "[file:hashes.MD5 = '896f54083bf805af1e7b85fe175e2ded' AND file:hashes.SHA1 = '1a37ab15117068749ea63b7bde8f908bcb8c7c57' AND file:hashes.SHA256 = '5eab9b8af26b1508575d42c95661f41ec0aaffd794f307fefaaa6306ed50fb2b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4503ece2-4b78-46d2-9eea-01163efdb49a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:35:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06c6cc3f-3c7b-4f3d-af13-68a4f22093d7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5eab9b8af26b1508575d42c95661f41ec0aaffd794f307fefaaa6306ed50fb2b/analysis/1573961732/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e601fc46-aa92-4655-8a29-a4caa2f1eac7" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b299289d-3f43-4e88-9386-e874f4a0ed3b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2309d986-99cb-47bf-b20d-d68ecef7b21a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "pattern": "[file:hashes.MD5 = '6616791fb064ddfc50d73eca7b0f5274' AND file:hashes.SHA1 = '50309c20c483b7fc5d4f725012616828b49452bb' AND file:hashes.SHA256 = '6eba1d9bef86ec551a936bcf43a148dfdf0d8d10dfcea1967c5195cc443b9689']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--162a8c04-99b5-4545-9711-75dee6b7a5fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T02:59:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cad1beac-8f66-4643-b886-b830f28cae4e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6eba1d9bef86ec551a936bcf43a148dfdf0d8d10dfcea1967c5195cc443b9689/analysis/1573873181/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "45acb2ec-b287-4b7c-a142-996fbd671072" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1a4e241-dc32-4f1c-acc7-774677548836" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f48ba5ba-6b66-4b53-bb02-44c685a0e83d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:49.000Z", "modified": "2019-12-11T09:14:49.000Z", "pattern": "[file:hashes.MD5 = 'd8eb15282433d4b820d5d0d5d3c66cd3' AND file:hashes.SHA1 = '8c198cd9c0cd993e64701f4741bc57d8bf38600a' AND file:hashes.SHA256 = '6b960d2ff0fe601cc1223a275110f3195cc82f789db9c3225a06d27e24bc4349']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--397bc61c-fafc-4997-b517-4c6c32db23fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:50.000Z", "modified": "2019-12-11T09:14:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T16:23:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ca255f8-b62d-41de-8365-06d3c05fd221" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b960d2ff0fe601cc1223a275110f3195cc82f789db9c3225a06d27e24bc4349/analysis/1572884600/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4848f560-daa8-4c08-98f2-f296b6f4ab77" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "417e1683-1923-4754-8b17-2602d33bdbdc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d36b9aa9-8f5e-4981-a5d4-a8f05b1ecc84", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:51.000Z", "modified": "2019-12-11T09:14:51.000Z", "pattern": "[file:hashes.MD5 = '3862119edf0a22675d3cd480db9a89e3' AND file:hashes.SHA1 = 'b042d2cafb9300d4419444f79d0bc23c8ecfcf8c' AND file:hashes.SHA256 = '687f47552ce1cb3df741abfaa1a16113e516751bf41be3d10f49c93d26e49c45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3d521726-abcb-4392-a9b8-11d0e3884bb3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:51.000Z", "modified": "2019-12-11T09:14:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T04:52:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2be3809c-ae4f-4a6a-9c1e-41e646c8ff01" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/687f47552ce1cb3df741abfaa1a16113e516751bf41be3d10f49c93d26e49c45/analysis/1573447943/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e656d4ae-2a6b-4ce8-bfb3-3836cb585f36" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/63", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e52cb312-5bab-416f-aac4-e5dbca352431" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22e4556d-5608-4560-bf28-36060ff2edc0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:51.000Z", "modified": "2019-12-11T09:14:51.000Z", "pattern": "[file:hashes.MD5 = '2c3b132e36fe24112baf70875b2f16b4' AND file:hashes.SHA1 = '46c8eac93eca937866ea780e663ac77aae016e55' AND file:hashes.SHA256 = '208408123b09439e6f8fc63cb0c58902a3f1e0fc730547e501ccbbe6ab880bae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a15eeb3-361a-413e-b051-91b58cb68103", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:52.000Z", "modified": "2019-12-11T09:14:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T11:21:45", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db8e4921-a8e9-4758-9ce3-bb8e8de419e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/208408123b09439e6f8fc63cb0c58902a3f1e0fc730547e501ccbbe6ab880bae/analysis/1575544905/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "623f71af-2730-4a93-b357-0ce45073c6ec" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "639d4d1c-0650-41ae-b620-ff394dc42eae" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f11e6631-7709-404e-b900-572959618c82", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:52.000Z", "modified": "2019-12-11T09:14:52.000Z", "pattern": "[file:hashes.MD5 = '48f7a0e8e6ea97758ba3015c993a9fba' AND file:hashes.SHA1 = '736c90738d7804c1bfb5556625ba9a75d4d3306e' AND file:hashes.SHA256 = 'e18e786e4ca230ade1bc145f485435d81d039dc0ab92fff6c88c8accdd1ba95f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8f1a827e-b18b-4d8e-9134-6058145c404a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:52.000Z", "modified": "2019-12-11T09:14:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T10:22:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e8993bdd-ec70-415c-86cc-cab1b2824c55" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e18e786e4ca230ade1bc145f485435d81d039dc0ab92fff6c88c8accdd1ba95f/analysis/1575282146/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4ecb70b8-3cfc-4554-939e-38c355c358c9" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e71a1d3d-a177-4ba6-8a0a-f27cbd121631" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94b3ec54-66ff-4928-8aa3-8d71e60d7294", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:52.000Z", "modified": "2019-12-11T09:14:52.000Z", "pattern": "[file:hashes.MD5 = '5b24137199baf3642afb5c16390f3a73' AND file:hashes.SHA1 = '48fdff9fdb103f18ff52dccdecdfb21778416ddf' AND file:hashes.SHA256 = 'ed59f8ffd000d1d80e56d402de6fc6d4cd18eb259586172f90a7ba056f5a85dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3a5352db-c166-4258-b701-3e74d5b2efac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:52.000Z", "modified": "2019-12-11T09:14:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:30:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7be63520-ad2b-450a-a3bc-acfa6d05a495" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ed59f8ffd000d1d80e56d402de6fc6d4cd18eb259586172f90a7ba056f5a85dd/analysis/1573421456/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1a313c2-2ef0-4913-a551-231e114625cb" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd74c743-cd6f-4226-8d0e-5885b6515412" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00320e5d-b65b-4de3-8ee1-d79494067bc3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:53.000Z", "modified": "2019-12-11T09:14:53.000Z", "pattern": "[file:hashes.MD5 = '25b50d6f9d27e39a12d74df5d72ca954' AND file:hashes.SHA1 = 'eacfe9474aad598351b8940c8f02299b322162ba' AND file:hashes.SHA256 = 'c87a3d98f4b64cf15eaf00fc0cc7cef39a3a02540161241c288b2f0e0deec5a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af04a185-715a-430b-9c62-200310c56a29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:53.000Z", "modified": "2019-12-11T09:14:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T05:31:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a79393cb-9ccc-4233-84b5-1ed5e0935955" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c87a3d98f4b64cf15eaf00fc0cc7cef39a3a02540161241c288b2f0e0deec5a5/analysis/1573709465/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f285d5ca-8783-4b23-9ad5-4bda8820bc6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f25adedc-e36d-487a-b8b3-bf82b142208f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--497d2ef0-1192-4ab6-a18b-7b7e385ced1a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:53.000Z", "modified": "2019-12-11T09:14:53.000Z", "pattern": "[file:hashes.MD5 = '30052116a5e3a3137664c99f52a23159' AND file:hashes.SHA1 = 'ccc2bd63a0b2fe3cedd6b64603cbaf0c06673f34' AND file:hashes.SHA256 = '0d9d499882a9188a73f1af194fc03e5803181adec3fdb9658e4a7c1991196ba2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8b8ad180-8552-4e8d-812b-da9f253ee1b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:53.000Z", "modified": "2019-12-11T09:14:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:20:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "76f705f1-9a18-4cfe-b615-9d2044753079" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0d9d499882a9188a73f1af194fc03e5803181adec3fdb9658e4a7c1991196ba2/analysis/1574612413/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6adb4e93-922d-416f-91cd-52cb9039ea52" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6fc180bb-91ab-4c89-8e97-120363ec03f8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8ba81c9-1297-4551-ae6c-2b6d946febb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:14:53.000Z", "modified": "2019-12-11T09:14:53.000Z", "pattern": "[file:hashes.MD5 = '7c39dc73472136c31326389fce8be63b' AND file:hashes.SHA1 = 'ceb6102b533a5b73509c0970de1cfad7aecaab15' AND file:hashes.SHA256 = '224de48dcea5a83a1315db1409372f3e9d72d9639ae3883068dfc55d60c75ce3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:14:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--11995272-e3a2-4760-a818-37805cc4f8e3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:05.000Z", "modified": "2019-12-11T09:15:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:23:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "28d54c8a-fb75-4561-95cc-c117be237c2e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/224de48dcea5a83a1315db1409372f3e9d72d9639ae3883068dfc55d60c75ce3/analysis/1574252598/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b066b89-150f-4295-abb1-8b13fedcfec1" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dc287a7d-7c74-4f97-81d9-7da5816ab283" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8183a96-7140-4e57-9c94-d6201404b3c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:17.000Z", "modified": "2019-12-11T09:15:17.000Z", "pattern": "[file:hashes.MD5 = '4f86ef4bbe69fd83e5cd3b6589c7cb3c' AND file:hashes.SHA1 = 'fd4b16d972ba805251a8d4f32151cb4e4ea3675c' AND file:hashes.SHA256 = 'e61a1ba9c85ab774dcb35ca580282cf980bff6928695b8beb06843d73189dbdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a7abb420-7ad9-4c65-96fc-68532346ec83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:17.000Z", "modified": "2019-12-11T09:15:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T03:38:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81224fc3-8c58-47c4-aa5f-971224f36c68" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e61a1ba9c85ab774dcb35ca580282cf980bff6928695b8beb06843d73189dbdf/analysis/1575517135/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9089d054-e3b7-4821-ade2-fe2a503ae26b" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a82787b0-b591-4b01-b728-661fd6a51cb2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3538fa1-ab37-41a0-a386-067259736edb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:17.000Z", "modified": "2019-12-11T09:15:17.000Z", "pattern": "[file:hashes.MD5 = '765a1ad5d398f68c33244b731a8b7aa0' AND file:hashes.SHA1 = '65203d721373347d82c78f8bf4cce090211e65d6' AND file:hashes.SHA256 = '123954a33e65c8ac28dba816e408fba324e4f5984a08dfa94f7640d5dc429c1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a32cea7-20aa-4eb0-bca9-2940c5942b16", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:17.000Z", "modified": "2019-12-11T09:15:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T18:04:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e79a806a-d62d-41a0-97f7-983322bd54e0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/123954a33e65c8ac28dba816e408fba324e4f5984a08dfa94f7640d5dc429c1e/analysis/1574791452/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d68bd3bc-b8eb-44d9-ab3c-784b4064b040" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "241a86b8-f39f-4e6a-a75c-66e0e1babe0b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2dd98880-5edb-4b1a-9bfa-b4266acdfe73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "pattern": "[file:hashes.MD5 = '8cc8bea5aa7741254150060032e25e51' AND file:hashes.SHA1 = 'edf44a3246ec8820bd73835c69551f35d54b3129' AND file:hashes.SHA256 = '7de248257c505d28976224974b20e590bcf0a5f1c6da7326147930acb8541118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c9c438ef-21b3-4629-b4a9-001374c76844", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T10:38:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a2926b73-1932-45a3-abe5-f709d6f1548b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7de248257c505d28976224974b20e590bcf0a5f1c6da7326147930acb8541118/analysis/1573468697/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02a689b0-f008-4228-8c03-e2bf2c21ff43" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "833eeee3-b906-4234-b51f-e8adf2d4d66a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0717db5b-0c11-43a4-89d2-850a05d2dc1f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "pattern": "[file:hashes.MD5 = '30b24cbd9e8b37c1a6ad1bed4e143c5a' AND file:hashes.SHA1 = 'd5909a4d3c836fcde4f7c487333f9a208c39255d' AND file:hashes.SHA256 = 'b6fddc15d6a0857ad34f4bcbaee7daa007aa2a0f042eaad8be7c5bc422daa8d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8b7c3477-583e-48b1-98eb-1759a8c1f43e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T16:54:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc323b56-9e88-4f77-abf6-bb8edc58ed30" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b6fddc15d6a0857ad34f4bcbaee7daa007aa2a0f042eaad8be7c5bc422daa8d3/analysis/1574268869/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5f48c43-45ce-492b-89b2-0212f383f93c" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "09597355-1043-4a70-8882-3f9c9cb7ab83" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4d524d85-ab4a-4b09-aa3c-ee0950ca9b0c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "pattern": "[file:hashes.MD5 = '5c39b454497e357d45b8e30265db42a4' AND file:hashes.SHA1 = 'a91711065f14ea8626ac96f7f41ee6a99a5a9d3a' AND file:hashes.SHA256 = 'c84a1c504d3e0c5b2f9f5ce17c7874efa1704d458db3e6845ae2b12112027fe1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d64ce314-3e09-4ed3-9469-50de2887db7a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T07:08:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2851a639-1fd4-4ab9-b7ad-58134e19e2a4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c84a1c504d3e0c5b2f9f5ce17c7874efa1704d458db3e6845ae2b12112027fe1/analysis/1573888105/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f0b788e3-f905-4f8d-b2de-d5ae943a64d5" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ac76b11e-6339-4ca6-87a4-2ee340cead77" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23dc2bb0-649a-4e7e-916f-ca57f3d41232", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "pattern": "[file:hashes.MD5 = '82151cc56f7d1e0851e32c5324d25929' AND file:hashes.SHA1 = '881ec44a8cf88d6dac48c46e8615a46d23bc77e8' AND file:hashes.SHA256 = '5b3fd34ea531bec8d64fa5ccf6bfe216a06984fd02d7384ba3914814d744d6d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fffa31cc-b7da-4435-8da4-4217eae9da3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:18.000Z", "modified": "2019-12-11T09:15:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:28:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "56f61a6a-f561-4444-bf02-51da8624cb27" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b3fd34ea531bec8d64fa5ccf6bfe216a06984fd02d7384ba3914814d744d6d0/analysis/1574332129/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ea17beb-e9c1-41fc-8b31-ed6473a8180c" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "815de56e-dd74-44d2-a7be-a86b372646af" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eee91a25-6f52-41dd-9fb9-9cfd82b106be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:19.000Z", "modified": "2019-12-11T09:15:19.000Z", "pattern": "[file:hashes.MD5 = '4023bb5c864a972e44b5c0ae9af06ef0' AND file:hashes.SHA1 = '1c1755c9a7aa0692d1a1d8625092290f3b9b160a' AND file:hashes.SHA256 = '0e6f9a877d5b73a03b475db5f2ec9a4052c330a186942cb61febbd2d7dab2a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8f64c7ff-e13b-4ff7-86ec-140e2e9c10d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:19.000Z", "modified": "2019-12-11T09:15:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T14:05:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c27f5905-23a0-423f-9d65-ccf4b518a57b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0e6f9a877d5b73a03b475db5f2ec9a4052c330a186942cb61febbd2d7dab2a91/analysis/1573653919/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48f07e14-0bb7-4ce9-ba15-7b9e578c1088" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d046ea8-b5d3-4810-aa51-a7e0c3e3c659" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca547016-95aa-46e4-8bf5-1230c0ec95ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:19.000Z", "modified": "2019-12-11T09:15:19.000Z", "pattern": "[file:hashes.MD5 = 'da6ac34a859f5089c75b17f57618397d' AND file:hashes.SHA1 = '26473b5c17b8806c622181fd01c3fcdf704ad97d' AND file:hashes.SHA256 = '9514a036805d3a7973980175968b5f43d7ee14af461d8a966f9dea02ee2ebb4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6165d746-908d-4b45-970a-cff224beb318", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:19.000Z", "modified": "2019-12-11T09:15:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78092ce2-7706-4fcd-a75e-32868ee3f13c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9514a036805d3a7973980175968b5f43d7ee14af461d8a966f9dea02ee2ebb4d/analysis/1573722647/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "11382269-bf18-4685-884a-ff6c7843bb11" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c506e7b3-2a3a-45cc-87b0-0171603b2e42" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4a70633-da70-44d0-966b-fba6df61eaf4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:19.000Z", "modified": "2019-12-11T09:15:19.000Z", "pattern": "[file:hashes.MD5 = '79ae0b30e5491b3688bdde130d747510' AND file:hashes.SHA1 = '21d74db328de2657b186e43a94c39aaf53516cc3' AND file:hashes.SHA256 = '5ac92f676d9698faa5b6f5b63b7b8605e62994cc766d5516635d7ed40f70cd35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--822b9cb0-6e5d-44fe-8b7f-f19c63897c15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:20.000Z", "modified": "2019-12-11T09:15:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T14:56:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e2f809e1-d169-4671-a922-8e9f5d764426" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5ac92f676d9698faa5b6f5b63b7b8605e62994cc766d5516635d7ed40f70cd35/analysis/1575212209/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "44ad2986-820c-487b-a373-b771db9ef5b7" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dc4b358e-d8ee-445e-8670-c0cf1d393cce" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--107eec73-a024-4922-b0c4-afedf04ceaed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:20.000Z", "modified": "2019-12-11T09:15:20.000Z", "pattern": "[file:hashes.MD5 = '60d64d8bd27e8ed098dfb6de59cce112' AND file:hashes.SHA1 = '5915cdc62d7f762aa7192be42116e51ee3b20848' AND file:hashes.SHA256 = '203cbe5480d28edc12930a107b24f625cf0efd10cdcdb954dbc122f9e2c74eb6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--62b3af6d-e571-474e-b4ea-8902b569ce7e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:21.000Z", "modified": "2019-12-11T09:15:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T23:00:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e025aa32-85d8-4a49-97ee-e1bfbcbcf816" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/203cbe5480d28edc12930a107b24f625cf0efd10cdcdb954dbc122f9e2c74eb6/analysis/1574550001/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2c79031c-219f-46cf-9c6d-11b9f92a4eef" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "23e8b5ec-a6af-42ea-a1b6-23b9b91be32e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c53ddfa1-a388-46de-980f-2046696f05b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:21.000Z", "modified": "2019-12-11T09:15:21.000Z", "pattern": "[file:hashes.MD5 = 'b654f9894ca5c16598030e2f4ec0eea7' AND file:hashes.SHA1 = 'dce0e52488ab1b04e7832714c026b4b845c2e83e' AND file:hashes.SHA256 = 'ff9133669c7f22c1b09d8ba869c490ac9d91da045762401eb975b600e051a643']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6d3ef398-bd13-4015-9058-e2eac116d851", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:21.000Z", "modified": "2019-12-11T09:15:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T12:53:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d430f374-351d-4f39-b09f-8b66a0d44d22" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ff9133669c7f22c1b09d8ba869c490ac9d91da045762401eb975b600e051a643/analysis/1575032028/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ec96f6d-5a22-468a-ba6d-d72e1ebcb81b" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8b191683-57d0-4464-9915-f696c263f775" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5ac22fb-0656-49c4-a9b9-50958ef4f078", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:21.000Z", "modified": "2019-12-11T09:15:21.000Z", "pattern": "[file:hashes.MD5 = '7ba340663633e281b72c204b12154264' AND file:hashes.SHA1 = '4f94b69525787d822d8ac6b7605d98bc6bb16d8f' AND file:hashes.SHA256 = '68443a2fb7c7e5aca2209a3955cf39c716c5f5a915173746e4b27a9c4d70cb1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cfdac520-216e-4097-b168-f42f780b2386", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:21.000Z", "modified": "2019-12-11T09:15:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd26c939-55c2-4338-94c3-c982000d7f9b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/68443a2fb7c7e5aca2209a3955cf39c716c5f5a915173746e4b27a9c4d70cb1f/analysis/1574062642/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "607d03b2-6233-4a11-ab72-28e9a6db106c" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5d66ec6-586c-4826-927f-ddeb2ab1d646" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c714bd9-dc11-4c58-aa9a-ce8e7b35c10e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:21.000Z", "modified": "2019-12-11T09:15:21.000Z", "pattern": "[file:hashes.MD5 = '97c441feba7e992f06c20ba02e1b732d' AND file:hashes.SHA1 = 'e88df053f71dcc2d1f424963fe4c5832ff8e7e22' AND file:hashes.SHA256 = '5d241730dafd29e909c9c4f4c172561fedb783c786dc865854d3e7bea0c9120d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef16804a-b4f8-4abe-92ee-8ccc6e30030a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:23.000Z", "modified": "2019-12-11T09:15:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T01:35:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4fce52d5-79ae-4a42-b5c3-c57eb1e562a2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5d241730dafd29e909c9c4f4c172561fedb783c786dc865854d3e7bea0c9120d/analysis/1573781746/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc8c704e-6683-4c01-b3f4-c4709c8272ae" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6fade1da-0ed8-4c8b-8646-199a9c7405c7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9b51778-96b9-4bd7-bed6-a45935fa6e0c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:23.000Z", "modified": "2019-12-11T09:15:23.000Z", "pattern": "[file:hashes.MD5 = '5ae6fee9511abd024b956eae12e83eed' AND file:hashes.SHA1 = '71a0e7703f9582fa02b30986c7439b7192bfc3e6' AND file:hashes.SHA256 = '6cde3711c42fda4fc47d075bc1885657a8f1f5000bfb3c40f99a62dc2d33359a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--944ef95e-0873-4427-8ba7-a07d8f180213", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:23.000Z", "modified": "2019-12-11T09:15:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d150694-7279-4b58-92a2-7c2f277a3922" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6cde3711c42fda4fc47d075bc1885657a8f1f5000bfb3c40f99a62dc2d33359a/analysis/1574936788/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eb120d28-8e2c-4625-8521-7b28300e8f7d" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "34b3f2a0-1285-48bd-bfd8-e3041c39c398" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d90d7510-b18d-425a-b1cf-d801ea2c3728", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:23.000Z", "modified": "2019-12-11T09:15:23.000Z", "pattern": "[file:hashes.MD5 = '5eb1a8496461968d471994aacd6fa8f5' AND file:hashes.SHA1 = '2588efdac2d9f17f77a27c9ee730e96d4c182076' AND file:hashes.SHA256 = '060d74a4f7818bf7fc147aa5e2ee4533a7add3605d4014cd4a6c58916c6172d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c2d36373-d8f8-47f8-9a7a-96d0b308858c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-25T01:24:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0427eb65-3b66-4489-8486-befd8d6affe0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/060d74a4f7818bf7fc147aa5e2ee4533a7add3605d4014cd4a6c58916c6172d8/analysis/1574645064/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47590fc6-0fda-467a-bc59-9a395b2d3d07" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "868ad75b-3bb7-438e-a6f6-4f6d23f1d5ad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e373fa3-f338-4be8-9b0c-d217612f616c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "pattern": "[file:hashes.MD5 = '5dc7b892f6238c6bd9f62a450f4a0c62' AND file:hashes.SHA1 = '5ed50ec94b13069c872ad8db8f836f214dc45681' AND file:hashes.SHA256 = '1fef6dba7c44624e4d7c3066cca2cf4fd4dd8ba6ba7f3399373e243c96e5a1be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--830692b4-bd66-4352-ab65-39e17bf659a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-10T05:40:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "877be630-c256-4437-9761-81521d572367" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1fef6dba7c44624e4d7c3066cca2cf4fd4dd8ba6ba7f3399373e243c96e5a1be/analysis/1575956424/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53686b50-7498-4232-add9-d850b5c9b5ba" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "623b6062-852e-403d-b569-ff160e2b85af" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fab8ae84-bdd5-4190-ab4e-56d8d18efd3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "pattern": "[file:hashes.MD5 = '1264e1194ff8484b335ffb92d7c2fb77' AND file:hashes.SHA1 = '618d5dc876a384364cd6d17d494beed6b6af1e9b' AND file:hashes.SHA256 = '2f250c57106a44356f14a671e1f9d71c73444de0405da37eaa747128139958ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--564b429c-6277-495d-bb51-8360233835d8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:39:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "69045977-7dc8-4c69-a605-586682443d14" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2f250c57106a44356f14a671e1f9d71c73444de0405da37eaa747128139958ad/analysis/1573425580/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22797458-a231-4ad0-9bd8-19c19faf797f" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "46fb88eb-dcb9-4780-902d-e50cfed23d6a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5234ca77-d73b-4679-9fb8-1cf66a877229", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "pattern": "[file:hashes.MD5 = '7d59fdffda06445f71470c588c8574f2' AND file:hashes.SHA1 = 'ceb478ab05e08c6c020cdfda4258cd68fd5ff763' AND file:hashes.SHA256 = '3286ff9f319d913c1d05725c17eee4548df331c36da0ea2e49d945e655f54ca4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--74c0b91c-8211-47db-b595-dd05b2dcf8af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T14:36:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ef055d1f-7a1a-477c-915f-ac23c87c736d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3286ff9f319d913c1d05725c17eee4548df331c36da0ea2e49d945e655f54ca4/analysis/1574778985/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9498af92-4409-4164-820e-f6334ff82c70" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "21d652b9-9910-4af1-baa0-6cc44768e07c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e84612a5-d35b-408c-ae9f-896ac729316d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:24.000Z", "modified": "2019-12-11T09:15:24.000Z", "pattern": "[file:hashes.MD5 = '7defdd5c4ba721f11f3e52a5d2e2dcfb' AND file:hashes.SHA1 = 'd46a1877ebb0c8d89b765318ea12380438360f6a' AND file:hashes.SHA256 = '7934ca1ca0a9ec30065d12a2f5d4dbdc7df71eef8e8af8d92bf5feae7850e43b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9846dd5e-b532-4be1-a46b-388972733ae6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:25.000Z", "modified": "2019-12-11T09:15:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:43:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3de06f67-6013-4305-a2a5-cc329da39a67" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7934ca1ca0a9ec30065d12a2f5d4dbdc7df71eef8e8af8d92bf5feae7850e43b/analysis/1574332989/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "79be03f8-56e1-4224-82ce-732a5d0e55ee" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "14a3e3e4-c0e1-47be-9f40-37e4c263859a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f22fe4d-0718-4842-973b-fb3836213ed1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:25.000Z", "modified": "2019-12-11T09:15:25.000Z", "pattern": "[file:hashes.MD5 = '8e454933453fd6f99a0b113c18c72c37' AND file:hashes.SHA1 = '42d71865d01e962a7a1de4b60303811eead9c35e' AND file:hashes.SHA256 = 'eec5855647c376dd2e363d18cdc499d5cb525ee2ca1f62335336d5c13711443c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a0f19881-bd26-4557-bb1a-434cb9beb1d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:25.000Z", "modified": "2019-12-11T09:15:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "513ef635-9a5e-4d10-8190-963e7168df2e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eec5855647c376dd2e363d18cdc499d5cb525ee2ca1f62335336d5c13711443c/analysis/1573722651/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0f03622b-f453-4f43-9a45-94fafa2033b9" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b3458cf-c61a-4dcf-a49c-5161cac62ffb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--970f7ff4-676b-461f-bb28-9c2a7729d453", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:25.000Z", "modified": "2019-12-11T09:15:25.000Z", "pattern": "[file:hashes.MD5 = '33b06c429c6f72e77bb14f17d0cb6ec7' AND file:hashes.SHA1 = '45a579d74d4b9c60e2a64d63114ab968bae42375' AND file:hashes.SHA256 = 'e849704aeebdba473d11c4f0dc330b369b0b2183034387d550ebca1d8225c901']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b69436ac-21a2-413c-83b8-77e1314c6269", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:25.000Z", "modified": "2019-12-11T09:15:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T13:37:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4031830d-86df-4472-9d01-76651952dbec" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e849704aeebdba473d11c4f0dc330b369b0b2183034387d550ebca1d8225c901/analysis/1572961034/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b654b7a1-aa4f-4936-996c-440c6f4fc912" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a68ae092-e4fe-49d0-93cd-06408ec20585" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79091794-26ae-499c-aebe-2494a65a9c04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:25.000Z", "modified": "2019-12-11T09:15:25.000Z", "pattern": "[file:hashes.MD5 = '2d92ce7746a6783437fe7447c354d927' AND file:hashes.SHA1 = '55c9bffab19b01b3c550c6d24d5ed09755bac741' AND file:hashes.SHA256 = '16265e842f45a44cdabceddd2af7cb0910130d819dff4b82af7aa5972294f5c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1ca35cdf-ad36-487b-9eb7-baadf951f44c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:26.000Z", "modified": "2019-12-11T09:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:37:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "231b7fa8-d736-48de-becf-0cd9206dd745" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/16265e842f45a44cdabceddd2af7cb0910130d819dff4b82af7aa5972294f5c3/analysis/1573961856/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aaf8f1ce-bbbc-4c8d-9398-4e15e167659a" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "df14b13b-ff40-470e-a723-01348bae44d1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bad3e71f-dff3-413e-b388-694833e99291", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:26.000Z", "modified": "2019-12-11T09:15:26.000Z", "pattern": "[file:hashes.MD5 = '9ede2dff7c1c85ec89d3a2ce27a15b6d' AND file:hashes.SHA1 = 'ef552ba1c653895a14ffda40100e0a392f96c361' AND file:hashes.SHA256 = '53af038821cde1f915bf0168cf1e459b7e32219d7a8798175f521dae6ca6fb49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29395e5f-bfbf-4bf0-a0d2-0282023748c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:26.000Z", "modified": "2019-12-11T09:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b82e4816-a5aa-43a3-be99-434ad04441a3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/53af038821cde1f915bf0168cf1e459b7e32219d7a8798175f521dae6ca6fb49/analysis/1573722648/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "68cb5114-84fa-4161-8ed2-6e103de9f9f3" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ebc71a2d-250c-4bc2-a981-3041284ca4fb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b54c01e1-4d36-4567-998c-d4fc934e3ba3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:26.000Z", "modified": "2019-12-11T09:15:26.000Z", "pattern": "[file:hashes.MD5 = '01580f87ce531650aa7f22991d8bce67' AND file:hashes.SHA1 = '89eafdb9a16d4bc5d541ea98d339be7c9ad7fd60' AND file:hashes.SHA256 = '2f34ccf1ab15958cf6eae626712718a6de864378732fbcdad429967c58633b5d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1f653f28-d3cb-4254-91b3-e62ecaa7a324", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:26.000Z", "modified": "2019-12-11T09:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:54:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d3cee02-8c15-4ff2-a212-bea20824d123" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2f34ccf1ab15958cf6eae626712718a6de864378732fbcdad429967c58633b5d/analysis/1574250840/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1faadb6d-213f-42aa-aff7-eb778eb373b9" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1a4974c-58e2-4001-abbf-1a1724a23d54" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd742976-f97e-457d-88c0-51c6a8ff95dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:26.000Z", "modified": "2019-12-11T09:15:26.000Z", "pattern": "[file:hashes.MD5 = '91e62c7e308c8dd2344dcc98f2abfd7c' AND file:hashes.SHA1 = '4ee4c88a8786bcce41bd66648d4990a4e050f594' AND file:hashes.SHA256 = '2e780ffa83a09b488f02216b24c69b89b3bf8b7401cbd7551f10e3e082f1711d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76841c9b-9b53-47cb-bb88-0ccebed9f734", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:27.000Z", "modified": "2019-12-11T09:15:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ac5f22a4-667c-47ff-a637-da72a8983cf1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2e780ffa83a09b488f02216b24c69b89b3bf8b7401cbd7551f10e3e082f1711d/analysis/1573722644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4453e221-4ae3-4f67-97aa-d1451c7c7026" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8f379760-c93d-4cc2-8056-4d9dc8797fb0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bfb789b0-2ceb-4a1d-9539-1e412e2024d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:27.000Z", "modified": "2019-12-11T09:15:27.000Z", "pattern": "[file:hashes.MD5 = '76393b6fa986ba91b90c5ba0bc64e46a' AND file:hashes.SHA1 = 'c3bf0ea295672f080fc4f850329344571b0749bf' AND file:hashes.SHA256 = '6451fa2d64dcc6b31c5d06e59d3b2c900ae420a5ad9d9fee87e8a39ad3a64c3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7fbf0609-157b-4d8a-b7e9-1c14ec63a169", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:28.000Z", "modified": "2019-12-11T09:15:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:50:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "223329a9-d990-4b74-954e-8090b7a8c568" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6451fa2d64dcc6b31c5d06e59d3b2c900ae420a5ad9d9fee87e8a39ad3a64c3f/analysis/1573894231/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0aaff2ef-9e2c-469f-905b-3cd8b5028605" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26d9d8d1-6b82-4f4d-b537-338dd6735cf5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9b8737c-a356-4ed8-8275-7cd7afae9b2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:28.000Z", "modified": "2019-12-11T09:15:28.000Z", "pattern": "[file:hashes.MD5 = '6f0f832453d64d630b1aba05003de65e' AND file:hashes.SHA1 = '4006b5d36b7d9ab1ea65e71c2999618d1862ac3d' AND file:hashes.SHA256 = '84c830d00205e5eec89eb6d87555785f200ba5cb94f5a7b3ddea4b67c41fdeb7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4a1fb428-1395-4bcb-9d60-9698ae754c95", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:29.000Z", "modified": "2019-12-11T09:15:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T16:02:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "646b39b2-c156-48e7-ad59-7738abce55a3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84c830d00205e5eec89eb6d87555785f200ba5cb94f5a7b3ddea4b67c41fdeb7/analysis/1575043343/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "07707470-a680-405d-a0ed-e05160a1b944" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3b0d6922-ca9f-4c42-a601-095bd7d8d9e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2956e51c-200d-426f-8eb0-afde5b6d8200", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:29.000Z", "modified": "2019-12-11T09:15:29.000Z", "pattern": "[file:hashes.MD5 = '574b113bd010a1a7d89e2c0b6697a903' AND file:hashes.SHA1 = '6f8c3131194b7f4db8f2cbf8e7997db14380aeab' AND file:hashes.SHA256 = '7d61fcb28088fc3713bdb09a3b8b3372a494b449bcdc0bc1631c541d2ad25504']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1a3316e4-b260-45b1-bdf6-5db657f71d9e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:29.000Z", "modified": "2019-12-11T09:15:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:37:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "867abde0-1559-4902-83b8-539c0987b127" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7d61fcb28088fc3713bdb09a3b8b3372a494b449bcdc0bc1631c541d2ad25504/analysis/1573961860/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f00f138c-b948-4781-9ab7-927d1584f037" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6d58aff-7ddc-4e72-a8cb-34616bd3852a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--858b9465-0a70-45c0-85fb-83633f3913a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "pattern": "[file:hashes.MD5 = '1911897f8b749e757896f56471dd9899' AND file:hashes.SHA1 = 'cef23a74493af71381589277ade2c01f4258ee36' AND file:hashes.SHA256 = 'e063f4f4e14c56753a6672861bb5a44bfade383a94aaa84766eeb870205ef53e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--158928a5-e941-409a-9300-7fc5b2b59fb2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T12:27:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0fa8782c-689c-479d-85b2-9712225d503a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e063f4f4e14c56753a6672861bb5a44bfade383a94aaa84766eeb870205ef53e/analysis/1574771248/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a8780a41-f9f2-4400-8675-f93940a4fb9e" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b78436ef-d14c-46a8-a8bd-53a2cbee3038" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7433c594-7224-453e-8be3-480918097012", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "pattern": "[file:hashes.MD5 = '5e95135bbced46d92c9091b822331d2a' AND file:hashes.SHA1 = '20d9db124882f5f0624348b7fb4c22261d3d495e' AND file:hashes.SHA256 = '5f1de6fb357ee5821e86dfb0c373ea29a600769e8a83b70e77e4ecb284768302']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--977810dc-56c7-47dc-aebe-e65b0c1bcdab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:44:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3572b3cd-5f78-4574-9b34-0d229aa40abd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f1de6fb357ee5821e86dfb0c373ea29a600769e8a83b70e77e4ecb284768302/analysis/1574333046/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6abbe2e1-3e8f-44fc-a315-ee6f3bee104e" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0d2ca73c-33b5-4d17-9166-7d7f24203207" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--556e15c5-218b-452f-9df4-7ed5143cd879", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "pattern": "[file:hashes.MD5 = '74aadd783d4bd9eae7284c86966e9fbc' AND file:hashes.SHA1 = '83dc76deef3d130bf651f0cfaef6adf7bd8d9434' AND file:hashes.SHA256 = 'b130c34d608b40a3770f6833a79aaf3dd8c21cb9ee2eb9cbd6b80128cfb8d200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d12ab561-6b0e-4aed-a73d-c9cabb8f54cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T10:15:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9e6779b5-9b05-4c46-b918-d8da2435f4af" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b130c34d608b40a3770f6833a79aaf3dd8c21cb9ee2eb9cbd6b80128cfb8d200/analysis/1573640104/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "689c540e-cde0-4145-b10b-76ee2c464b77" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7c644e79-dcc9-44e7-bb93-89bf7d227877" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6942c9ea-f904-406c-9a9f-2fe4e43a5c65", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:30.000Z", "modified": "2019-12-11T09:15:30.000Z", "pattern": "[file:hashes.MD5 = '4b98d4e2c52ee4438c2f9a0e31262e56' AND file:hashes.SHA1 = '93298a033c8cd236fb965d72c910a4d93f6c843e' AND file:hashes.SHA256 = '80a07c5c111eb78c26ae8b707f9c02ca75584a0038994bb4523cec0ed018ad5f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5fbfff3b-8a04-475d-8c33-7242bcfa7e1e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:31.000Z", "modified": "2019-12-11T09:15:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:20:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b4a77df3-7882-40bc-893a-da80da05b471" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/80a07c5c111eb78c26ae8b707f9c02ca75584a0038994bb4523cec0ed018ad5f/analysis/1574331644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cef6c025-fc42-4be4-94ad-0f99334407bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "52a6df68-8171-46db-aed6-3e9938cb36ac" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5225ceb8-f692-46d2-a37f-f4b1bff422fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:32.000Z", "modified": "2019-12-11T09:15:32.000Z", "pattern": "[file:hashes.MD5 = 'c5b522afef188ce2c6d53c3f2ce50ecc' AND file:hashes.SHA1 = '633695c6f34cd38588b2b399a49e38991cfc5701' AND file:hashes.SHA256 = '41e02e68c13e610488e285a5df79977a807974e9b7cecccc1bf8036aac2eafa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a4dd923d-e33a-4766-b505-14320eef16ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:32.000Z", "modified": "2019-12-11T09:15:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T03:34:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "01975c92-c936-4a21-be3d-6997235ce2b4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41e02e68c13e610488e285a5df79977a807974e9b7cecccc1bf8036aac2eafa4/analysis/1574825691/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26c8ba85-d614-4323-b5e6-b354f11267e8" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3affc1d3-14a0-49ad-a5bc-388b89429610" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f22cdc6-7815-428f-8db3-2f12ed08f365", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:32.000Z", "modified": "2019-12-11T09:15:32.000Z", "pattern": "[file:hashes.MD5 = '06a6c10d1305d3a36ee1cf0d0eba5cf9' AND file:hashes.SHA1 = '80e290eff5bd1a633d2331ec913d461688c406a1' AND file:hashes.SHA256 = '86856ae49b89dc11ce60764c5cc099cacb3d86cca312ecf1b4a911f74e81f75c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--da7ab84e-ac1f-4045-abd0-7e8a7a7c81bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:33.000Z", "modified": "2019-12-11T09:15:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T06:31:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "489bc8f5-d584-4da7-b473-b74c32bf8da6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/86856ae49b89dc11ce60764c5cc099cacb3d86cca312ecf1b4a911f74e81f75c/analysis/1573626709/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "632c253f-1b43-4360-9294-1852faa79f3a" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99df9ec8-99a4-4cf1-859e-6abd5435bb5e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9648d79c-e673-465c-acc0-5305dea0752a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:33.000Z", "modified": "2019-12-11T09:15:33.000Z", "pattern": "[file:hashes.MD5 = '7af415c4ea6d1f8b4aafc44b75acb345' AND file:hashes.SHA1 = '159337b9dcf360ab29642fa77817c76255a2f8e9' AND file:hashes.SHA256 = '8dad0d94b2a5f0e442dfc8b600c9f1b0011706728903a6dd72ed035cf8d62e8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e1dfae7d-d10d-4f84-9232-2a257263fd54", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:33.000Z", "modified": "2019-12-11T09:15:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:48:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf0f1eb0-58a0-47d4-928f-fe878e21d02d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8dad0d94b2a5f0e442dfc8b600c9f1b0011706728903a6dd72ed035cf8d62e8c/analysis/1574549313/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99811629-fb0e-441c-afab-faffa53a3079" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88365433-0a1f-4ac0-8afe-da65ae5f94dc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b0e1b4f-e4f0-4c50-a085-72f73fb42e33", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:33.000Z", "modified": "2019-12-11T09:15:33.000Z", "pattern": "[file:hashes.MD5 = 'd1e0dec5720c4ae98cc28f66032098d5' AND file:hashes.SHA1 = '7c74919489b0911c7c35412eb7a379fd1d23e4fb' AND file:hashes.SHA256 = 'a6255ce706db85a4ff427ec9d34dad32c59baddec430f32f99fa957a145fde9b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a7841efc-7297-46b2-a0d7-de38e9dadc77", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:33.000Z", "modified": "2019-12-11T09:15:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:06:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4fc64ec1-289f-4ff9-9643-8bdde253fffa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a6255ce706db85a4ff427ec9d34dad32c59baddec430f32f99fa957a145fde9b/analysis/1573394768/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93777e4a-4faa-4211-a5c5-b98ac79d4d58" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "19cb7501-d9ce-4a66-98ce-b4f3382ba691" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97740513-6b6a-4d71-b58b-10247b79b46a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:33.000Z", "modified": "2019-12-11T09:15:33.000Z", "pattern": "[file:hashes.MD5 = '3d3c42d3a1c3d239a04aba24dfaf346a' AND file:hashes.SHA1 = 'b29e8fe9b73ff3a147c34f7529d0e3bfdb1dcb21' AND file:hashes.SHA256 = 'c680fc7b51a0cee302bc5fb4c39921c22c1253d2bd339a09c1507ccddfffce3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f374d92e-ae65-47b4-8c7b-80394675594d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:34.000Z", "modified": "2019-12-11T09:15:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:23:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8d82f8f7-c85b-4bf4-b629-4fe7bdc573cf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c680fc7b51a0cee302bc5fb4c39921c22c1253d2bd339a09c1507ccddfffce3d/analysis/1574547821/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f169ecce-1d0a-48a2-964e-e738f895211a" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3767652f-ca3e-4d37-8efd-68b0b5341d0c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9641df2c-64d9-4949-a376-93999f2c1ed6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:46.000Z", "modified": "2019-12-11T09:15:46.000Z", "pattern": "[file:hashes.MD5 = 'b483eefbcc517035bdafa4d0164c99b6' AND file:hashes.SHA1 = '75a157315fb627f75b038afe8b4482a217ca85fa' AND file:hashes.SHA256 = '1ecedf01f1142c1616882e79f2d554e0e6c51e55e59392948c505d7dc12aa430']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cb668e55-75bf-4b47-bfde-31713c7aa475", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:46.000Z", "modified": "2019-12-11T09:15:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "613d5275-8c29-4e58-9c21-1ff0f1102e4a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1ecedf01f1142c1616882e79f2d554e0e6c51e55e59392948c505d7dc12aa430/analysis/1574062655/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cec0fa12-914e-4f64-9672-ec47fb1c5bb0" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b335c5ef-ecd1-42db-9a62-95b2c52bcdf3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0647a406-ae28-4819-9bda-5305edb9da80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "pattern": "[file:hashes.MD5 = 'c86bc66105b87bf66a3409d23c99729d' AND file:hashes.SHA1 = 'ccd7c669c16f94d95d81bdf59a52fa2e137c1e2b' AND file:hashes.SHA256 = 'f27e019ac525aa96c91de1861c4fc33d79648b0f7f04a8b881f52565ca4de20a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--43e87703-8b04-49b7-bec8-700f4da208a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T14:32:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "027dec73-b213-45a8-81cf-d4656929d955" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f27e019ac525aa96c91de1861c4fc33d79648b0f7f04a8b881f52565ca4de20a/analysis/1573569141/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "752489c7-8f08-45cf-b68d-2c776105e586" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1aec408-b940-4756-acd5-ffca7eff021f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89931ac3-de3d-4e51-b5e5-038fd15da894", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "pattern": "[file:hashes.MD5 = 'dd617f72c9fda0eaa4db3f6bf055649c' AND file:hashes.SHA1 = 'caebdc0e395f7a282eb44c20d2e29bb2011db441' AND file:hashes.SHA256 = '855164a11c1c387e06ee37f28ec8795b0cb169a75ebbe1a62143c5a34f0ff1d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1bd57d79-f05b-4dea-bbfa-b9a121fee8f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T03:42:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3d8e479b-c70f-4beb-8a90-c5b2bebf1069" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/855164a11c1c387e06ee37f28ec8795b0cb169a75ebbe1a62143c5a34f0ff1d5/analysis/1575171720/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf212385-7105-4108-9d4c-e415d1151ade" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1933bde2-c4a7-4003-9445-39517d84b160" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44c7c2d3-f768-4143-84d0-4994eba100d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "pattern": "[file:hashes.MD5 = '156d9f603a99521c9b9f99368f3d3779' AND file:hashes.SHA1 = '73ff78ec01f22d3648367d0fc2e460e1e0c28251' AND file:hashes.SHA256 = 'ceadfea8ea204382f4ce75d7f15a73f412ea54c28e49828b1f5358ee4d0b831d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fed8de15-950a-446c-b45a-be7ded28131f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:54:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db9b4eef-1d10-443a-8af4-3b97568e9d2a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ceadfea8ea204382f4ce75d7f15a73f412ea54c28e49828b1f5358ee4d0b831d/analysis/1573894444/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "967ef41e-6b06-4a61-bf5c-fa1e571f2cc0" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5d53a5d2-8302-4d25-a526-5faddc681670" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--424730a3-d4b8-4008-ab0f-86a7d157d85c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:47.000Z", "modified": "2019-12-11T09:15:47.000Z", "pattern": "[file:hashes.MD5 = '6a3613beb08a841280d3cf9bed14e876' AND file:hashes.SHA1 = '53053a4927928fbab24577b03f86f5c45a09d7be' AND file:hashes.SHA256 = 'b755f549334e2612c52a2632752eb60d124b69e632f6c7fbe964fbce42aee440']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a226096d-61fb-428e-a5c1-e90cb67593c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:48.000Z", "modified": "2019-12-11T09:15:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T02:40:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "694be36b-6b3d-47cc-8ccb-c3f92d16a42a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b755f549334e2612c52a2632752eb60d124b69e632f6c7fbe964fbce42aee440/analysis/1574908856/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7c6d8c44-e939-46d8-9de3-317faa8f5b65" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5b88eeeb-590e-4383-9eba-b8c9a4517000" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f1a6d16-b82e-44a7-a80b-c4ecc8de3f68", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:48.000Z", "modified": "2019-12-11T09:15:48.000Z", "pattern": "[file:hashes.MD5 = 'ca7a74f3f3e3425a125f2d84c9e245c9' AND file:hashes.SHA1 = '6413e7a0727d727659e94bfb713b200fc04e545f' AND file:hashes.SHA256 = '567ed308ecd24dfd17bf249ded1d13cef9dcc5f28426970615f5dfae4e2faccc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--271b2ddb-776a-4903-9371-201a5fc9d40a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:48.000Z", "modified": "2019-12-11T09:15:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T13:41:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b4321262-4d72-4237-a171-794ed63c6df3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/567ed308ecd24dfd17bf249ded1d13cef9dcc5f28426970615f5dfae4e2faccc/analysis/1572961286/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b64f168-026b-49dd-abb4-7c83d8d851c8" }, { "type": "text", "object_relation": "detection-ratio", "value": "13/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81bd7f0c-679a-44c6-984c-e48c7f04eeb6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--901e56b2-8f8e-4f3c-b98e-812da51a8e8c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:48.000Z", "modified": "2019-12-11T09:15:48.000Z", "pattern": "[file:hashes.MD5 = 'e767347f7a5af9580e847c91947b4b8d' AND file:hashes.SHA1 = '4a45ce9162ad5c65b63ed8d4f9bb67767449f274' AND file:hashes.SHA256 = 'e3b3f7195bd380f9fdc3192b24d0958db1e99937646a795e97f1db1a86b67756']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4978e001-da37-49e7-9401-22eadc89f2a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:48.000Z", "modified": "2019-12-11T09:15:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:53:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88c265da-ab73-487e-a47e-117ea75ec272" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e3b3f7195bd380f9fdc3192b24d0958db1e99937646a795e97f1db1a86b67756/analysis/1574333621/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "213177b6-f9d9-436e-b0da-a824748f881e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "32beb842-37c6-4bf1-8ae6-8ba2d28cf40d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b941fbca-a22c-4ff4-929b-fd1cadfb7fbc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:48.000Z", "modified": "2019-12-11T09:15:48.000Z", "pattern": "[file:hashes.MD5 = '7c86fcbe07d2ba4eb5e6d3707b28c609' AND file:hashes.SHA1 = 'ad64cfa882ebd84fa370a7da8e417d38ffdef3e3' AND file:hashes.SHA256 = 'd6720180c4bcf1e2d01fef9ad426edc52917286a5807a518468eba3e4aed7b53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6730f7da-0e56-4dbc-a917-812a43136628", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:49.000Z", "modified": "2019-12-11T09:15:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T20:01:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74cab9db-cdaf-4b7b-8b57-5906c46cfc45" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d6720180c4bcf1e2d01fef9ad426edc52917286a5807a518468eba3e4aed7b53/analysis/1574971297/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02673551-8093-4001-9a27-1fb9ba07c5bf" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f32cb45b-9ffd-4dda-8e65-cccd046fe75f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd07c58c-55cb-4f10-83a1-1a06dc64a1f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:49.000Z", "modified": "2019-12-11T09:15:49.000Z", "pattern": "[file:hashes.MD5 = '4ad35d4f2bcebb3b983878fb56771d02' AND file:hashes.SHA1 = '64f3060a2d77801ca9184f2d9a81874c60aac6c4' AND file:hashes.SHA256 = '8ccc4fccbb17b53e702f18f86dc88bd362c1bbbd7affaa26aa96bf4f655f3bbb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dc4db6ff-2801-43dd-9fb1-aafc185e8c78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:49.000Z", "modified": "2019-12-11T09:15:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:25:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2634f959-358f-48f7-8e78-5516614d4575" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8ccc4fccbb17b53e702f18f86dc88bd362c1bbbd7affaa26aa96bf4f655f3bbb/analysis/1573737956/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0dec6d0d-1385-43cb-b429-66ac3dafa808" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2799786d-a5ec-4396-a1c2-f93c269217e0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b16200d2-460e-4519-8dc3-e2b344f6cf18", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:49.000Z", "modified": "2019-12-11T09:15:49.000Z", "pattern": "[file:hashes.MD5 = 'c5d0ff1a5c2f370dc99628dbd2c2e04c' AND file:hashes.SHA1 = '6b91bcb2c9841a8e150ddc098771f219cf931a1a' AND file:hashes.SHA256 = '1a59ce8bc8290a2a21af2f6914566a2301e3f2c1dca2f42749d16f037b2c805a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--baccedae-b49b-44ef-9a96-77c1f0d1c78b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:49.000Z", "modified": "2019-12-11T09:15:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:08:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48fa72ac-d69a-4b8e-9801-c2c6788928df" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1a59ce8bc8290a2a21af2f6914566a2301e3f2c1dca2f42749d16f037b2c805a/analysis/1574330905/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "324b2bee-a6d3-4627-8226-ad0e7cb4f559" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ec4323af-8967-45b8-ac2b-6276477d202d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f067504e-ada5-43cd-85f3-77c40814646e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:49.000Z", "modified": "2019-12-11T09:15:49.000Z", "pattern": "[file:hashes.MD5 = 'f780516cec64a05a1e779582f166d5a6' AND file:hashes.SHA1 = '8d0ded8ca8a1a294820057788d1710022dea57c2' AND file:hashes.SHA256 = 'c746410a64aace77d16a6dcd054f9a54b011539764d35286840148eaf8c75869']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9da7c678-13b4-42a3-b1d7-224235a95a58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T14:04:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "347c76c9-8be2-4857-ae5e-e29495d4deaa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c746410a64aace77d16a6dcd054f9a54b011539764d35286840148eaf8c75869/analysis/1573135445/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a316265-98e3-41e3-bb2d-60ab06083777" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "be5da45f-aca7-4270-b9b1-9b2bc8a06a49" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf6795fd-f4ef-45cc-b33d-80a5e4d2b640", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "pattern": "[file:hashes.MD5 = '18f4a008a515c7981bbbf91b85c12045' AND file:hashes.SHA1 = '1b5d496f0d5f24d3f37bbe30552b103db43f29a9' AND file:hashes.SHA256 = '0f64b020f47a73628af0bf2e62e0108e90f7d1fde5b830513bed1e7b0ee0f73b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c918c925-f940-4b22-baf5-6a2dfb4ba597", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:16:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "54f99c66-2b73-491e-be89-ec3859bdc991" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0f64b020f47a73628af0bf2e62e0108e90f7d1fde5b830513bed1e7b0ee0f73b/analysis/1573985769/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "614edaaa-16e4-4fde-89f0-632c01d94d18" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6236004d-0bbf-4cbb-a262-79a7fa1be4cb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ed5442-d4bf-4d87-a164-ab3d02136d0a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "pattern": "[file:hashes.MD5 = 'a93f14143911520f141ebf72facc1300' AND file:hashes.SHA1 = '3188052b3e05882cca36dde701cd1137cefb8827' AND file:hashes.SHA256 = 'a3c8cf44b0a0d6bac1841c641b2b9113eaeb70c35f2c2668076bea15099e1eff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--70d64ea2-0462-42af-9697-bea528a2cdf6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-07T03:24:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5cae6b47-97f1-4f22-a846-e890179ac3b9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a3c8cf44b0a0d6bac1841c641b2b9113eaeb70c35f2c2668076bea15099e1eff/analysis/1575689079/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5571faa2-e146-4ea5-be8c-821fa5d942f2" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4e4d2af-19dd-46d3-8df9-e120b36103be" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a11b9dd0-c1f3-4364-9eb8-6b05e0a2667f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "pattern": "[file:hashes.MD5 = '8d3fd8449a351e10e327dade69d8776e' AND file:hashes.SHA1 = '30ab26ef2b94259ec6e5700741f6e110ee7d8370' AND file:hashes.SHA256 = '8019eb1473eb3015d1b1f4b4f606f29976a50b24d73bb5a7276af48bb2df6b12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0f57c64c-7bbe-4f6f-ac55-7afcd42c3f35", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T08:39:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ca95473e-0720-4c1b-9ac5-a079c7cc6641" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8019eb1473eb3015d1b1f4b4f606f29976a50b24d73bb5a7276af48bb2df6b12/analysis/1575016784/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9787ad0-ec6b-416a-adb9-2b78ba6bbc0d" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f6549caf-5767-46aa-9d16-21394bf25e02" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2233994f-677c-444c-b9fa-e7ec29fccf78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:50.000Z", "modified": "2019-12-11T09:15:50.000Z", "pattern": "[file:hashes.MD5 = '6b22d9640fb06efe66fdf38de9bd2947' AND file:hashes.SHA1 = 'f0d57b3de178fa6486e4bf640b151a2139b8713e' AND file:hashes.SHA256 = 'ab7ed7cb1a0f80f7d9cb639a9c18273f7ba349512a5f759b72c892593cb65ef1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--46fc2e97-93c3-41bb-9f7d-c0471e92a5a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T16:36:07", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05a0c2ec-da2b-4c3c-9f32-90555c95e577" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ab7ed7cb1a0f80f7d9cb639a9c18273f7ba349512a5f759b72c892593cb65ef1/analysis/1573058167/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e659213c-9a52-4370-9f93-7849d901852d" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8eb9dd48-d55d-4772-805c-9e08deaf8d7b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7594f724-065f-4791-9013-fbfc82dfe828", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "pattern": "[file:hashes.MD5 = '904a3098133c5addeab6e147def15177' AND file:hashes.SHA1 = '1b58caebb2065e3130e456d52043934639721735' AND file:hashes.SHA256 = 'e5b4d4e579b38b110e44004c3b35eb8392b71224755b6a2fc45cc56359bda2b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--990d2868-e933-4aa0-ad3e-d7265cf10e15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T01:43:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "11bad437-1fc3-4d2e-b02a-35196cb11880" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e5b4d4e579b38b110e44004c3b35eb8392b71224755b6a2fc45cc56359bda2b3/analysis/1573350230/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "84f2259b-0d83-482b-8f2f-9ea8fa0ba410" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/60", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ddeb404-a7e7-4600-8755-0e88d8757804" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f0f2aa4-dcea-4938-8c5d-6364da9925c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "pattern": "[file:hashes.MD5 = 'cb7754fe17096158fb7486c7a9f9a254' AND file:hashes.SHA1 = '3b82d1aba11f0dd0b2350782abcffe7e8b3d91a0' AND file:hashes.SHA256 = '1c209ac0b2139297bc88bbf37a5262ed039bcb454abd8f75abfd21120b9df883']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8e2ea5f2-dd27-4c61-8a30-47ac5289d93e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:30:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ccb58320-f28c-4b03-abd9-c6cc341d98cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1c209ac0b2139297bc88bbf37a5262ed039bcb454abd8f75abfd21120b9df883/analysis/1574548216/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8aacb335-3e89-44f1-8d2f-06896c18196f" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c9e766c-d97d-4251-9cb4-6be1e7c97aae" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb0466e5-b50d-43c0-aa69-2f1c6c79d905", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "pattern": "[file:hashes.MD5 = 'd3acd27a4b8b48fba599fbbebb3689c5' AND file:hashes.SHA1 = '5369fe4affde8d5ec3001c93b333418a6ef7b866' AND file:hashes.SHA256 = 'fca0b85fb10a75d04a9bbe9065fcd97a83676585181be6c8c4e6a2e35751f08b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ca373d32-0ba6-466e-98a6-15f24d0c8115", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:48:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d5f08452-d387-4055-a0a9-05afb3ebdbc0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fca0b85fb10a75d04a9bbe9065fcd97a83676585181be6c8c4e6a2e35751f08b/analysis/1574250483/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2b7ae6f-db2f-43bf-b158-d627a9340e9c" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1d44484-e09c-4a51-bc30-2a560d35c577" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a7200b0c-fef7-4eb9-85b2-d618615c0809", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:51.000Z", "modified": "2019-12-11T09:15:51.000Z", "pattern": "[file:hashes.MD5 = 'b53502e161cfe51ef64eb622ab128c4f' AND file:hashes.SHA1 = 'a4de27973124ba5bab9208314ce7a7ce4505ae0f' AND file:hashes.SHA256 = '88b1b7d25c5f4f118a404eff1800dbf2794d97271ab293c1ad8ad8ec5e545f02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf842af9-f8e6-44a6-b7a6-3c24478cf079", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:57:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b0e2b3c6-1c3a-46af-89a9-265e0296e37f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/88b1b7d25c5f4f118a404eff1800dbf2794d97271ab293c1ad8ad8ec5e545f02/analysis/1574333841/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a57f918c-5bfd-4055-a08b-d8c079e79323" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6fb17f7e-ea69-4ffa-b27e-388506368bae" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0f4bb689-990d-4905-907c-81a9351fb46b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "pattern": "[file:hashes.MD5 = '9a638f25b0b6be3032bd8943e9530e90' AND file:hashes.SHA1 = '44611e16ce011725f8142851e19fa816015039fe' AND file:hashes.SHA256 = '37d3ec9d3335ba7c437681b01dc79539046aec484045c00ef764587b164d133f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dfa592e6-e771-4ee4-8eb4-1b6cfb89e77f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T08:43:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce865deb-1431-4200-b446-21cf068d40d9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/37d3ec9d3335ba7c437681b01dc79539046aec484045c00ef764587b164d133f/analysis/1575017027/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "95ce8fa8-8e39-4843-bb5d-12d72696a02b" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "03e78b33-b6d6-40e7-a642-78d386ca9c4e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0b2b74a-c8e1-4d94-8949-55503c2e4be1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "pattern": "[file:hashes.MD5 = 'c82a222759bad3116a37404395c8d9b4' AND file:hashes.SHA1 = '168f332e94610e49c7d8d97bcb2b5a7b0fa87ea4' AND file:hashes.SHA256 = 'bec75abd1810200ca989eba1b5ed9d30ab150079408bcd9dab5506f2f7e17968']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d57d34e0-267d-4d69-8932-7c53e3159081", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8a21cc0-3676-484a-b0be-92ebbc5c73e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bec75abd1810200ca989eba1b5ed9d30ab150079408bcd9dab5506f2f7e17968/analysis/1574062634/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ea4b66e-d03b-49d2-95bf-1ed08cbdb5fb" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "eb36f118-2d61-4585-aa4d-f8f71c7f4c87" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4825fefb-afed-42d6-88ba-2076ad113636", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "pattern": "[file:hashes.MD5 = '7c7b03ad6d6c7c2a484f3ece8e79f582' AND file:hashes.SHA1 = '21aa4b3d1565867e984bbd31758afa093d3e9ced' AND file:hashes.SHA256 = '95dbf1fdbdf2fb01923966504c378d59c4367f5848196ebd50a91e8acc454d4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b55fbd24-5612-487b-a91c-e8a8550bf3df", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:52.000Z", "modified": "2019-12-11T09:15:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T16:08:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bba752dc-46b9-44f9-93f1-148ae0e4cbb7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/95dbf1fdbdf2fb01923966504c378d59c4367f5848196ebd50a91e8acc454d4f/analysis/1572883733/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dc5b8990-64cb-4ef0-88fb-57249480cebf" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a9950f39-f31a-48ff-9aa5-faf8882dd494" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--478f79ba-3f6d-4afe-9dab-208919ecb65b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:54.000Z", "modified": "2019-12-11T09:15:54.000Z", "pattern": "[file:hashes.MD5 = 'c5bc212ca9d7322a14ec06c8dcd5c6c9' AND file:hashes.SHA1 = '1cae74f08ecf2c8b7ee54ecd700e7a92c583e9b2' AND file:hashes.SHA256 = '4d8a2f6e05217252abe1732f61c3a8e8cc00029ab483d6ffb25060aecd0caf68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fdb38221-5885-4819-8fbe-6397bad847b2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:55.000Z", "modified": "2019-12-11T09:15:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:22:34", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6d2d4649-efe5-4c65-98d7-9baeef13c24b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d8a2f6e05217252abe1732f61c3a8e8cc00029ab483d6ffb25060aecd0caf68/analysis/1573737754/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e1c4061b-7e91-4279-bb9f-5466a9e730e9" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "95fc6bbb-d739-48cb-8fdb-29e180561604" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c7dee2e-2977-492d-aa98-5d4fd62eb113", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "pattern": "[file:hashes.MD5 = 'a4d9d2dc15d4126883a98b50261f60b4' AND file:hashes.SHA1 = '010dbbf7e7b8099649878fd88e9cd0952b8cceff' AND file:hashes.SHA256 = 'ecd9e7bbdbf657838d3527c43e04529fec97af74907493ea2a9ab46f72192754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--34a6994f-068e-46bf-8345-bbc4635d20d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T19:02:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1cb6865c-64e0-413b-91b3-4732fa4bf4a8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ecd9e7bbdbf657838d3527c43e04529fec97af74907493ea2a9ab46f72192754/analysis/1574362979/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5687218e-7140-4419-8fa5-113b0c8636fe" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "108ac5e5-4486-4f9e-bc63-ab70aa8f7571" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c3a81d7-2298-4643-a114-979b560178b2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "pattern": "[file:hashes.MD5 = '0fdd415b3ba81212641ef5018d36837c' AND file:hashes.SHA1 = '7bef5c16401ae9c16e43f773397301056ba3aa02' AND file:hashes.SHA256 = '2b89009a51eaea0a277359651ab9097d44370f0829545a59ec5f63358e71e913']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9122b627-febd-4ae8-a6a8-a26387e4188a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T12:58:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2fe8e667-0e08-4a35-ac72-0f95e10f50b9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2b89009a51eaea0a277359651ab9097d44370f0829545a59ec5f63358e71e913/analysis/1574773081/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3fb9e832-ecd7-44bd-8c09-ca18857a4d86" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1b84f922-1768-4a3d-9257-3d96d95d084c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6064c164-2955-46c7-9bab-3f2ba5ba4e17", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "pattern": "[file:hashes.MD5 = '1686dbaa141cedc2d5fde06f6ef831e4' AND file:hashes.SHA1 = 'bc777fadf5a42cee2481475392f7a302200b009e' AND file:hashes.SHA256 = '6a968202cd64d7a276ea438f50cb2e4d7d72a6f23791a9d22a4c0024c0083fb5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a7233309-72f4-40b8-853f-a91d120f4f13", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T13:11:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22c35eea-c9fb-4d1e-aca2-ceb669b88c97" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6a968202cd64d7a276ea438f50cb2e4d7d72a6f23791a9d22a4c0024c0083fb5/analysis/1573218678/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e4755623-f3f0-4a99-a4bf-9fff3771f378" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "60f484d3-f8e9-4b73-bd78-f950ee41fafc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d608b556-1e42-4724-bf13-92d382cc0875", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "pattern": "[file:hashes.MD5 = 'd5e1462f654962d462c4c19e827ed0f9' AND file:hashes.SHA1 = 'a8239908748c631bcd1b693a39a69568322fd80d' AND file:hashes.SHA256 = '63a1f51893b65e59c233fc62194c6cc9508e780763d6442cb4b8d48248d3bb93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d2be4787-cb80-4529-9bf8-fcf3efddbb63", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:56.000Z", "modified": "2019-12-11T09:15:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:35:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "96a4b654-cf25-47aa-a6c2-6c93a3d73540" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/63a1f51893b65e59c233fc62194c6cc9508e780763d6442cb4b8d48248d3bb93/analysis/1573961747/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "222b6711-4cef-42eb-b70e-e326357e41ea" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f55387ec-6817-45f8-b56d-59c72ae8c944" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfad1838-ec2d-4706-9c29-1add7cd262e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "pattern": "[file:hashes.MD5 = '841e5de2a863e2790ed1566e65c9b04d' AND file:hashes.SHA1 = '4c18698ef4c8d42ac52039df160dbabc3b7c6cc3' AND file:hashes.SHA256 = '98a23704433cf0aea9d340f2e420faa867e9f3961de7639be17b15c1af6a1265']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9db29e33-08e0-465c-94dc-14bf1d1beba4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:26:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3951e1a8-0a72-4226-9dc9-cdab38a0221d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98a23704433cf0aea9d340f2e420faa867e9f3961de7639be17b15c1af6a1265/analysis/1572888369/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dab258af-6817-459a-9c7e-fff25cef678f" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d214e01-9d88-42a1-9630-5051b0ba6a71" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d11dabb0-13db-42a7-8e45-d46b5be2d46b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "pattern": "[file:hashes.MD5 = '0fea6a133814d9b2b0d8531409aec3fd' AND file:hashes.SHA1 = 'e7db0b4e195d0ef9ab0b0583909205546fac4512' AND file:hashes.SHA256 = '3b64aeca320d43d6622a5e8ec421db4ae4be75a73440454b0f128403670c2622']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--39a6b77b-e8a9-4859-9f38-ad5511b67c19", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bb8ffa97-2c17-48d1-8541-df0d1cceb459" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3b64aeca320d43d6622a5e8ec421db4ae4be75a73440454b0f128403670c2622/analysis/1573722644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab69c5dc-4655-4d4c-b13f-86f749b6cc6f" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e8f9300d-e494-4e2f-93f6-53183135b3da" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5316380b-6882-4fa7-bd9b-7feb1585ed6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "pattern": "[file:hashes.MD5 = '240bd83c2f57e6e28f0117402a4fba1c' AND file:hashes.SHA1 = '32c32b49487dc8b91b0dcc3dce66be2b3b1f5a45' AND file:hashes.SHA256 = 'c41420a1759debca01a347d21ce31593aa207ca5f3514bf36eefebb9515cd7f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--855976ee-8343-475c-89f5-09fcd75d0354", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T03:37:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c8c254c-85cc-4233-8569-3739c82b8092" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c41420a1759debca01a347d21ce31593aa207ca5f3514bf36eefebb9515cd7f4/analysis/1575171458/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "73e6a32a-062f-407a-98e2-38cc8cb1b2c5" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "13a650ab-959a-4042-be36-ba885104adf2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9a4cc9c2-bd16-4336-a8f4-0b63238ce8c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:57.000Z", "modified": "2019-12-11T09:15:57.000Z", "pattern": "[file:hashes.MD5 = 'd4723b74dcaed5d4c7c50ecd4bfde484' AND file:hashes.SHA1 = '0c1100c3263c5afd7d19ca0678af4c33a79591bb' AND file:hashes.SHA256 = '1460eb328b914d30935452587a558641526c89282b63290a231712d6c1a3c1bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c94d77cd-e9e0-4db8-b96f-f2aff531545c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:02:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "58944cd5-58e6-4b4f-b92d-5e2598c73db9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1460eb328b914d30935452587a558641526c89282b63290a231712d6c1a3c1bc/analysis/1573873362/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0071db25-1b27-4f49-9aeb-c3ba81a3f85e" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2f44dd0b-6236-44a8-8ccd-9ec78a2444ef" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8c3711d-2475-4e1e-9bd5-8dfb243d6513", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "pattern": "[file:hashes.MD5 = '449252f798020a342e11a86516378d62' AND file:hashes.SHA1 = 'ffca5c0b6dcae34ca9c1a280f5924895895b67b7' AND file:hashes.SHA256 = '9a1c0b695bd632525b1a33629f16393409da089284ad36a2b8a7a86cd24c2cdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d1da2898-a85e-47b1-a1cf-088854edef72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47cb9bbe-643f-4a30-a642-4c0407d4040b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9a1c0b695bd632525b1a33629f16393409da089284ad36a2b8a7a86cd24c2cdc/analysis/1574936798/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "077a96eb-315a-44e2-a88a-2a8981b5ce2c" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88f6bec2-338c-4d54-bb19-3f1be8e0338b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--843f03fd-f8f0-46e3-afc6-48283b2c67c1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "pattern": "[file:hashes.MD5 = '1aada38f348c68c422df9490b8a7da07' AND file:hashes.SHA1 = 'be92f56addf44e8a9a6ac42b42403c0aca3fecd5' AND file:hashes.SHA256 = '0bdf3c6e94121a3f2911f2acdd0514c38069b699859a29fde0d54b0a0cc37e85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aba95b98-4ece-4333-a3d7-ba5d458d2502", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:28:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bc59eab2-cc37-44f6-8518-26738e16efe4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0bdf3c6e94121a3f2911f2acdd0514c38069b699859a29fde0d54b0a0cc37e85/analysis/1574612930/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "98e36d23-f82b-47f4-953d-80ec70e7ec59" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dbe37ac1-4e3f-4dff-98c4-b7bce46e8a16" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af6e9894-f165-457c-b788-04d7249d1994", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "pattern": "[file:hashes.MD5 = '7c035bdc6ee262702bf9620c9d47db0a' AND file:hashes.SHA1 = 'acbb0cb398b030c2071cc0a23136dba0177c5903' AND file:hashes.SHA256 = 'f7e080a60a2b820f8860af7f197f29d32aab6f38ac9c9074aa906b20cfed5918']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7ba25183-ea7a-48a7-b08f-384f93f21ee4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:58.000Z", "modified": "2019-12-11T09:15:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:36:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6fb3373f-a179-4b37-8009-65c805b7ff64" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f7e080a60a2b820f8860af7f197f29d32aab6f38ac9c9074aa906b20cfed5918/analysis/1574548595/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0c9222b0-c645-473e-a69d-b54d8ddf75dc" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "33ce2e85-ca61-424f-bf81-8cea65657338" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f33a2fe-f083-4989-bae7-70dcea2414de", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:59.000Z", "modified": "2019-12-11T09:15:59.000Z", "pattern": "[file:hashes.MD5 = '040ead0c689937edb9c777e56b2f704d' AND file:hashes.SHA1 = '6a0b009f4946cbdd67bfeaded2021ed3ee4be560' AND file:hashes.SHA256 = '576b5faa19a20599f24a3322b098c214077112a0c1c96f5de5a1ee898595ad30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e8fae15e-e914-4136-b3f0-1d718f31713b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:59.000Z", "modified": "2019-12-11T09:15:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:40:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ed8361a-7e7c-4df8-ab57-6a381ce2181b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/576b5faa19a20599f24a3322b098c214077112a0c1c96f5de5a1ee898595ad30/analysis/1574332823/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a88522d-e722-4149-be2b-3994a0fcaa92" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "da9def8e-029f-4602-afb4-434db4a0ec82" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57c4c25e-09d4-4be9-bd08-f90fe51f8ed8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:59.000Z", "modified": "2019-12-11T09:15:59.000Z", "pattern": "[file:hashes.MD5 = '2de6464e29658c2fc10ec9d5c379bc43' AND file:hashes.SHA1 = '38b8f70deabcb8e5a92adab0f4d953b786094462' AND file:hashes.SHA256 = 'b16a89db2c9a766ac32fdd3898e5ca24b1bb755ace6c7438585ce72f5239f48a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c4096a02-42a6-470c-afa8-7e398c9440b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:59.000Z", "modified": "2019-12-11T09:15:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:09:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "75336682-d559-4ae7-9c11-77b790f90474" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b16a89db2c9a766ac32fdd3898e5ca24b1bb755ace6c7438585ce72f5239f48a/analysis/1573722594/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "59e7bd1d-b1ed-4fd2-a908-498ac8ba0cca" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a38a4813-a613-422d-a1db-ee8a72baf444" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1e23920-9593-42e0-a5af-ebf55ba78815", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:15:59.000Z", "modified": "2019-12-11T09:15:59.000Z", "pattern": "[file:hashes.MD5 = 'c0897a4766a47d2a32b1e9d703933c6b' AND file:hashes.SHA1 = 'd8ed96918b0ab77cf1a06ae9974a45c13419625c' AND file:hashes.SHA256 = '878eaace41f3e112afa57f52541613cd126979bede58b0a7eea091a057e75e88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:15:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9fc57478-7b97-4f3f-bb63-7ef94c4b4217", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T04:51:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02800f88-7a80-4df5-9c48-214f7098c7ba" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/878eaace41f3e112afa57f52541613cd126979bede58b0a7eea091a057e75e88/analysis/1575003063/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "21620a6e-4889-4f50-a2d5-0a9d52636d99" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ec8e764-7516-41a0-9127-463fd66c4f34" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8bdf4abd-0227-4932-81a2-3e4852d27812", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "pattern": "[file:hashes.MD5 = 'bd7dea5b1975a525dbe30591b053a95f' AND file:hashes.SHA1 = '3508e91c858ff8d9a3b2224dacb4a2eaa783f3df' AND file:hashes.SHA256 = 'f586ffd811378d6d3b706c5792b23cee7aa320ceea9694544f38ecc7983261c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5540ba5e-d7d3-49c6-b9cc-e12710b055ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T04:25:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ee12cbd7-df54-4ec5-8364-3c544af85a6b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f586ffd811378d6d3b706c5792b23cee7aa320ceea9694544f38ecc7983261c8/analysis/1575001526/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "391d9394-684d-4ee3-9f5c-2d659a7ae714" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "86c86c13-b71b-4323-ba35-08c461983148" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d3626c4-d758-46c4-b1f4-f3ffb75548a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "pattern": "[file:hashes.MD5 = 'ff01685eb2dc7fac5a671d4f00c24ded' AND file:hashes.SHA1 = '4ea5d730dfcd8784a95f142eb3c9093243d2c89d' AND file:hashes.SHA256 = 'c7baf739c5a78fda1d3aa48f71cefe7cec070c71ece8940566b398ab135e71b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ad748a67-b407-48c8-b20e-13d19eca50f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T04:57:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d107bb09-d8cf-4a08-9f5e-0fd4c91a1ff0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7baf739c5a78fda1d3aa48f71cefe7cec070c71ece8940566b398ab135e71b4/analysis/1575176241/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ea6c8369-aa14-4b6c-8d5d-7255d68cf740" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "449f3439-f8d9-42b9-9f85-af03d9210021" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d7f97683-565b-42a0-97d3-bdb65e2fbd93", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "pattern": "[file:hashes.MD5 = '1ac2612dd4175b1f133e6336d859efc3' AND file:hashes.SHA1 = '40c7411689de5bb0cf59bd5d86a960ce13dd387b' AND file:hashes.SHA256 = 'fd55e025bb06dd688ed8aafae68f613d886184e93e7967d4a55dbb051ea48c40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1f667321-a70c-4b3c-92f3-4d1cd1683aca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:00.000Z", "modified": "2019-12-11T09:16:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T21:37:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "675f2806-d26d-4627-bf7b-552fe327a0bb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fd55e025bb06dd688ed8aafae68f613d886184e93e7967d4a55dbb051ea48c40/analysis/1575409050/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2afd9344-e812-4435-ab37-468c5042bc8a" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0cdb5f68-9394-44d4-bd5c-bb54bf101cc9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32f451eb-9169-4c12-a78e-e55862a94f17", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:01.000Z", "modified": "2019-12-11T09:16:01.000Z", "pattern": "[file:hashes.MD5 = '3788f92fbe91fd10b0f87b35e069b128' AND file:hashes.SHA1 = 'aeaf302fd00a58d6959ce5096d0ffd7b24ea4e1b' AND file:hashes.SHA256 = 'cbfae70f76b555df5c045a3236d56a8b3bdb7b80d05119658898b423f50c4293']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ea9d219d-6734-4c30-9739-4fd946062bf9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:01.000Z", "modified": "2019-12-11T09:16:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T00:58:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c69414ce-a2e7-4d41-b5c0-beb92ebb3c96" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cbfae70f76b555df5c045a3236d56a8b3bdb7b80d05119658898b423f50c4293/analysis/1574384315/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "733cfe7e-0926-49c2-933e-bc434acea8b4" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a753a6d7-d09c-4dc7-882d-9ec25870608f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8111e71b-c902-4992-a2bd-f5a9614cdbbc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:01.000Z", "modified": "2019-12-11T09:16:01.000Z", "pattern": "[file:hashes.MD5 = '368cf682cde5389cbe9b5cfbda80b8e2' AND file:hashes.SHA1 = 'd0445f6fb9f81e749378a4088c92caab825a46d4' AND file:hashes.SHA256 = '77cf0d5a5c3c8256ce3ebb1ed3c3937c181cf717986bb64d8457143171736197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--04d5b57d-03a9-453f-b7a6-2f16a70b721a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:01.000Z", "modified": "2019-12-11T09:16:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "100849e6-4403-457b-aab1-ee7538f480cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/77cf0d5a5c3c8256ce3ebb1ed3c3937c181cf717986bb64d8457143171736197/analysis/1574936813/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "29dc8e36-5fe0-4770-a6bc-159b5e83459e" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5b5331d-431a-4730-af1b-1eec2271db9e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa6205a7-6a6e-4801-89e7-8f25ba199a68", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:01.000Z", "modified": "2019-12-11T09:16:01.000Z", "pattern": "[file:hashes.MD5 = '08761d9cba2654ba79465c54e19316e4' AND file:hashes.SHA1 = 'a68a67aebaba4b69bf4cc728f5e0331feb2e6e5e' AND file:hashes.SHA256 = '56919d739ea0b1107916a790cc2bf270afc21693b0f4c31a0bbdc9b5a70cf81a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6ad6afec-cb00-419d-a3e4-a1b88248047c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:41:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f9f934a6-d28a-43f1-a25b-772867acbf12" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/56919d739ea0b1107916a790cc2bf270afc21693b0f4c31a0bbdc9b5a70cf81a/analysis/1573396864/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ee9b2c32-96b9-48dd-9685-9d2659b52356" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "72d5b1d9-8ef5-47f7-82dd-c4c74a99777a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2fc50d7f-d453-4546-a345-d4bed46eee2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "pattern": "[file:hashes.MD5 = '50364f98ca64578bd53dad72582e6586' AND file:hashes.SHA1 = '2ba2f1b8c2971cccea5e4ec67ea2cd5ceeaa5dd8' AND file:hashes.SHA256 = 'bea877537fcc69ad507962979b853651d7871edcdb286dfb42636203241dd287']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--749f12c9-3e05-463d-9c48-5476c87c8a36", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:38:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6c2168a-ae74-4dde-898c-1b81287cb979" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bea877537fcc69ad507962979b853651d7871edcdb286dfb42636203241dd287/analysis/1573897112/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de5248d9-2339-4b2b-9d92-7718d73cd4ae" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "084e2e87-9ed8-4aab-b90a-5dcf3e7302a0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58af372b-6894-4460-9af9-6a6494e62084", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "pattern": "[file:hashes.MD5 = 'c4e50c3656d8a066d0e7fc974cfd602d' AND file:hashes.SHA1 = '2ec190251edec89a0f0b6d6bb26cc77945517652' AND file:hashes.SHA256 = '31fb9cc444848fe2c0b178119d5080419347f6dfdf76bf820834ad750285faa5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fa5519fa-76cd-4283-be2e-cf479c538281", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T05:48:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f4b1c68a-57b8-4937-8542-fdf05bd55a3a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/31fb9cc444848fe2c0b178119d5080419347f6dfdf76bf820834ad750285faa5/analysis/1575524888/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "659e77af-b301-408c-a20a-d6a42cb135a4" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "453f188f-3a94-4df0-9bd9-566205308886" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1910cab-795c-4542-95fb-09893adc810f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "pattern": "[file:hashes.MD5 = '84d00f26ceb715c12a32b902240cf746' AND file:hashes.SHA1 = 'fe10e2607dd230406f0792c50489cc54275b72d4' AND file:hashes.SHA256 = '608aa2fb4ceae9b590a2bf265e7e7a44337ed8c20f1884db16ab91b898bffbb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--39f75481-6d10-4b0c-81c2-27d908d8d24e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:02.000Z", "modified": "2019-12-11T09:16:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T01:40:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "19dc5dd1-fd0a-497f-bc16-2807aed96a04" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/608aa2fb4ceae9b590a2bf265e7e7a44337ed8c20f1884db16ab91b898bffbb3/analysis/1574905244/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74178fff-1e9e-404d-aff2-79c35042ee03" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b696362-b431-4616-ab2e-04d2f99b7a53" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2dd3a782-5257-4c38-916a-9a98c9b58666", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:03.000Z", "modified": "2019-12-11T09:16:03.000Z", "pattern": "[file:hashes.MD5 = 'e84d420f975dd7b30b40a3727f355b5f' AND file:hashes.SHA1 = 'aebbf24cffc5a10315b0a81c3d4e18aee06a28ec' AND file:hashes.SHA256 = '01f9ed2163e7decb379aaffaa35d0307b95c9ade7a1e20d476127867a3ea8256']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ee72a41f-34bc-43d4-93b4-6e7513bd3162", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:03.000Z", "modified": "2019-12-11T09:16:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:38:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "42f13db6-8965-4ded-8db1-d9b395e65a9c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/01f9ed2163e7decb379aaffaa35d0307b95c9ade7a1e20d476127867a3ea8256/analysis/1573425537/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ccc39595-e504-4c4d-a5b5-65f1b41800a7" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1d5315de-3232-4a87-af0b-075b41c00647" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62d23ea3-e22a-4cf4-9217-0e679882cc83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:03.000Z", "modified": "2019-12-11T09:16:03.000Z", "pattern": "[file:hashes.MD5 = 'bd97324f16e3731a4d63e9c15405b787' AND file:hashes.SHA1 = '4995d1e40bbd88591b55f54797420632f07b8d82' AND file:hashes.SHA256 = 'd00379abaf3060b9848ba406daa5948978df60429bbb447d629a0b233e60d112']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--eca2a236-4a01-4a6a-914e-e95542c236c2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:03.000Z", "modified": "2019-12-11T09:16:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T10:18:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b90323b6-ab87-43c9-9629-2cf8a421d51a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d00379abaf3060b9848ba406daa5948978df60429bbb447d629a0b233e60d112/analysis/1573640304/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ed9cde54-4d6e-4022-a86d-a66e905d9a48" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f7a884b5-6de9-43aa-9108-7254689504c6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--553f485e-b4d6-4cd9-a92f-f8f1f089fbcd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:03.000Z", "modified": "2019-12-11T09:16:03.000Z", "pattern": "[file:hashes.MD5 = '00d2c6a74b350734499317fe95951a0e' AND file:hashes.SHA1 = '326eabe29bcf100b15c6ede73190120366e4280e' AND file:hashes.SHA256 = 'cd6247e8d69ce5e882e8efc8a4201ac3e3a61bd358a4501ed7ea23b5f95a7f39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af0a31eb-cf9d-442d-aae5-a1b510d0154e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:05.000Z", "modified": "2019-12-11T09:16:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T01:20:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c157812f-ac07-481a-9699-95c12fd512c1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cd6247e8d69ce5e882e8efc8a4201ac3e3a61bd358a4501ed7ea23b5f95a7f39/analysis/1573262405/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0153bf74-6dbf-47cf-b4ba-7c80b099527f" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9e81f368-9aeb-420e-859f-950b12a1c373" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12f133d3-37da-434d-b28f-f13998690487", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:05.000Z", "modified": "2019-12-11T09:16:05.000Z", "pattern": "[file:hashes.MD5 = 'd116cabcc0df469b1b968374ce32167d' AND file:hashes.SHA1 = '0d4de96b5da6f27836fd217ac5986ad22b440576' AND file:hashes.SHA256 = '5a029e225cd1e877ac6907bac15b0d9ca8a523d8641c40b56c7e06959f2285bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d6981862-91dc-42bd-afe4-78e54660f67c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:06.000Z", "modified": "2019-12-11T09:16:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T07:29:07", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "687b3716-fb46-49d6-aee8-3bb9ec9c1386" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5a029e225cd1e877ac6907bac15b0d9ca8a523d8641c40b56c7e06959f2285bf/analysis/1575098947/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b28d436-2fca-4d32-90f4-c8af2d1469b7" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6b08d83d-52ea-478d-8953-9b1e3e60c2b0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d4d08fa-89fa-4a93-ae47-e6c385a9692a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:06.000Z", "modified": "2019-12-11T09:16:06.000Z", "pattern": "[file:hashes.MD5 = 'c122194ee78fcf69b77214e77dcad493' AND file:hashes.SHA1 = '17fef3496496131a2caa81667ae295a57824fe76' AND file:hashes.SHA256 = 'e781a624c56b45e8fcd37d57426fc03a7fe86a750b9885b75ad873086cca3b82']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--121ff0cb-3515-41f2-a7f0-517f4734cb74", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:06.000Z", "modified": "2019-12-11T09:16:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T07:07:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "76964b96-24c8-4053-aa23-70dadf21a57e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e781a624c56b45e8fcd37d57426fc03a7fe86a750b9885b75ad873086cca3b82/analysis/1573888074/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0fe5db58-0b88-452d-8550-f64b81fc2bc6" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e3eb03e0-bce5-4b6d-bf37-fbd503c2b0e0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc27e937-a3fc-426a-8b8f-c2b01362dfb6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:06.000Z", "modified": "2019-12-11T09:16:06.000Z", "pattern": "[file:hashes.MD5 = 'c78e60a0f9b8b173a70f72560b596bf7' AND file:hashes.SHA1 = '02704aa7de91d8eec4752cca4530f03e3b24d764' AND file:hashes.SHA256 = 'b6f6a90c9aeea1c1cd79ad4c090ef6e7586f8b1ac4e3c81b16e8970de240d821']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3aa13296-74d0-448f-946e-4d8dfea79884", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:06.000Z", "modified": "2019-12-11T09:16:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "da3903bf-f82e-4d6d-b8d2-59b5691d39e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b6f6a90c9aeea1c1cd79ad4c090ef6e7586f8b1ac4e3c81b16e8970de240d821/analysis/1574062637/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc691dec-67fa-445c-991c-c78c17cc4409" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "494e96b5-08d2-4599-8847-b675d1d19ec3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8be3bbf6-0270-4d09-8f15-278921cb1395", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:06.000Z", "modified": "2019-12-11T09:16:06.000Z", "pattern": "[file:hashes.MD5 = '3f0a2559f09566c7f903dfee7d260294' AND file:hashes.SHA1 = 'dc0936bdc57e0da6ef96e787f4784756e75c5e48' AND file:hashes.SHA256 = '9ce1f1342c2da8446fdf6b79267cd4ce15d00fbd890c6e59abf5d7a90f988cc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9ed15da6-ed0b-407b-b586-a94afc851003", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:07.000Z", "modified": "2019-12-11T09:16:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:42:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d84f0b83-99ad-4d6f-ad08-85b5ed49d9b9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ce1f1342c2da8446fdf6b79267cd4ce15d00fbd890c6e59abf5d7a90f988cc9/analysis/1574775761/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cbb5269c-43b2-4662-9775-79f74bc9e7f5" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6c3fe6d7-7537-47a6-a0e5-e70463218130" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--891011ce-df32-48cb-8d94-65d3fc5f8682", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:08.000Z", "modified": "2019-12-11T09:16:08.000Z", "pattern": "[file:hashes.MD5 = '421d215bb3d34d5a2440d5d3cc7503c7' AND file:hashes.SHA1 = '979f9166ca8bbad324e9fd538b6ee2fe135770e0' AND file:hashes.SHA256 = 'b9b546dfbe34a6256c093ad7688cb447b89de2f9916dc073e6f7951a3ebbc830']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c5d5ae0f-a526-4531-9348-a609323990d3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:08.000Z", "modified": "2019-12-11T09:16:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T00:50:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b03a6dc9-3378-44f3-b53d-6376238c333a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b9b546dfbe34a6256c093ad7688cb447b89de2f9916dc073e6f7951a3ebbc830/analysis/1575334205/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "690c54c6-d3c3-4f76-84cb-861f853dd4d2" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dc137f92-cea5-45a2-9d08-d0617c1c2d31" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e65cdafa-8fda-4c15-b765-517ea37e400c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:08.000Z", "modified": "2019-12-11T09:16:08.000Z", "pattern": "[file:hashes.MD5 = '8861409bbcd1e9141a0601efd8933c02' AND file:hashes.SHA1 = '6991177cd881e3973d7abdf41434a30f0431c3e0' AND file:hashes.SHA256 = '9abc76cbab014199ecb4282d0a367017779ffdb76ba826d37efd2eec2f037bc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dd269146-131f-4691-8c24-a2ae13fff493", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:08.000Z", "modified": "2019-12-11T09:16:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-11T04:56:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4154a86f-feab-4983-a910-d14175f2af20" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9abc76cbab014199ecb4282d0a367017779ffdb76ba826d37efd2eec2f037bc2/analysis/1576040166/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5a31ca01-2520-477f-b331-866f9bb72008" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3aabc804-2e0e-436a-b47d-8e1461ad5c32" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e00c6822-899d-4ec6-85ae-67a45dc2e857", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:08.000Z", "modified": "2019-12-11T09:16:08.000Z", "pattern": "[file:hashes.MD5 = 'd6c3f47b3532f05363ea637f07d89fdb' AND file:hashes.SHA1 = '796ae58666fdd7f840dbb445525115cdd34740e2' AND file:hashes.SHA256 = '590752a39996f425b0a0033329dd816c195bade99edd7f4c7aadba84f1744eba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--eeb4ab97-a3f9-4995-be2a-ae76257f32e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T20:40:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2bd485c-ca43-49d5-975a-0eaf5efb9ece" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/590752a39996f425b0a0033329dd816c195bade99edd7f4c7aadba84f1744eba/analysis/1574973615/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bb9e01c6-60e1-4539-8a57-7060bf22aa5f" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "68967b09-72d6-4371-9897-4ab994785794" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75925d56-de1c-4741-8536-dd11890d8059", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "pattern": "[file:hashes.MD5 = '4a094b1135d08c6b3db24b22388c8e2b' AND file:hashes.SHA1 = '99a1558be9cbc1f8e5bcafbcceff1cc801b4abf1' AND file:hashes.SHA256 = '4bdb662003f9b91c203c140ea95e96f6795ebcc4eeaae68bfb8f82918872e511']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5bfa528d-17cb-48c0-842a-d6eaa50ddd6c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T14:13:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3f193854-b5e1-4286-88ed-f0c365fbed92" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4bdb662003f9b91c203c140ea95e96f6795ebcc4eeaae68bfb8f82918872e511/analysis/1573913627/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "473386eb-eb31-4337-b78d-49b77b15c48a" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "65cb4666-ba15-47fb-9874-f8382c8de10e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad7fdb40-e118-407a-9787-47f0c12ca2f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "pattern": "[file:hashes.MD5 = '7064fb6208a40991a295c2c2d8768c93' AND file:hashes.SHA1 = 'bc7d618036265968e775eab59109bbc3f9de0098' AND file:hashes.SHA256 = 'b09e5f96a0eb011cdc9aa3a223c00459a2778a74f2d1f0fad982ac6ffc3157c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--238e6584-fd2a-4ad0-8b8a-267df462773f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:47:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2577498f-cb87-45db-91d4-dfae14bbf042" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b09e5f96a0eb011cdc9aa3a223c00459a2778a74f2d1f0fad982ac6ffc3157c2/analysis/1574333273/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b671f443-8e98-4b8d-93f1-af44f58d2c7a" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a1ed0548-d2bb-4934-8aa7-9e172821179e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--902ed478-e91f-489e-806f-1ef9bdca36b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "pattern": "[file:hashes.MD5 = '60ba121d4dc5b514e1c9617178db7794' AND file:hashes.SHA1 = '747e077cfdf3e60f94d46b63eae01246bc3acab8' AND file:hashes.SHA256 = 'ab6792b3d193042bf502069939c409e15715efcc86b4d03410ffcb6eb4779b5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6aa52ea5-c087-4ee5-82c3-7cfab18678ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T06:06:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78dbdc5f-3ed4-4823-9cc3-638f9d198c47" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ab6792b3d193042bf502069939c409e15715efcc86b4d03410ffcb6eb4779b5c/analysis/1575007612/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8f833b8-7a29-4b8e-80c1-b04326917fea" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d99d7dbc-90d1-4107-9bcb-a8962210a739" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--598b04ce-e5da-40e7-9864-faafb34ec389", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:09.000Z", "modified": "2019-12-11T09:16:09.000Z", "pattern": "[file:hashes.MD5 = '5356f21a43153b6eaab6406fd64a427f' AND file:hashes.SHA1 = '591fbeaf2a098aa12133d56828a0bb49774cae7b' AND file:hashes.SHA256 = '024efd926b745ad0e6a17407a0fb85844868daef8aacfc5c83ab34173c0036d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c0d2a4c0-2180-4ade-a8a5-75fc536af3e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:22:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "11c0f5de-998e-4ca1-9abf-0a7ebd39aa06" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/024efd926b745ad0e6a17407a0fb85844868daef8aacfc5c83ab34173c0036d2/analysis/1573896139/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b4fd01a8-82bb-44ff-a8d6-0e7135033ec3" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e1ab7ab-ac83-410c-a34f-cb2bf9bdb161" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6415e0f5-6146-43e0-bfb7-06ef088beccc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "pattern": "[file:hashes.MD5 = '2912756578c002783f4800992d32104a' AND file:hashes.SHA1 = 'bffc7e6d9c1113208cb2e028ba0182dd86a42415' AND file:hashes.SHA256 = '90d86f95cd827d8d1e9093257e118d59f7cfe02d869e52479a85673850e084e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bec9b077-26d5-42fc-93e2-25690c9bb1a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T01:40:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b9eafe4-4e57-4e15-a879-a68331c2d293" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/90d86f95cd827d8d1e9093257e118d59f7cfe02d869e52479a85673850e084e7/analysis/1575423651/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d053c55-297e-4f33-9dc9-8c452cd6c0f3" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4bb573a7-a93d-45e3-9be9-5661d2a36dfc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f5fefe2e-5fc5-4a89-bb76-5a64c5775300", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "pattern": "[file:hashes.MD5 = '759123209e632690cc02f7db2ea374eb' AND file:hashes.SHA1 = 'd9286032b977f909fc2f8ee1da1a80bbb996199d' AND file:hashes.SHA256 = 'ccbf899aa9f6c8b54ca16614053741007519febb63299e5435a3f6c690f3d0a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6642411c-81db-4e86-a094-aaa8caa8c6eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:52:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "206efe21-0956-4168-9956-35be06e5f212" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ccbf899aa9f6c8b54ca16614053741007519febb63299e5435a3f6c690f3d0a0/analysis/1574776366/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f6918080-fd70-4e4b-84a3-d5f18938bf29" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "55d8e933-9a10-4023-8c28-60a397638bf7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--95d32e3e-18d8-49ce-b395-25c9bd0e4d63", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "pattern": "[file:hashes.MD5 = '4dd41706aca9ec70494dd8ba532e3067' AND file:hashes.SHA1 = '29df7529efcc96533906fe8febedbfc4ef5a59ee' AND file:hashes.SHA256 = '9fd9100c7ca4b77e522e14b979a431e8cd2349a359b9e7cfd13a282291f7c8d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9b6e178e-5b5e-4b18-800c-6de5e925710f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:10.000Z", "modified": "2019-12-11T09:16:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:35:44", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b729da63-b4cd-47d0-8a3f-92c24e557a3c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9fd9100c7ca4b77e522e14b979a431e8cd2349a359b9e7cfd13a282291f7c8d2/analysis/1573425344/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4e5d719d-3d5f-4892-b6f1-d6c94fdf1bce" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "92f60c68-90da-45ac-adc2-e02f055a8c5f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aaab1a77-85aa-497f-b600-f08170e3dd11", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:11.000Z", "modified": "2019-12-11T09:16:11.000Z", "pattern": "[file:hashes.MD5 = '5d1c7b9b11230be7fab345d9d37e8985' AND file:hashes.SHA1 = 'a2c64b6001fa293f12c53e547f1eee2006a902f2' AND file:hashes.SHA256 = '64a8e288112a982aff6ca02c49a0ae0b2dd41d23b04433b93a573b62e43a441f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--06013ee4-86be-4174-a724-c99d5ef046c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:11.000Z", "modified": "2019-12-11T09:16:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:52:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c57e1b0-0c25-4e47-8411-136bacbda36f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/64a8e288112a982aff6ca02c49a0ae0b2dd41d23b04433b93a573b62e43a441f/analysis/1573980721/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a462fb61-0d3e-40d3-a0cf-60bcd7a0dbc2" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6dcb3d2b-051c-4b5b-b275-a4788e622491" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fadbbba-7434-4127-9bb8-937caf40dbe8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:11.000Z", "modified": "2019-12-11T09:16:11.000Z", "pattern": "[file:hashes.MD5 = '29e363043d49225d30c55cfcd90ee340' AND file:hashes.SHA1 = '560cb10fae5672ac186dbde639780ce49855dca2' AND file:hashes.SHA256 = 'ae7d2ea6a9157f27aafa28d73808b959326bfb14597bdc4d52060b4fc76b8304']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e875e51d-6da6-42c4-b9ee-6a7717def8e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:11.000Z", "modified": "2019-12-11T09:16:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d31270f9-483f-4837-91a5-babbdddb9d8d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ae7d2ea6a9157f27aafa28d73808b959326bfb14597bdc4d52060b4fc76b8304/analysis/1573722647/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "90c1f6d9-bb44-4ef8-9c80-f2fe23bab6db" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fdd01cbc-be85-4177-986b-4de0beb34ff7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3fe4d794-f60c-4345-8996-2d65560e411e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:11.000Z", "modified": "2019-12-11T09:16:11.000Z", "pattern": "[file:hashes.MD5 = '90eac308370dc3783455a9ed6d07f1d4' AND file:hashes.SHA1 = '14611d3bb82663fbc89128400906b0e0378a8671' AND file:hashes.SHA256 = 'a1dce29debeaa91c77b2b14915408550d6ea9f56fb10ca17066d348759f8df20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4ee103d5-0790-48b1-9407-e91e67854c3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:11.000Z", "modified": "2019-12-11T09:16:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T16:05:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6bf5307-eac6-4984-bc30-c0cca5121763" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a1dce29debeaa91c77b2b14915408550d6ea9f56fb10ca17066d348759f8df20/analysis/1573574746/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1552d4d5-6595-4f2b-b988-a72505ef46c7" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "49e2e7b1-9f11-4c80-a6b8-770cbe76bc8e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecc40381-0188-4695-a7e1-1f8752dfdb9e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "pattern": "[file:hashes.MD5 = '7c1884dbb7ce0e7d1c80bd704b4e75ca' AND file:hashes.SHA1 = 'b778745dfaa061429c637d13dba646325a61f716' AND file:hashes.SHA256 = '6f38d55197506412ffb4e1563d1a4255000da0b125b6be7112c92555776c34bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f2ed2385-8cb0-4b23-9c45-6c5a682a2efb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:35:00", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ac2e317d-e39b-4ffc-83ff-3ae1620cfc1f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f38d55197506412ffb4e1563d1a4255000da0b125b6be7112c92555776c34bf/analysis/1573961700/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "466bcbbe-b92b-4b24-8d11-d7debb1349f3" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9bdd8397-66d0-434c-b406-9192458b486b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4c4e3fa-fb63-4889-bdcc-743ed7a11eb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "pattern": "[file:hashes.MD5 = '8de309f9ef3a09a205fba8ed7cb1c5ef' AND file:hashes.SHA1 = '2f218a0f316599f41ca07b5b119d6afd83021d91' AND file:hashes.SHA256 = 'ad573114b70a99dc487ad50eed634303c4acea26c0b26e456599971aa8607d42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--232966f6-d638-4faa-b81a-66e273133adc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T03:36:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2dab3770-3322-48e9-ac26-b97b0c2b779a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ad573114b70a99dc487ad50eed634303c4acea26c0b26e456599971aa8607d42/analysis/1575171384/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cd873261-40d1-454d-8e7c-cc28f454547c" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ec319d2-cddd-48d9-bc58-169f5c862802" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2ff7c1d-b222-45da-84c2-110cd100ebfa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "pattern": "[file:hashes.MD5 = '50228707cc9c3a76215571def230dcce' AND file:hashes.SHA1 = '794e546e64728082077fefccf095e5d2458f0d42' AND file:hashes.SHA256 = 'fb951bef895718adf17a3be416c9d56d6685e9faff8399dd80c36d98a98a9db5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8e781d79-b7cd-4978-8515-394ca1f48d91", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:02:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b918dda1-3821-4575-a82b-10d25be3008f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fb951bef895718adf17a3be416c9d56d6685e9faff8399dd80c36d98a98a9db5/analysis/1575176576/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "264fadc8-fc05-445b-9019-8595980569ad" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "86244421-caa7-4e15-ab7d-ed9358c9af93" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0de6bc75-19c8-4f53-b103-bd92fc36f4f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "pattern": "[file:hashes.MD5 = '65143a2e0ed552ce0729a5caa130f6a2' AND file:hashes.SHA1 = '489d201cd103ede64b149fe6bc84b920bed1e45b' AND file:hashes.SHA256 = '2b8cafac06fc630b469df01db694a4616ca31fdb32b4ffea56ff514618fb6103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e0454c25-d52b-48f0-911b-72f128304322", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:12.000Z", "modified": "2019-12-11T09:16:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T11:24:35", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "94ee08aa-d8e0-47c3-b98c-59ad2adf14d5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2b8cafac06fc630b469df01db694a4616ca31fdb32b4ffea56ff514618fb6103/analysis/1573557875/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "028857a9-454c-45d9-8fbf-e3804683807f" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1f50c836-8090-48f0-8ac0-b08c8fe95bad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1214d8ae-4a94-44e3-b79f-d2e7afc0818b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "pattern": "[file:hashes.MD5 = '67892f55ed06726dbd158ae28375eea2' AND file:hashes.SHA1 = 'f0f9ac5c0c0f3547ca85f74c292188e1fc56c1e1' AND file:hashes.SHA256 = '94e129b1a140a2a53e25cdbfb0ffd2ff02dd306711ac5c038b1b124fe374036a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4effd1bb-52d8-4f35-b34b-c78d591ce23c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T23:40:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8927ab0f-125b-4736-a3b5-bf93825d1157" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/94e129b1a140a2a53e25cdbfb0ffd2ff02dd306711ac5c038b1b124fe374036a/analysis/1573947619/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ea5f052-3997-4d83-895f-ea9f5af85de7" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d02a1034-c32d-4822-a034-08554fe885c5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d73fa50-2098-4266-bc83-0a9addca5070", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "pattern": "[file:hashes.MD5 = 'c2bfca469b61a22def0cdebaf9a1951a' AND file:hashes.SHA1 = '04b34173c49ee652ee1da8d2136157caf449f979' AND file:hashes.SHA256 = 'f21d9a07d47f5e9e68f76084f09e7363bc9b5b4a7de3700d478f2b1bbe6e829f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c23e5d0a-9014-4fe9-a86e-d1d53fde3bdb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c9b2390-bfc3-4707-9dad-5348cbd2cbc7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f21d9a07d47f5e9e68f76084f09e7363bc9b5b4a7de3700d478f2b1bbe6e829f/analysis/1574062641/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e79a206-4a5b-4c1b-94bb-0eb65a9186a2" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6dfee67e-792e-46ed-afe8-2f0c4edd664a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08636a98-7447-4e50-9578-93efa2fef7c3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "pattern": "[file:hashes.MD5 = '438b2d80ce47bf354c577028df216d2b' AND file:hashes.SHA1 = '5ceb24515733494fafdf1f0ea28a028da610487d' AND file:hashes.SHA256 = '2e8b35c7bbb105d779c8ee29f3bd89f1e1753cf1890df83388ceff019ddb7ab9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--991a8a37-e9d6-418c-8f99-fa5cf626362a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-22T12:32:33", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e233b053-fb06-4f5f-8b86-029b54656b1a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2e8b35c7bbb105d779c8ee29f3bd89f1e1753cf1890df83388ceff019ddb7ab9/analysis/1574425953/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ef8f9af-592d-49aa-8e1c-e7e9c48ade1f" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b4b2ad0f-70d6-4205-9ec0-01e26ba01a02" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f29547a7-5ec8-4bd2-873c-9c46e578c585", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:13.000Z", "modified": "2019-12-11T09:16:13.000Z", "pattern": "[file:hashes.MD5 = 'b52eca69455194fd13bdf303c60812c0' AND file:hashes.SHA1 = '9b36d38956b94aed542e382634040c66ff717b63' AND file:hashes.SHA256 = 'bd0fdb7472b937dbc36b42e01c2b201fd7c8de76e0bf5f3c9b656cab78380c43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--501a98f6-aaf0-4d27-8dc8-7d02d7cf0584", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-08T19:08:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d51622ba-e806-4764-b6d8-20cc9861a18b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bd0fdb7472b937dbc36b42e01c2b201fd7c8de76e0bf5f3c9b656cab78380c43/analysis/1575832098/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ba41875a-bd98-4c0e-a407-2989eb95410e" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2836190d-ebf4-40ba-81a1-dd34ec51852b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0dca173a-8b40-47e3-8a33-dead4e124096", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "pattern": "[file:hashes.MD5 = '45d6e12832b30042daf0593a7c017cfb' AND file:hashes.SHA1 = 'e9e90c4c4869775a321841e3263ca855b449be12' AND file:hashes.SHA256 = '603b8b68189d423aee83a9f2113d293538eb9d8f0ac4a58bda55734006734b4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8b00d70c-2614-4efc-b5a0-a69f87d4cf0d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:19:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4de92a56-d0f6-4856-bb70-b201654506ce" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/603b8b68189d423aee83a9f2113d293538eb9d8f0ac4a58bda55734006734b4c/analysis/1574612383/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de5c5a1c-4904-4108-941b-b0d1718af9b0" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c14244e-38fd-489e-ac85-baa53174bb22" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0852caf7-8875-45eb-a91b-33d2334b172d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "pattern": "[file:hashes.MD5 = '31bcc76678b75bb6296ee9ffa29a1683' AND file:hashes.SHA1 = '4063db9e988a1c1662b7415bd94ea5c2f4a8fd79' AND file:hashes.SHA256 = '876b129b5571a80390ff1b9420d6a422fffad80396cd524c8a28d79a594e5785']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4fdae16-e9e7-4111-ada2-171b8da4e5c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T13:41:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6064c02-eeb9-4e04-9bd2-9b8d58605938" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/876b129b5571a80390ff1b9420d6a422fffad80396cd524c8a28d79a594e5785/analysis/1573393274/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4d1dc1d3-0649-41af-9ee4-5c050fcc95c8" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22da91f4-8919-482c-b30a-1b3aa5caab1b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3cdd59f8-6d0e-413e-b96b-4ac44e6ce56c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "pattern": "[file:hashes.MD5 = '7352a511b046731aa519088cccb591b4' AND file:hashes.SHA1 = '250ae0b45c11af0771a204e6b808ae8621119736' AND file:hashes.SHA256 = '2cd85602d84cec93946952f095113774a4e00cce2f8211275b7fa86392598fc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2ffce14c-5ef9-4e63-ad94-9d81c43da9b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:14.000Z", "modified": "2019-12-11T09:16:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T06:22:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "692d3afc-8d21-4a3a-9fef-f54c0e8b3501" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2cd85602d84cec93946952f095113774a4e00cce2f8211275b7fa86392598fc1/analysis/1573626156/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c7e3167-0fae-410a-bba8-16a22f73c6df" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "99c46b2b-2ee3-4ff0-a03d-84b5156b146f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--480a2886-8b70-448e-a467-91972d8ee88d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:15.000Z", "modified": "2019-12-11T09:16:15.000Z", "pattern": "[file:hashes.MD5 = '2c621f4d1d6cf91d8afe732e3f9bb351' AND file:hashes.SHA1 = '43af607eee5bc01c200290a493b53750357937cd' AND file:hashes.SHA256 = '2a2b7c96b4976ac66c22872575123b72bd9d285001f83c8e81f352afbc0a68ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--630d727b-ebb7-422a-9e2c-7f7d651462cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:15.000Z", "modified": "2019-12-11T09:16:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:10:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3296d7fb-3e47-4b46-bc2c-bf13ff2dbdc2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2a2b7c96b4976ac66c22872575123b72bd9d285001f83c8e81f352afbc0a68ea/analysis/1574547029/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "347b3fe4-3790-4430-9ad7-7d55b38ada02" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f692b21a-fbef-4fdc-a72b-b0b1c6fc333e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8fe13168-7f35-46b0-8673-334a93b1c445", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:17.000Z", "modified": "2019-12-11T09:16:17.000Z", "pattern": "[file:hashes.MD5 = '038bff78b1e04a4ce19580dff28187d3' AND file:hashes.SHA1 = 'ae0c1e5ef14899fb954b54f6259ab8d3fe8c45b1' AND file:hashes.SHA256 = '90eb6adc4f5f291590b8da5f7e0ef1d97e3e7ff10ce825c8c0badc79a1df5487']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7eccc0ad-3bc9-4f27-bf29-42c689fa8b13", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:17.000Z", "modified": "2019-12-11T09:16:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T03:56:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3edfa5cb-b68f-4229-a181-53dc65f6fc58" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/90eb6adc4f5f291590b8da5f7e0ef1d97e3e7ff10ce825c8c0badc79a1df5487/analysis/1573617388/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "94090334-dd82-4c65-bb5d-e156720ce7de" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "976a4c4c-19ff-492f-81ab-3bf2d69048b9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--693eb4a6-6c91-4f3d-8a41-39b4a388b08c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:17.000Z", "modified": "2019-12-11T09:16:17.000Z", "pattern": "[file:hashes.MD5 = '6c5f694407aaacddf10fa257f44f61a2' AND file:hashes.SHA1 = 'a83d4fc1b24a7581df3fc3fdc553a0b4abf9add1' AND file:hashes.SHA256 = '849dcba27a0f40c293c2ccf9c08cedbf7e8547c5be20b3c398df896bb9b343e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--217bde46-aa3d-4969-a68a-36d0385f7301", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:17.000Z", "modified": "2019-12-11T09:16:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:02:13", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d0f7a4da-4c22-488b-803f-2d3e87c260b5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/849dcba27a0f40c293c2ccf9c08cedbf7e8547c5be20b3c398df896bb9b343e7/analysis/1574251333/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06f9f889-d147-4cef-a6f2-0168b39a5104" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d3a1ddb8-c21d-48a8-a99a-dfef38f5d55c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61fb8e5f-2103-4a55-afb2-db120c501d56", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:18.000Z", "modified": "2019-12-11T09:16:18.000Z", "pattern": "[file:hashes.MD5 = '9e3481e8be6e431c1ab33b4afeb84222' AND file:hashes.SHA1 = '2a25c5c083acf747ea62e52c4c521b0accb95320' AND file:hashes.SHA256 = '88684cfaf2c29fd61382af8577f660767504de6236d8a98a087b4745c958e494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a4d0a189-bce0-447a-bb3c-57f45d66d69b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:18.000Z", "modified": "2019-12-11T09:16:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T03:59:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cdb87fae-92c1-4037-b649-fed6bbc2328e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/88684cfaf2c29fd61382af8577f660767504de6236d8a98a087b4745c958e494/analysis/1573617546/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2e645585-c14d-4145-a6c7-a40499270c26" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c0940425-05b5-45fa-9bb5-39ac0850364d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d9cb84e-117e-46f3-84f0-5508358b9dec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:18.000Z", "modified": "2019-12-11T09:16:18.000Z", "pattern": "[file:hashes.MD5 = '1acb00e8f6397966265f7402368ea7ce' AND file:hashes.SHA1 = 'b14dc43a7fa759bd4de27e5a7877dec43c5ba2eb' AND file:hashes.SHA256 = '2ea3ceed200e046612256acc1f69a7d0582ed5211f537d941ac93360e8403559']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--610de0c0-a0c3-44ae-8bea-75a8d691a50e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:18.000Z", "modified": "2019-12-11T09:16:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:25:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "50b964b0-eabe-4f15-b070-bfec1124851f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2ea3ceed200e046612256acc1f69a7d0582ed5211f537d941ac93360e8403559/analysis/1574612724/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7877257-02bb-45eb-9782-107c1c69ecfd" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "49abe2ad-1547-4b34-949c-077ffc5f3caf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15c09bb1-2f0f-4e13-9722-d2eda392d772", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:18.000Z", "modified": "2019-12-11T09:16:18.000Z", "pattern": "[file:hashes.MD5 = 'e6e0d4310b85fc1d2b0b0f5175d62645' AND file:hashes.SHA1 = 'f69ec1d38aff18bc05b9ddc194603df2c962e415' AND file:hashes.SHA256 = '673eba40a6a1d012467081271d749eef31bdbac99f4033c737bca40cd71dc66f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7f0a542d-75ec-4857-8d9c-2c2feac75c60", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:19.000Z", "modified": "2019-12-11T09:16:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T04:56:25", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9c22a2cd-ae69-4f7f-af67-d2f1b368ab5d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/673eba40a6a1d012467081271d749eef31bdbac99f4033c737bca40cd71dc66f/analysis/1575176185/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5763e2c-d4ab-42bb-9721-527703e1fe10" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26c3622b-b98c-4981-9d90-ce9e925adeb3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de874556-ef37-403a-9d10-fa16f100b3ef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:19.000Z", "modified": "2019-12-11T09:16:19.000Z", "pattern": "[file:hashes.MD5 = 'e2b41d2f6b890e6fb4b9b03daf655a29' AND file:hashes.SHA1 = 'ce632659a492eb0f5e8b9fc95bce681a180f7c01' AND file:hashes.SHA256 = '69093a5cea07689d44aac2648c80a2e934f870615bd1d85d8aad480d7e559452']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fef9c7a3-2181-484b-bc36-6f4352cb265b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:19.000Z", "modified": "2019-12-11T09:16:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T07:37:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1da6042f-7b95-49e6-a8f4-957beadb2cd0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/69093a5cea07689d44aac2648c80a2e934f870615bd1d85d8aad480d7e559452/analysis/1572939421/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a116bb46-b15a-4644-80bb-d6a2434c7864" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ae2653f5-302b-48f5-a626-92a26c299382" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b90c13cf-564f-496a-99d7-29c19e842eb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:20.000Z", "modified": "2019-12-11T09:16:20.000Z", "pattern": "[file:hashes.MD5 = 'a27d03177afe42bafeaca69638723254' AND file:hashes.SHA1 = '3fab7083d0781969fb523df4b7108614cb679617' AND file:hashes.SHA256 = '9ac35b8b97c10bf93965ceaeea0f6ec47342a74427f97836a3805973be69e24b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fee9a30f-77d8-4e7f-a9ad-aba3bc0767ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:20.000Z", "modified": "2019-12-11T09:16:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:08:32", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "73b7bf7f-4047-4307-8209-cb7a3d192e66" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ac35b8b97c10bf93965ceaeea0f6ec47342a74427f97836a3805973be69e24b/analysis/1574780912/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a355cad0-9467-4f7a-a0e6-7781fe356123" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f07bb02c-5c94-4650-86e1-d86a967333e1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df08daec-a00a-43b4-8601-d515dc2651b0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:20.000Z", "modified": "2019-12-11T09:16:20.000Z", "pattern": "[file:hashes.MD5 = 'ce9700b3471afb57bb2cba95d1981eb0' AND file:hashes.SHA1 = '8cf9652461eec252593f4c4f5693752706e3631b' AND file:hashes.SHA256 = '03b8210693afae7306e09bf2032a5cc47d88b623aadac02e6bf932e887454c5b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--07d36978-be41-47ab-8996-78330168c467", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:20.000Z", "modified": "2019-12-11T09:16:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-25T22:34:05", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5a8f34d5-f408-42c6-b6be-46396ea67606" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/03b8210693afae7306e09bf2032a5cc47d88b623aadac02e6bf932e887454c5b/analysis/1574721245/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ec5500b-e8b2-4bd4-bcd9-0e4e6621f74b" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b2bfb69e-e60f-4ff4-9154-b6ed29ac3522" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e7608a9e-eaea-4cad-ab79-18e62041c6e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:20.000Z", "modified": "2019-12-11T09:16:20.000Z", "pattern": "[file:hashes.MD5 = '44ea81a890731636cd98dc89809a9dc5' AND file:hashes.SHA1 = '1e832a29b28fdc2c3eca0ab18ee017591f1457e8' AND file:hashes.SHA256 = 'decff0530202a546210fc055e1a6b0f912678ed85d2d77ef48eff23ac2719019']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--faad4461-56e8-4856-b5a8-a9655b7a27fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:20.000Z", "modified": "2019-12-11T09:16:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T21:56:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c99790ed-fc27-4338-ab4a-a850cd2a7dfb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/decff0530202a546210fc055e1a6b0f912678ed85d2d77ef48eff23ac2719019/analysis/1574546163/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31eed645-2a8f-4113-a8fb-dee8a137090b" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a01bafde-3824-4ebe-81d3-61ad51170d55" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--963635bb-375a-4bfb-acf5-d01d25647a85", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:21.000Z", "modified": "2019-12-11T09:16:21.000Z", "pattern": "[file:hashes.MD5 = 'e98d301496a1b16b4de457a3faae23a6' AND file:hashes.SHA1 = '2472d433eecd014b1fbfb3893f72dff0d4e04133' AND file:hashes.SHA256 = 'b99ae37e732f458040573ceef72314171ee8e84ea1072719deb79a0d957d748b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b393d054-939f-4cf1-94da-8a49e472be24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:21.000Z", "modified": "2019-12-11T09:16:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T04:02:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0045011c-bfd9-47ec-a834-598c6fcc9ac4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b99ae37e732f458040573ceef72314171ee8e84ea1072719deb79a0d957d748b/analysis/1574827348/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "72d40200-a060-4663-a3bc-8e111702bb9c" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d42293ed-5f09-4111-a6bd-995e10bf38da" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c1f29f2b-4ded-4ed9-9459-f32dbd82721e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:21.000Z", "modified": "2019-12-11T09:16:21.000Z", "pattern": "[file:hashes.MD5 = 'a8d565950c1ef1fda15ccdd0874448c0' AND file:hashes.SHA1 = 'af9dd41bb34899779e93a2c7e1db6055ca5d70ed' AND file:hashes.SHA256 = 'd0ea8533befeede8e05e192ff3b00a1e689cfe65c8db15abd0ebd28aad81b297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3f631738-ec40-48db-b60a-7b51df7fb5f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:21.000Z", "modified": "2019-12-11T09:16:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T14:15:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8d37291-d8b8-4b82-9d44-f46c494f43c9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d0ea8533befeede8e05e192ff3b00a1e689cfe65c8db15abd0ebd28aad81b297/analysis/1573913711/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53a59ee2-0197-4a39-9880-55969a8e7ea5" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3feee76b-f031-48bc-a670-20e4b2c41782" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--08d27827-1254-404c-b30b-73b3be143ede", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:21.000Z", "modified": "2019-12-11T09:16:21.000Z", "pattern": "[file:hashes.MD5 = '585cf1383a9e33cc3351e30680e7e2a6' AND file:hashes.SHA1 = '979332cdc71848befdde12e4cca1390b977e3045' AND file:hashes.SHA256 = 'd96e18f786de1a4909c6bb5ca307b459918278bd6dd5aa2660ea48268233386f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a4bec410-e2dd-4406-b859-6179ed1201ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a872605-bc26-4c9b-b09d-5109a8f31239" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d96e18f786de1a4909c6bb5ca307b459918278bd6dd5aa2660ea48268233386f/analysis/1573722654/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "602a766b-be5a-485d-813a-6803665ce135" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cfc4eda8-1eab-4fe1-abe0-ccbcc63b87e6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63a3faa1-d34c-4f73-9aff-9baca3137eae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "pattern": "[file:hashes.MD5 = 'cdebda90c26b07a019dacdd9788de227' AND file:hashes.SHA1 = 'dc0607e5de9a21e5e4e7b1ef4a36caa51f461cb7' AND file:hashes.SHA256 = '611cea5f84c2c74b0e6261ffe4e2fb4bc138ad16a526a618f7b68956aad54dda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--39e9da1a-04ea-4f8a-92b4-83c2b28af2a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T05:28:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9baea4c9-8efc-44b9-a1e6-2f7f2e1a3622" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/611cea5f84c2c74b0e6261ffe4e2fb4bc138ad16a526a618f7b68956aad54dda/analysis/1573190890/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1ecc401f-9932-4d16-84ab-b5985eb4218f" }, { "type": "text", "object_relation": "detection-ratio", "value": "11/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "34bacd59-4dd9-4229-8af5-feb7a8437181" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97d056b4-77a1-4ba4-a9db-bae0cf629aba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "pattern": "[file:hashes.MD5 = 'ee7959b2ea5ad8886d1248fd397da9c9' AND file:hashes.SHA1 = '4f18e48f567a4062919f55ae9424ad2407e428b0' AND file:hashes.SHA256 = 'dd73b9d898d7663b38388a2f2d36f3ef72e5def1b2e67310158273f66cba61a5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0e895b28-8b79-415b-9795-85c278ae5448", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T17:06:49", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c5af8e19-3edd-4ab0-b60d-2c637891602d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dd73b9d898d7663b38388a2f2d36f3ef72e5def1b2e67310158273f66cba61a5/analysis/1574269609/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "db35b721-e6ca-4702-8368-18b0379646a2" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/65", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02666ecf-5c5b-4921-b9ad-565565bf2925" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09dda9cd-6cf1-4605-95e5-a025d9038f02", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "pattern": "[file:hashes.MD5 = 'ca02d99330289d7c674563967a11ee94' AND file:hashes.SHA1 = 'de00c5460569a966da24db3e76ace3d3da547da3' AND file:hashes.SHA256 = 'e246f1af92ee0dc1772a1a6a546891984ee3b3cd5a7258d61f95b4c3e2b113c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8005aad4-bb1c-47dd-8cf6-5e31eb8e85d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:22.000Z", "modified": "2019-12-11T09:16:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T13:13:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "52048166-f0ec-44ea-a092-764c8d1b3e81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e246f1af92ee0dc1772a1a6a546891984ee3b3cd5a7258d61f95b4c3e2b113c9/analysis/1574082791/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8938903-26f9-42fb-a8d7-a8606b9f6c5d" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dd7acc4b-6818-4930-9393-285325f51d13" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e18aef9-9f41-4f5c-84c1-1a9e45d094fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "pattern": "[file:hashes.MD5 = '2f24f562df2a3819c12d26e32bc02e55' AND file:hashes.SHA1 = '5c0323ee395c1d8aa0a91a79ab7a08480f13db11' AND file:hashes.SHA256 = 'eff68eb29c3efcdcbc71a3094cc9b7105cce0d53c9b066995c35ef0c31f5acba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--763b5eb5-7aa6-4e5e-ad34-51aa053692cd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T21:10:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0ea6e344-ac7e-4cfe-96b5-d62dd4f2d754" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eff68eb29c3efcdcbc71a3094cc9b7105cce0d53c9b066995c35ef0c31f5acba/analysis/1575580237/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "69a4251a-c087-443d-bc5b-9e785008eea7" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "412bb585-ad86-4d96-83a5-ec9e6615e6fb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef35229e-e31a-460d-a92a-2e68594da9da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "pattern": "[file:hashes.MD5 = '0ab529ea5a0494e04992c886498fd214' AND file:hashes.SHA1 = '1012edebc40932683895d27c59fa4e0b77776053' AND file:hashes.SHA256 = '345dd3d94a7f7c68034d64523189443cc0d5112b6aa826783e6dbf5842aa7362']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--87dee87d-1be6-475d-9a87-f8872a53a501", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:23:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53632182-6ced-4764-835b-8c2bfa435233" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/345dd3d94a7f7c68034d64523189443cc0d5112b6aa826783e6dbf5842aa7362/analysis/1573824188/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "29af12fc-6ee3-4ea2-994a-3d30c6fdb91e" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5653a984-9b45-4f22-aaaa-5002f7d53c09" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e8030f48-91fd-4f6b-b8ea-cecc32f6a78b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "pattern": "[file:hashes.MD5 = 'e5d67daa8506ce7c44f0296742091045' AND file:hashes.SHA1 = '576e5b85cf050d00e32155e8ec62d650101862bf' AND file:hashes.SHA256 = '0c19f0684d6cef08612c2ebe66ba38050aac3a68822a181390455882da6fe71e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--deb59489-ba40-43d4-b4ab-164d41931d90", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T10:42:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e58b7216-0ac3-4a6f-b8b2-1211216066e6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0c19f0684d6cef08612c2ebe66ba38050aac3a68822a181390455882da6fe71e/analysis/1573555343/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e84fbfd5-74ce-4537-a5dc-930721c13bbe" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8dfa2912-988c-4dc7-b169-287a01a218c9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c84edebc-c688-408e-ad95-7a021be439cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "pattern": "[file:hashes.MD5 = 'ce2bfc23adf847e8969af98dfd48cd46' AND file:hashes.SHA1 = 'd3e672822cd3fdca47966bf509ee8cb03ee388eb' AND file:hashes.SHA256 = '6f381faf83806ecf983e0325b130994760f6e058d55bb367237e46d5be70d1cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--548bb10a-e236-4d27-aed2-fa6137c005ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:23.000Z", "modified": "2019-12-11T09:16:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T02:10:08", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8e3c0ea6-0ca2-4076-9045-da33eb8dfd4c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f381faf83806ecf983e0325b130994760f6e058d55bb367237e46d5be70d1cc/analysis/1573783808/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6006211-cc4b-4adb-a643-b61420105257" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "50a0058b-52cd-4d6a-a333-5531c7f05e5d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6bdd2f7-846b-4054-98c8-b022f346923c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "pattern": "[file:hashes.MD5 = '22cf9a5c02f38664643842083cee7a22' AND file:hashes.SHA1 = '516487da54231d75bafe326304b96ec083891ffa' AND file:hashes.SHA256 = '9c5c4c15432a28b801e3089ac6f1e3bb8bb69d7fe701d24c064bac4164d172ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--400ea43c-ccc4-4e2a-91d3-0f1785b2f42b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:31:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b97a3f7-e847-424c-b88e-2f8965ff824b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9c5c4c15432a28b801e3089ac6f1e3bb8bb69d7fe701d24c064bac4164d172ea/analysis/1573421472/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "893ec8de-1a89-4abe-ba55-753b6384ce3e" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b93e8dc3-6c3b-4d22-a8d3-d972b8813f1a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18828ed6-01af-4af3-ab4d-fca690d96af3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "pattern": "[file:hashes.MD5 = 'fc8b1c51ebd282da1cf4c8c40db4bc63' AND file:hashes.SHA1 = '527a227bef4bde49daf388b21004e97302d62629' AND file:hashes.SHA256 = '135e78b23deb6a4d01e151ad0106036a8db5df2b92e4b44ae096a5f1150a79ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2ecf2c6f-1090-4fda-804c-514e7dbe4943", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T17:09:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b4e7ed9-2bc8-4949-8cac-212680e7f8fd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/135e78b23deb6a4d01e151ad0106036a8db5df2b92e4b44ae096a5f1150a79ed/analysis/1572887381/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "febd761e-fde2-4398-9f08-094787767def" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "176b96b2-5f4b-4600-a154-913a0093fc36" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2778deb9-c215-475b-b26c-1658a49e0c97", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "pattern": "[file:hashes.MD5 = '70e69d4b6de8e2abdcaac5d3726c763e' AND file:hashes.SHA1 = 'c2e06d835ea896e444cbfece8ae4662a16e9d203' AND file:hashes.SHA256 = '7f882477d3f1b5925f53dfeb5c0f582e9e1813c10c46a2ac0989ed6417fb0a76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c37dc55e-4889-4204-abee-1e8e26c434ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:21:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e24f2e5-788d-4b6f-8dad-d83d171bcf7d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7f882477d3f1b5925f53dfeb5c0f582e9e1813c10c46a2ac0989ed6417fb0a76/analysis/1574331710/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "07d419df-37c1-42a2-b55f-c2b3dd500c0d" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c8ab864-4b9b-470f-ae59-65561a63f331" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--769adf14-6a7f-47dc-b97d-3a7d94fee27b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "pattern": "[file:hashes.MD5 = 'c0a02048b1038aec265008c7d251da8b' AND file:hashes.SHA1 = 'b2f10487a08dccc09750c49e313a54f53dbcb0f2' AND file:hashes.SHA256 = 'd4af0967f5d0934dadb18b1e05ae908d586a8817305f89592ea272e7009d9f46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f7bec7d6-bdbb-4134-bc6b-913adb67abf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:24.000Z", "modified": "2019-12-11T09:16:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T06:42:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ba1df53-1aed-4c9a-a819-2244693ba579" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d4af0967f5d0934dadb18b1e05ae908d586a8817305f89592ea272e7009d9f46/analysis/1574923376/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "85392bc9-5175-4813-a852-6a4c79c005ee" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e34cfad-e096-4349-a044-23a8b8a812fc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cea3da5e-0781-4762-a3b8-4c500d2f5eb2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:25.000Z", "modified": "2019-12-11T09:16:25.000Z", "pattern": "[file:hashes.MD5 = 'e5c6ee86fe93a53d0205e7d5129f7963' AND file:hashes.SHA1 = '9be8282a355cf7359e0060977f1f4242be985dcb' AND file:hashes.SHA256 = 'aed94a273cd5238ddfb5fce13847f51857beebec9e2fe22a8726efbe42498746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6ea26dff-4241-4783-9fa6-acde12bd3821", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:25.000Z", "modified": "2019-12-11T09:16:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:30:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa0d851f-efc1-447d-9feb-5de4db33b71a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aed94a273cd5238ddfb5fce13847f51857beebec9e2fe22a8726efbe42498746/analysis/1574613020/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "026b73d4-a7f6-4c6d-91e0-eda76ad03004" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88fd05a4-c450-4093-b3ae-02edda7f01e1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a1c17f8-2f91-4529-b7b0-f5fd54c0d7c1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:25.000Z", "modified": "2019-12-11T09:16:25.000Z", "pattern": "[file:hashes.MD5 = '8dc2fdeebc33452195743999e5a08e6b' AND file:hashes.SHA1 = 'c8cdca9aacd19f9b3fe6113a21cca7418492fa39' AND file:hashes.SHA256 = 'bdc55acb282895b9942d5b188e752b35e106a55ad17f4357c0c2fe098da92e50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--29ea3c62-b290-46de-8d0d-fc15e8b101ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:25.000Z", "modified": "2019-12-11T09:16:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:52:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a739e2d5-de8d-4975-aa1b-83c8c4c1acb4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bdc55acb282895b9942d5b188e752b35e106a55ad17f4357c0c2fe098da92e50/analysis/1574250758/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7d09d52e-bfa1-43ca-bc96-4f5e3b1cd2c9" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cd2fc364-423d-4ae2-9725-02a6f3590ff6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b6a4da5-0bba-48f3-868e-9a13e381aeb6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:38.000Z", "modified": "2019-12-11T09:16:38.000Z", "pattern": "[file:hashes.MD5 = 'e50c8ca565e8ac6e5b919343c0bb5719' AND file:hashes.SHA1 = '88924252d537004e1421fd058e998120d34bf94b' AND file:hashes.SHA256 = '9726003bb13cbbb847c3f771c2097722038a0487a721b1f3d5cfaf01e891a3cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b279bb8d-cd93-45ad-ab71-bd1ab6f73374", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:38.000Z", "modified": "2019-12-11T09:16:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:24:47", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1cc0e528-9223-4409-b156-8af34843ada4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9726003bb13cbbb847c3f771c2097722038a0487a721b1f3d5cfaf01e891a3cf/analysis/1574612687/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "63802fd1-9d01-46ef-bf75-173548b0c77e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "924e248b-9ab7-4ff4-afbe-ba8d3541c483" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0b4b63b-d2dc-498d-82c4-2336a319e7da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:38.000Z", "modified": "2019-12-11T09:16:38.000Z", "pattern": "[file:hashes.MD5 = '22c5bfdf8604003e8fc79646c7e2f264' AND file:hashes.SHA1 = 'f564fa91c113b653da1829dbda8fca81fec477b1' AND file:hashes.SHA256 = '975e95134bd072c19cda96a2f372467e6f3e6833e14db37de0f0b47e5a857019']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8c9ae71a-d8cb-4fa9-9db5-27afe3787bd0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:38.000Z", "modified": "2019-12-11T09:16:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:08:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2e1531b3-a6c7-4d07-b259-105e5a52c832" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/975e95134bd072c19cda96a2f372467e6f3e6833e14db37de0f0b47e5a857019/analysis/1574251699/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "24a2a135-d7ab-4df6-9d07-19b44cfad4dc" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "18c863c6-0530-4a35-933b-3bc5e1a4cbe6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13d97b4c-5ebf-4c4e-b053-23a65c88d670", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:39.000Z", "modified": "2019-12-11T09:16:39.000Z", "pattern": "[file:hashes.MD5 = '1e2ccd933cb78f9a41195170426567c6' AND file:hashes.SHA1 = 'af3c0ce486dd68c2033e3c5a9ce420ec6f8ba0f2' AND file:hashes.SHA256 = '1b50d9c750036e5e154dc86d3daa50502dc2fbf74847d7df401a0df41294d4c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--afc87775-b270-46ca-a6b3-420a46e49a13", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:39.000Z", "modified": "2019-12-11T09:16:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:03:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b22fbe70-c60c-449d-bf43-b6ddf9827255" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1b50d9c750036e5e154dc86d3daa50502dc2fbf74847d7df401a0df41294d4c0/analysis/1574780638/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26b9eda3-83db-4aa1-a682-3e159043b23b" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a066a8f1-06a6-4578-adfb-5ece1c8ed4b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--834d3a9f-32d7-4e85-91d2-c5127dd44a80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:39.000Z", "modified": "2019-12-11T09:16:39.000Z", "pattern": "[file:hashes.MD5 = '78403fef144474dd6b1d2c7723234d22' AND file:hashes.SHA1 = '6a16e31eed9b6d7cbc55aee637ee500457718cd2' AND file:hashes.SHA256 = '2582b2898823e26096b851f130d38745d1680253f4cbc162044220b803c39a0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d7e2184f-3d98-4617-bebb-a7d5b6f02cc8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:39.000Z", "modified": "2019-12-11T09:16:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T21:26:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5c65b880-d119-4708-86fd-f218f423f9ff" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2582b2898823e26096b851f130d38745d1680253f4cbc162044220b803c39a0b/analysis/1573162006/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "051dfb28-eb70-4eef-a9ee-fb202cd69308" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0197d523-1d7b-405a-a0aa-325b6a157693" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1cae09e5-ff7a-4a82-9577-fe163db614ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:39.000Z", "modified": "2019-12-11T09:16:39.000Z", "pattern": "[file:hashes.MD5 = '371e3318f3d6ffd8aa44479fe315cbba' AND file:hashes.SHA1 = '916ac087fa11b660d1ef6436818bc733a4e0d1a2' AND file:hashes.SHA256 = '41cd33e04e6884ec3b47ca09f0621589fd7f2be3b4afbb5b64aa21dc2e9433a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--59739339-aa52-4345-81f3-48eab8bb78bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:39.000Z", "modified": "2019-12-11T09:16:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-04T18:13:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "700b3cf1-38c2-4ff2-a0a2-3cfe0e3d56f4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41cd33e04e6884ec3b47ca09f0621589fd7f2be3b4afbb5b64aa21dc2e9433a6/analysis/1572891202/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8de7accf-4cb4-4b7b-a627-d4ae27b8ea53" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7180f81c-0bfb-4dfb-8fe1-5ccab322dd17" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--808620ce-1aa5-4f04-86af-a9bf134b7623", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:40.000Z", "modified": "2019-12-11T09:16:40.000Z", "pattern": "[file:hashes.MD5 = '523b85b39dde5f04419dd410ff3fb3f9' AND file:hashes.SHA1 = '010f66c9cb814781d287c7b317005aa5c4cc16b2' AND file:hashes.SHA256 = '3889af36e1225cfe1771ce732032bc02885ecc5cc25808693ddd8b9bbad585d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5db01ac1-ff59-4b8b-bb39-c0a3d26d50fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:40.000Z", "modified": "2019-12-11T09:16:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T20:27:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "32893bb1-fa03-44aa-a782-5bce8ca56554" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3889af36e1225cfe1771ce732032bc02885ecc5cc25808693ddd8b9bbad585d1/analysis/1573763257/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bf110cf8-501b-47c3-808d-53776cd8b63d" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "460beb85-1bfa-46a4-9a3c-4161bfc11671" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--220ab859-2e0a-4cd8-b7a5-533400015a1c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:40.000Z", "modified": "2019-12-11T09:16:40.000Z", "pattern": "[file:hashes.MD5 = '87e56fd77b5cd3191ab7e8f17e919454' AND file:hashes.SHA1 = '035e68e2d7a5c950ebe1ebf00e48ed1acfd9b8e8' AND file:hashes.SHA256 = 'e746313a774296e024bd6cccc4d320f2d8d10d87caaa79afaaf5076138e89ea7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--49e6be60-5f03-4f64-8477-7dae8f91abc1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:41.000Z", "modified": "2019-12-11T09:16:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T20:18:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "40e09d63-5a1b-493e-ba61-0d9d93408c2e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e746313a774296e024bd6cccc4d320f2d8d10d87caaa79afaaf5076138e89ea7/analysis/1575404326/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3c6620c4-b796-4848-831c-93fb0bbd4a3d" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4867a6d4-2413-4c3b-a884-4a05257c30f9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de3c5515-69bb-4285-9c4f-fb3ee777ce49", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:41.000Z", "modified": "2019-12-11T09:16:41.000Z", "pattern": "[file:hashes.MD5 = '556c974218467457b7cb0e6d1598c252' AND file:hashes.SHA1 = 'de0e2c0990c25b8d15e5d8fb4954d8665e516a35' AND file:hashes.SHA256 = '61c523739188d42e8061ec5727f86be931bef90078c1195e9d7cc126db4aaaf6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--984595e7-dce1-45b9-a410-2294d6fb28f2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:41.000Z", "modified": "2019-12-11T09:16:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:34:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3a740380-ad48-4a3e-a7c0-0f19db51ad5c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/61c523739188d42e8061ec5727f86be931bef90078c1195e9d7cc126db4aaaf6/analysis/1573961694/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78118ac8-1111-45a1-a291-2d62a938c010" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4b459db3-5fbd-4461-8d17-cd49447fbc60" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d51dcfe9-d081-4a2c-bf88-b984c5cb4a0d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:41.000Z", "modified": "2019-12-11T09:16:41.000Z", "pattern": "[file:hashes.MD5 = '55dbb5bbc3c03e62b35092074bc91ed5' AND file:hashes.SHA1 = '56b2f7d2abc6ebe55c7639bcccc8347fe711c2a0' AND file:hashes.SHA256 = 'da6bc58ed98b2b1e9c79502248409a6041e10f04d81411f7ced305e589c03618']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--25fb5c72-5de0-425b-81d2-4879e920744e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:42.000Z", "modified": "2019-12-11T09:16:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-11T04:48:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9dcdd1bc-0213-4e21-bbf6-cdeb71bb2750" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/da6bc58ed98b2b1e9c79502248409a6041e10f04d81411f7ced305e589c03618/analysis/1573447719/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a804f83d-490e-4d2d-a645-a947ae19b6a9" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b8fabe1e-3143-4f1c-ab61-dcfc1ce5c166" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce35ad64-3e90-4857-bfa8-7d574eeb63ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:42.000Z", "modified": "2019-12-11T09:16:42.000Z", "pattern": "[file:hashes.MD5 = 'bddafd819ea8f2ed5c172c244cfb2ab8' AND file:hashes.SHA1 = 'd7026d433176c37b0ddc56560025f76570fa6008' AND file:hashes.SHA256 = 'a00c5219a5c8c3a934ffd4faff9a79a964c8b60280f6c26ee18490b2f9be0152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7b9b54ed-c035-476c-8474-6b5239f424ae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:43.000Z", "modified": "2019-12-11T09:16:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T04:24:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "511ecf5b-aaec-49b2-b957-5ce151023a3d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a00c5219a5c8c3a934ffd4faff9a79a964c8b60280f6c26ee18490b2f9be0152/analysis/1575347066/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "826aba18-f7e9-47d6-9ad7-4281ce7a705b" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "10307f04-d3b7-4d1c-9a08-56998a49365c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a372a0f0-51f2-4b79-86b3-d5b6611b0530", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:43.000Z", "modified": "2019-12-11T09:16:43.000Z", "pattern": "[file:hashes.MD5 = '6a40f9fb6c19ea1e589dfc3777234f50' AND file:hashes.SHA1 = 'bf4e4e792097dc818687141aa890522c7c537de7' AND file:hashes.SHA256 = '4e125c0e8b8578dbaa20638a4aac926a79cef3a6621d3351bb630eb243fe33f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4f37be4f-53b9-444e-93e6-32a31d8cecdd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:43.000Z", "modified": "2019-12-11T09:16:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T20:28:50", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e40bf106-9e06-4a9b-abe8-43a7f745b772" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4e125c0e8b8578dbaa20638a4aac926a79cef3a6621d3351bb630eb243fe33f0/analysis/1575145730/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b16c29bb-84ad-4144-8039-f707997d6061" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7e5e2eb-a12d-410d-885d-c7b94f4594e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d63422bf-765c-4422-bae3-e05722b7f50b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:43.000Z", "modified": "2019-12-11T09:16:43.000Z", "pattern": "[file:hashes.MD5 = 'b796a678563d69bf24cc44191340060c' AND file:hashes.SHA1 = '9b19764f99c79d76994558607c673e66ae879c0e' AND file:hashes.SHA256 = '41d588da12f978f1456436f3fd0a33bc6ac8b1965ff7a43ff252e16f8100cab7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5b62e69d-b12c-45ef-a7bd-92a71dc212e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:43.000Z", "modified": "2019-12-11T09:16:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T04:53:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c4d83b44-92e6-47fb-8807-e8b97b163a21" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/41d588da12f978f1456436f3fd0a33bc6ac8b1965ff7a43ff252e16f8100cab7/analysis/1575175982/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "08d3cb13-bd4a-4279-97ef-3517730df80c" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "720a7357-24ef-44ed-904f-05e88c444407" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a9c29f7-5eb4-4f37-9857-a94edd3484a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:43.000Z", "modified": "2019-12-11T09:16:43.000Z", "pattern": "[file:hashes.MD5 = '8dec47292017fcc3cccad7824270d6a9' AND file:hashes.SHA1 = '7819a80017f49e8500cdb41ce580709ca3165065' AND file:hashes.SHA256 = '1461a178a2aeefd5c2ac2ec2d500012b5c60dd3b34eeefc3c261c019549f0288']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9724179c-5715-42c7-bfd9-4375d2987e24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:44.000Z", "modified": "2019-12-11T09:16:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:53:02", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5bf0b9c-e2e6-4cb7-bba2-ccc93bba9d89" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1461a178a2aeefd5c2ac2ec2d500012b5c60dd3b34eeefc3c261c019549f0288/analysis/1573894382/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "869bf76a-d7d6-4c9d-bde4-16f81a75527c" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93ce8f6b-1b04-426c-85b9-1c2c85854dd1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0dc9e074-7188-49a7-8cf1-61c271067d0d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:44.000Z", "modified": "2019-12-11T09:16:44.000Z", "pattern": "[file:hashes.MD5 = '4b3736b1cbcd348f59796e45e5beb0e8' AND file:hashes.SHA1 = 'ed0612611c53dff86cb4529b5a8067a119f8e64f' AND file:hashes.SHA256 = '7303a39cc0af4c27eb0eaf3d164e5a046da3a1fdcd1d6815e6e72f4635ac6982']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--44d573b8-8c3b-4f81-b359-b44706171679", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:44.000Z", "modified": "2019-12-11T09:16:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:08:31", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c70482bd-e075-4a61-b85b-8896b8ab72d5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7303a39cc0af4c27eb0eaf3d164e5a046da3a1fdcd1d6815e6e72f4635ac6982/analysis/1575176911/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0fae1e57-fb8e-4a60-a126-7317d4550fb1" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2a29fc49-b891-470c-8ec1-6e8ff3881e70" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec57281d-a52e-4ec3-9864-88ecf7d077ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:44.000Z", "modified": "2019-12-11T09:16:44.000Z", "pattern": "[file:hashes.MD5 = '9a75d25449e621059d61fcdf5f5b0177' AND file:hashes.SHA1 = '2acb1a7210eb8ed9c3e397664155027abef451f8' AND file:hashes.SHA256 = '71d10f273af4861dd0a8844f92370c2982470a0e5f8c16ea85a901e0d0cf0a65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ee086507-5a2b-4b5f-af7f-67efcc717313", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:44.000Z", "modified": "2019-12-11T09:16:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T17:06:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3051eb85-c6b1-441a-b32c-c336519c7af9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/71d10f273af4861dd0a8844f92370c2982470a0e5f8c16ea85a901e0d0cf0a65/analysis/1574269583/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "50a7c2a6-7a5a-4e37-b8c0-d18c936b8b7f" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "428a2b7d-0b9e-4d79-835f-507e4fd8e99d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--60f91c41-4fa6-495e-859a-d5728619dd96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:44.000Z", "modified": "2019-12-11T09:16:44.000Z", "pattern": "[file:hashes.MD5 = '5d5818a8357abad8624ea7b3d0db302e' AND file:hashes.SHA1 = 'de3583045d5e6c94749170171c7d0d8930e2d035' AND file:hashes.SHA256 = 'b2aaeee604cc6cd5084d2f953fd191c4184198adb5d65800e25a5a288dfd07fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--439fe388-297c-4b78-82d2-4228f0918a54", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:45.000Z", "modified": "2019-12-11T09:16:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T20:26:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "938ab6d1-f0b7-4ecf-889a-e201e5ee448f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b2aaeee604cc6cd5084d2f953fd191c4184198adb5d65800e25a5a288dfd07fa/analysis/1575404772/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2ba5c241-b161-4263-8fd2-a8a878019a9c" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3fca2014-8936-465f-8f43-5b2fa1b8a040" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9dc9c877-a7a9-41c8-8896-95614059c37a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:45.000Z", "modified": "2019-12-11T09:16:45.000Z", "pattern": "[file:hashes.MD5 = '202e43cf0d320b3ac38fd6043012d9f2' AND file:hashes.SHA1 = '013a0d399fb3e4c6b9fe9178ecc8bb1321e9383f' AND file:hashes.SHA256 = '1583e4d2966f0eab80c3defc26dd95d0020759b5c6024840d91a18cf14c999ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ff2fc6cb-0daf-4349-bd62-b213f05340f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:45.000Z", "modified": "2019-12-11T09:16:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T21:37:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f75e38ff-b759-43d7-bfa5-f767421ce25c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1583e4d2966f0eab80c3defc26dd95d0020759b5c6024840d91a18cf14c999ea/analysis/1573421823/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "27355162-d957-4726-a636-3e148444a7f8" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "19084828-615a-4911-84f7-ce8a36e434b9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b00327e-4ddf-4dec-a46a-7833c829ef78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:16:45.000Z", "modified": "2019-12-11T09:16:45.000Z", "pattern": "[file:hashes.MD5 = 'c7f530a28374d62ebfc64377a7ec92c9' AND file:hashes.SHA1 = '174cf0f9b6d37e48923d0a19bf6b90ac50ad2119' AND file:hashes.SHA256 = '3281a69666a207a4badc2a0a7344bcc94123df12f04f41191cfd5c8f1872159c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:16:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--725442e5-1e94-45f4-b174-26c11c4375be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:00.000Z", "modified": "2019-12-11T09:17:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T02:38:06", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "973689b8-9210-4ec2-b368-c95735d06712" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3281a69666a207a4badc2a0a7344bcc94123df12f04f41191cfd5c8f1872159c/analysis/1573094286/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ab51583f-c6b6-44a3-87b4-f7023b9d6581" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "08e0dd3a-8de2-487c-8c5b-8512fbee4240" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f60f10f-0bb2-4abe-96c7-870315a567d5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:00.000Z", "modified": "2019-12-11T09:17:00.000Z", "pattern": "[file:hashes.MD5 = 'f7a23ee091c4b495611c1ca1acb3dc33' AND file:hashes.SHA1 = '7e3369d28d550383cddb2ed963312e596a4e2b34' AND file:hashes.SHA256 = 'e080dd64361c5d7855494333fb91dda700b0fdb898d7e0b37fb55d89dda4899c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--66262593-7c34-491b-bd63-bae2c5717a2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:00.000Z", "modified": "2019-12-11T09:17:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:53:26", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b5f9422-6a8b-42da-be47-0de9be53314e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e080dd64361c5d7855494333fb91dda700b0fdb898d7e0b37fb55d89dda4899c/analysis/1574250806/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "09fa3efb-9d63-4e39-9c2d-7724bb53de30" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f561c60b-5026-4a7e-9815-350888ff502e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4a596c88-c2da-4708-bc04-8137ec167945", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "pattern": "[file:hashes.MD5 = 'a8469c2aac8ac92a95fb4c3ac4579739' AND file:hashes.SHA1 = 'f554d37ecc27f12672691cf2647aecf643674459' AND file:hashes.SHA256 = '91f1b3a4c4af40cee470b75619653eeb88db8b37958159b6df262ed01d2ed7c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--81b66735-8b1b-4ba7-9930-47afc63d8a2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:49:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d7c757df-baf0-4fff-9602-d9f0af4e9988" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/91f1b3a4c4af40cee470b75619653eeb88db8b37958159b6df262ed01d2ed7c3/analysis/1574333392/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8ebd067e-55d2-4458-a3b5-c42ae19be059" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "66527e6e-9d1a-4331-badb-0dbae58ddb2e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25fc58fc-4486-4519-8f8a-b37ef6ab6431", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "pattern": "[file:hashes.MD5 = '8730d47ec35f5f01cd0e5624f0ad1d19' AND file:hashes.SHA1 = '0da65cb425d34e955d8f081f669179cbd93880d7' AND file:hashes.SHA256 = '2f283ad12fbd85f295a46dd108d2b9f7c59bf49c617e26c4f996931c93ecca8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9824f125-6779-4a9a-bd60-063532f4ed5d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-07T09:40:18", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e44a70e4-a23f-47b8-943d-d8dace64bd77" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2f283ad12fbd85f295a46dd108d2b9f7c59bf49c617e26c4f996931c93ecca8b/analysis/1575711618/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d05fc176-914b-44d1-8ec0-919cc597e577" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fe7ef037-1cfd-4b71-9fd0-36c79cdf04d7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd63552b-3ce3-46f6-978c-5b6b15ea5b0f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "pattern": "[file:hashes.MD5 = 'd7e7e8babd291ce721dbd28c9216073a' AND file:hashes.SHA1 = 'a9fcd71863c7c73ef5669190eeeafe5ce3a444aa' AND file:hashes.SHA256 = '778f10e44ad76087857af1f4168a4f6fb3a5f03b160d19ae02c467e98597fbac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3df48e75-a739-4211-9407-6311765cdaa9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T13:25:55", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6f00df8c-db4c-4b4d-ac78-d3c068a2731b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/778f10e44ad76087857af1f4168a4f6fb3a5f03b160d19ae02c467e98597fbac/analysis/1573737955/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "de8a524a-6b1a-4ffd-b0e3-1e2a0c3f895d" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5b412bc4-97e0-4248-87f5-78cfb80d2e78" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4b3cf43-3ee3-4127-9013-8ff15a37ef5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:01.000Z", "modified": "2019-12-11T09:17:01.000Z", "pattern": "[file:hashes.MD5 = '7fa8ac5c4e36005705b9367f82b8f980' AND file:hashes.SHA1 = 'c8e8321bf432bab593c43c7f4d5e722f59a98c55' AND file:hashes.SHA256 = '31e422b17cd0cce5cbd49cbe452772c16693fecd97f05558db60b5a331757bcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1e4f61f4-b717-486e-8313-76ca42f9d871", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:02.000Z", "modified": "2019-12-11T09:17:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "25af1bbc-a0e6-4f17-a2e9-cf77acf0a218" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/31e422b17cd0cce5cbd49cbe452772c16693fecd97f05558db60b5a331757bcd/analysis/1574062644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "417680b5-95c1-42ad-a1d3-4eed68927bf7" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b42c3e8-a2c1-421e-a19b-0705c736c9c6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41837ce0-6fc9-4bf3-bbd7-b5db13b56d8a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:03.000Z", "modified": "2019-12-11T09:17:03.000Z", "pattern": "[file:hashes.MD5 = 'e63799d433190ec8b61d19a9f225dd5f' AND file:hashes.SHA1 = '84b87156b438da0a5e905443f09f12df2d27677d' AND file:hashes.SHA256 = 'e8c699ad010c200d8764cae0d4b75762379b321ab52e0614617a7bedfd42994e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a480ec19-a2fc-4c23-a2ba-d901c3e46209", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:03.000Z", "modified": "2019-12-11T09:17:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:48:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "22ef1927-eb7f-4975-90b4-daf7476cb4f7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e8c699ad010c200d8764cae0d4b75762379b321ab52e0614617a7bedfd42994e/analysis/1573980521/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "130ab3d4-2d55-4d9c-9d63-33bec1295d5d" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "25fc8c52-a38d-46b2-ae61-6cc867eaa772" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a34cf03-2091-4bd1-bfc6-b0c4f096701c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:03.000Z", "modified": "2019-12-11T09:17:03.000Z", "pattern": "[file:hashes.MD5 = '3409f85d03db44e5b37fdc8a4e95f9a4' AND file:hashes.SHA1 = '25f1ce50d805fdeeeb43edb3eb915f3b73993a7c' AND file:hashes.SHA256 = 'b636ad3e666a2fd724a2719bed3c7bf04cb21eff830409eb806553be8835e424']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--045a999a-05af-4f68-97b3-c67877b7306f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:04.000Z", "modified": "2019-12-11T09:17:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-02T13:21:39", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cf2ea883-3cd3-4bf9-9ffa-25bba0f57fab" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b636ad3e666a2fd724a2719bed3c7bf04cb21eff830409eb806553be8835e424/analysis/1575292899/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "42b19bf4-419e-4725-acd1-dd1aed879022" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "79c3f838-18bf-41dd-afaa-2da1b7af2662" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb9212b0-60a3-40d9-b087-27ab8db99dd6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:04.000Z", "modified": "2019-12-11T09:17:04.000Z", "pattern": "[file:hashes.MD5 = 'cab204d321bf867dd51129f865a37310' AND file:hashes.SHA1 = 'c5c8e76181f46d87acaa8de9eaebc3bb0bd3e8f5' AND file:hashes.SHA256 = 'd093211ca6df1e26dff4ec0e2b432c56e7d0a3eb08e53d00a990e5a4c919e7e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--de7e7abe-cf70-41bf-b039-e3e9e9118bef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:04.000Z", "modified": "2019-12-11T09:17:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-10T05:09:22", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a331aa07-150d-49ec-a9e3-7655fde97972" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d093211ca6df1e26dff4ec0e2b432c56e7d0a3eb08e53d00a990e5a4c919e7e6/analysis/1575954562/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2de0cab7-af1e-4594-92f3-fb6637133551" }, { "type": "text", "object_relation": "detection-ratio", "value": "60/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d08a83f1-4c6b-4ea0-af4a-d2cd9e2a5e17" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4a5d335-d05a-4f1b-927b-f07d48ceeade", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:04.000Z", "modified": "2019-12-11T09:17:04.000Z", "pattern": "[file:hashes.MD5 = 'a1824387fca3e5a3cd76026f69e204f0' AND file:hashes.SHA1 = '2cb26b1a4d08902318dc37c9b830267b7437e17c' AND file:hashes.SHA256 = 'f2887e2d29564f6a7ba1e0138b907fac713463a5906ff38a2819c6bc4f7e82fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ffd6cead-93b2-4611-b25b-a918732de14e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:04.000Z", "modified": "2019-12-11T09:17:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T17:40:48", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2b1dcb0e-8708-44b7-a9bf-dad7d4ad8b7e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f2887e2d29564f6a7ba1e0138b907fac713463a5906ff38a2819c6bc4f7e82fc/analysis/1573580448/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a1415fb7-c366-47fb-a847-05163125f89d" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce0079c9-cfba-4c8b-a976-b66a77c2df99" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--387fd63b-aefa-4afd-853c-caf75eacdb7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:04.000Z", "modified": "2019-12-11T09:17:04.000Z", "pattern": "[file:hashes.MD5 = '32cb296c72766a6bb0dd501599bd8535' AND file:hashes.SHA1 = '2d8832336a06b11dbc71301297d2153d7859e53b' AND file:hashes.SHA256 = '3ab1d7b7e41a79c7147027fb2f8e921ed35167322281f1936cc321f1f916f3e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a518f4a8-4592-4a87-a370-8bf4338440a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:05.000Z", "modified": "2019-12-11T09:17:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:44:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8ddf364a-63df-46cb-9d00-03025c03e6e0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3ab1d7b7e41a79c7147027fb2f8e921ed35167322281f1936cc321f1f916f3e3/analysis/1573893861/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cbb33afb-f6b0-455b-881a-37c7fbef1817" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d9b39fec-ad6b-4605-9f42-c6594dfaacd5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf1d74a7-6453-41df-b8c0-c8036ca30e3b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:05.000Z", "modified": "2019-12-11T09:17:05.000Z", "pattern": "[file:hashes.MD5 = '41f5638751db78bb55234e2668710e09' AND file:hashes.SHA1 = '75282f562d38226a74dc0e66d981168c2b073c80' AND file:hashes.SHA256 = '336ee5f4b81ae7d30a17c6251b78af87f1a9815f19f732f78961584f268ddb0e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e24f718d-46ce-48de-a1d5-5b59fa3fcb50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:05.000Z", "modified": "2019-12-11T09:17:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T20:41:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e73abc26-2c81-467e-a55f-bba725c59617" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/336ee5f4b81ae7d30a17c6251b78af87f1a9815f19f732f78961584f268ddb0e/analysis/1575405664/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f1201a3a-b9a6-474a-b77e-afc6b2defb24" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "98e5c78c-2102-4afa-8c32-5a17d2567bce" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9bd53e5-f96d-4b52-a85b-d008fb299c67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:05.000Z", "modified": "2019-12-11T09:17:05.000Z", "pattern": "[file:hashes.MD5 = 'c4319b3de449f0d95a2c678ccf15a184' AND file:hashes.SHA1 = '99d9d6bf4b78d3ae0f6afa675c36438c31ffe443' AND file:hashes.SHA256 = '9091f32108282e5a2edfe5ca09d24f9cf335142e1061b2274f13a2534047d52a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed42186f-425b-4534-9e72-6d8667bc2763", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:05.000Z", "modified": "2019-12-11T09:17:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T05:20:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "df91305a-3e14-44c4-b020-f878e2663309" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9091f32108282e5a2edfe5ca09d24f9cf335142e1061b2274f13a2534047d52a/analysis/1573968037/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7c634c53-80b7-4286-b4af-73399eea5028" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6262e7bd-e0c9-4daa-9413-4e21fbb9c90c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6057798b-3af5-424e-9be6-1f63bdbee336", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "pattern": "[file:hashes.MD5 = 'afae1a53d93dce41d8562f5fe56fd9aa' AND file:hashes.SHA1 = 'ad4051b260efe9451b7bdcce3e1c366cc29f1137' AND file:hashes.SHA256 = 'd1b58a7f25a5237bebb4104e247d7e036ea2b1a48f4342c88a117b1e8a43ad51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--82c95c8e-9acd-4d94-84bf-a2732dbbd804", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:41:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2a75dc3b-b433-4fb0-8d8d-7aa92baa96a6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d1b58a7f25a5237bebb4104e247d7e036ea2b1a48f4342c88a117b1e8a43ad51/analysis/1573396875/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6ffd0388-c494-4d12-ada6-8f933ada2a37" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0523af84-12cb-4f82-9b2d-0c2439090a9d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c307c82e-5ee9-40b4-a57a-bc100bc9d5dd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "pattern": "[file:hashes.MD5 = '2096b31942e11ea6162742ad00c4ec08' AND file:hashes.SHA1 = '694a29886301d38b19604180feec3f68c429e851' AND file:hashes.SHA256 = 'dfbd3927e48c1772fcd2f57baeed5f5292a12540cc0c061fa0e576ac37d38350']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d1ae46d6-dff2-42eb-a2eb-3caf259da849", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T14:37:30", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9d71b4ec-c1d7-4498-9904-cf996f266471" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dfbd3927e48c1772fcd2f57baeed5f5292a12540cc0c061fa0e576ac37d38350/analysis/1574779050/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d9f5282-9a95-47f7-a949-9ecc7c98be13" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "48638a71-1c67-4f9e-bd99-58e71d8e0ff2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d27efc7-ae77-4a63-8946-2b5f139d9ceb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "pattern": "[file:hashes.MD5 = '480d75f8e22948f5260544d6da36ed00' AND file:hashes.SHA1 = '32edd01433d5955fec45ebc3bd679e91f83fe001' AND file:hashes.SHA256 = '0fd0a413f060bfd03456ccc0ee43b86e1614a96c8727c59deb2f7d09059051e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--24d1e65b-5461-4b43-8cda-af45bff380a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-01T05:16:37", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9aa3b83a-9d0f-4915-b9b5-6877c32c99c3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0fd0a413f060bfd03456ccc0ee43b86e1614a96c8727c59deb2f7d09059051e4/analysis/1575177397/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "521b9cd2-3777-4dbd-b832-677503531868" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd613591-e900-48d2-aed6-e72b2eef756c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35446faf-0ddb-4f87-854b-385260b95671", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:06.000Z", "modified": "2019-12-11T09:17:06.000Z", "pattern": "[file:hashes.MD5 = 'fdba3ef7db009e0bd0b572a13ce86ec5' AND file:hashes.SHA1 = '913920f7f00c93165f494b49510f2758784a94c1' AND file:hashes.SHA256 = '4c289673d7e8272c016e3b9925dfde7b19a2c7c9f6db70102f7c7d882f4b17e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--835f33ab-3f7a-4ce3-8abd-aab87b77e4bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:07.000Z", "modified": "2019-12-11T09:17:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:29", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7d1edf35-42ec-446b-8716-444dbe102191" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4c289673d7e8272c016e3b9925dfde7b19a2c7c9f6db70102f7c7d882f4b17e4/analysis/1574062649/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7cc1cfb6-b289-4bda-bf8b-caebbbb9aa0c" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "da219885-71a7-404e-aa76-0bf1fd5a3375" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91f2a406-203d-4994-9682-e7108f0df365", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:07.000Z", "modified": "2019-12-11T09:17:07.000Z", "pattern": "[file:hashes.MD5 = 'f0f25aaa83d9cf9cc1409a1206269e84' AND file:hashes.SHA1 = '3b2a9c29f9efa3236a0ce581114cdb2cbb6ee5da' AND file:hashes.SHA256 = '356805e9fc94bd5ec769e2d5b524e79b1c3fba43a9011fa338da3e10bb67fbda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8a91dc91-0540-4679-b542-4a6626806420", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:07.000Z", "modified": "2019-12-11T09:17:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T06:28:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1dd6f8e4-876d-4789-bd6a-9dfb43bb44ad" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/356805e9fc94bd5ec769e2d5b524e79b1c3fba43a9011fa338da3e10bb67fbda/analysis/1573194495/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4eba6ec8-8de2-4d3a-a451-c3892f6ee147" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c224a544-dc47-4c43-92f1-0cdc72a4b67b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b141a34-9277-4a85-beac-d7493563108f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:09.000Z", "modified": "2019-12-11T09:17:09.000Z", "pattern": "[file:hashes.MD5 = '795432e4176ee402bf56afb158d9ba93' AND file:hashes.SHA1 = '237e52585118027eab7661ff6ad5c7e5de2e2611' AND file:hashes.SHA256 = 'def6d7b27b2c5411a53d44b5cfde7be57d9d72f0fac36c639d830bb9eac1c174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3e844dc3-b609-47db-9acc-099b34ce7d02", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:09.000Z", "modified": "2019-12-11T09:17:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T13:22:14", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "bdebe95e-a5b8-4b7e-9760-d936ff1119fc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/def6d7b27b2c5411a53d44b5cfde7be57d9d72f0fac36c639d830bb9eac1c174/analysis/1573824134/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dddd3458-df43-4cf5-8923-5533935c1117" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fdbe7b9c-ba55-4adb-9395-3ff13b8d99f9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--047dc7a9-043d-4f84-8cdf-ab188f1bb32d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:09.000Z", "modified": "2019-12-11T09:17:09.000Z", "pattern": "[file:hashes.MD5 = 'f4720f95e635bf54c31259e45b5f829d' AND file:hashes.SHA1 = '8bbd7d67d7471ad99013f1d42da89cde034fa2fb' AND file:hashes.SHA256 = 'ba68ac8c05da97e6cfcb6853a92232b5443ac43c1e11c14e4d4a15b684a6dc8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1199ba69-0bf0-46ef-b935-a55651b947ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:09.000Z", "modified": "2019-12-11T09:17:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "516c739f-0522-423a-b63f-c3d7196a752a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ba68ac8c05da97e6cfcb6853a92232b5443ac43c1e11c14e4d4a15b684a6dc8b/analysis/1573722651/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "16763a92-bfde-4d0d-8e39-97f66d004308" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1f14e0ed-48a6-4ec3-83fe-c310314c1cab" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5c22d2f-bf18-47e1-b9f1-e649da622ba6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:09.000Z", "modified": "2019-12-11T09:17:09.000Z", "pattern": "[file:hashes.MD5 = 'e96618309d3776f95a23fb9783009887' AND file:hashes.SHA1 = '815f3d5961ae739d1800ed1fd9f6504e39ea74a9' AND file:hashes.SHA256 = 'dd55cbf28ffb502bb38398c03f454a361330902c3fc4e465eb8865c8432d6b4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--994fbf8a-51e0-46e6-acdd-8ce215181e20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:09.000Z", "modified": "2019-12-11T09:17:09.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:12:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "15165f50-4c47-4c80-aa35-2c0ef13bdaf1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dd55cbf28ffb502bb38398c03f454a361330902c3fc4e465eb8865c8432d6b4f/analysis/1574773979/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3bdd7f24-d59b-42d9-8114-014d13b4f786" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6835df5-2eb4-4be5-887d-2904b9ae1599" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc463676-fa0d-4152-a4ac-f9568ad30f21", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:10.000Z", "modified": "2019-12-11T09:17:10.000Z", "pattern": "[file:hashes.MD5 = 'e54fad71693ebebb814a2cdfd3c26247' AND file:hashes.SHA1 = '0135b2b8eb323c2090ee26d99f0531aed15b623d' AND file:hashes.SHA256 = '9528d0c578157a0c18d495e807bcc5acc82f84a03a52576e6e824698f748c12f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9b02493c-909c-47f1-adea-240736dc4ed6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:10.000Z", "modified": "2019-12-11T09:17:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T22:39:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "390f284e-f060-40fd-bdc6-bfa33a99aaa6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9528d0c578157a0c18d495e807bcc5acc82f84a03a52576e6e824698f748c12f/analysis/1573425591/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6f9d5651-ddd0-463e-a424-5e87f3e56502" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3775fb5d-67cc-45d7-bf8f-5e2d47424705" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0309f0b-5aea-46c3-b31c-85409e2f1575", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:10.000Z", "modified": "2019-12-11T09:17:10.000Z", "pattern": "[file:hashes.MD5 = '1581c61692e8ca00968579a485710e3c' AND file:hashes.SHA1 = 'f9f9e891e40de848aeb0ae92a9e6d112807ab5ef' AND file:hashes.SHA256 = '45363875792ec1150f235d43a398d5080019a31487e322d0bf2221279424da64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9347bd73-b4ab-4e99-83f0-a9b892bd2cd3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:10.000Z", "modified": "2019-12-11T09:17:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:32:28", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "92dd930d-bff2-43d9-9c72-aff61cad7e2e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/45363875792ec1150f235d43a398d5080019a31487e322d0bf2221279424da64/analysis/1574332348/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fe4df3ff-b59a-4f61-b9bc-11821e13a017" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc9b1119-927c-4769-a26c-9a4285ae3f7a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1f459a8-8d2d-445f-8ae4-be737e996cf6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:10.000Z", "modified": "2019-12-11T09:17:10.000Z", "pattern": "[file:hashes.MD5 = '570aa0b95fc0e215d9450882a2a23ccc' AND file:hashes.SHA1 = 'b1ec8e6b7d04877be6570654f904d029270c613f' AND file:hashes.SHA256 = 'f281a3f88fd4aca86b05300e4a00f26974154aed73715de92456d26cbe6fd873']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--631266d9-9ebc-4b97-b95a-9042ce7b37e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:42:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f73e95c9-bac3-48c8-9a00-b258a794ae82" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f281a3f88fd4aca86b05300e4a00f26974154aed73715de92456d26cbe6fd873/analysis/1573980163/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a50fa30c-a3e6-4341-942e-118126bf928d" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa121851-84d4-416b-b3b2-510d39ef9473" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c80147c-14a8-4788-a975-fca23e47c4be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "pattern": "[file:hashes.MD5 = 'bd19a5a4a17fb727a5dca2103a0b7cee' AND file:hashes.SHA1 = '68af7167caa9b0fdd185286f92fbfbc9ff45ac9b' AND file:hashes.SHA256 = 'f0c4aaffdfaed2db209a76aa99bc98518f489f1c62bec0be7584cd210bc0b31f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--82717ca0-1aca-4e43-b093-95115091b83e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T12:03:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cc954813-ad5b-40c6-bb1e-94ff867ace29" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f0c4aaffdfaed2db209a76aa99bc98518f489f1c62bec0be7584cd210bc0b31f/analysis/1574251436/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2c63a5ab-c4e3-4ad5-b05f-13e88dc8cf92" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "49d41418-faa4-4dab-b6e1-cb8fb310d7a0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2a8bed0-ecec-4727-aff3-9692b710ec87", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "pattern": "[file:hashes.MD5 = 'cd4e7916038cf877ec44f1a665806bd0' AND file:hashes.SHA1 = '106cc19f5c5fc48c3f008dd80c7bfa2aaa572a4c' AND file:hashes.SHA256 = 'f0c31f19ca1159657e2777c50ce5e1c6c4247b50da33300694bf4f2c7287f01b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0bd0a4e4-3dee-4363-855f-290fbcfb272b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T14:01:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "134dbfa9-0e34-4605-9031-918ee0379e33" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f0c31f19ca1159657e2777c50ce5e1c6c4247b50da33300694bf4f2c7287f01b/analysis/1573308071/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31f26bbc-d0e7-4e48-9e44-16c6f2c42c6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "17b36523-046f-42f5-983d-0d46f227ff74" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f72eda7d-b70f-4693-8822-0a78cfa8cc8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "pattern": "[file:hashes.MD5 = '42acc79d61819930ff0bc41b394e9300' AND file:hashes.SHA1 = 'fcbd5a9c690d3fdefadffa0cfe0290a538d08df2' AND file:hashes.SHA256 = '10079b5bba74566cd2daec9376f14acfd3ffaeed56f9a79d45d87ea795c21e33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--463ae21e-bbde-444e-89d3-99479d75ae8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:11.000Z", "modified": "2019-12-11T09:17:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:36:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "513ebe33-264b-4fe6-8070-a2dfbb0b7222" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/10079b5bba74566cd2daec9376f14acfd3ffaeed56f9a79d45d87ea795c21e33/analysis/1573961817/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "46673cb1-66d9-44e5-acaa-00c928e76167" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "058d2fff-392c-4948-a707-c039abfd0fc4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e15b2c6-4e3e-43b6-91db-741c882e5f57", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "pattern": "[file:hashes.MD5 = '12b3dbe7421cfb533556b371da7677ef' AND file:hashes.SHA1 = '00683372a73bf4a41d44606aac8c28a65a14227d' AND file:hashes.SHA256 = '2df028b7d9b691bf3c25d8579c5b7846f40227eb00b563e04956fc1981fd5ba9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--290a99ee-e5ed-44f3-b8de-a50139d24917", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:01:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f8a2f851-ad29-4250-8476-cbacefbee5b9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2df028b7d9b691bf3c25d8579c5b7846f40227eb00b563e04956fc1981fd5ba9/analysis/1574546501/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b9d43c51-bba0-461f-9f5a-2c89c48e3818" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "792b6174-6677-4373-977f-e3f28a77a162" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb99d484-d0eb-4eb3-97c7-8f2aff1583fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "pattern": "[file:hashes.MD5 = 'c508f7a19735cba1cf6cfd8b1ebaaf3b' AND file:hashes.SHA1 = 'e44bfcaee1789165b5a8f3a1aed4d404d481d514' AND file:hashes.SHA256 = '676f1bb1cf144e5fb86776954be0a1471218cf502c5d0ecc23defaddd05e56d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6339d9ce-f18b-4cab-b0ba-90603d434da7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:52:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c52bc965-2fdb-4b4d-b523-08a36c694326" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/676f1bb1cf144e5fb86776954be0a1471218cf502c5d0ecc23defaddd05e56d6/analysis/1574250779/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd7d3128-d826-4ad9-acdb-23e25394c335" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93115e2b-d373-4999-8ec5-1159f9022c59" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b96abe4-4bab-4097-bdb3-ac8a298c6796", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "pattern": "[file:hashes.MD5 = '0c113872afb0fb48f9df3b23917eca89' AND file:hashes.SHA1 = 'bee2bebe19024594bddf17189b01f19485fa1436' AND file:hashes.SHA256 = '9cf345394b70a129fb77e130037c740fe2733b1301bc07b809d14fac187eed2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7bd1774b-123a-4795-a208-e214b34da6d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T03:56:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5819bcba-b75e-4826-b532-43d524af1229" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9cf345394b70a129fb77e130037c740fe2733b1301bc07b809d14fac187eed2a/analysis/1573617370/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b91fe26b-f284-4468-bb52-db8663caeec0" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "088a1e01-4fc1-4d0e-b0be-1e3f6628ac87" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--790e9ba9-414b-442e-a128-1d3a40dd80f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:12.000Z", "modified": "2019-12-11T09:17:12.000Z", "pattern": "[file:hashes.MD5 = '7da05821f50e18bfdad0302800175012' AND file:hashes.SHA1 = '9cc6643ec243e08f8dd5909b57070efabffbcf45' AND file:hashes.SHA256 = '39f9d63667821d7b12267a250b84e6979eb7b88b1c7573e82da42dcd162b81ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f34ac31a-c93f-46a2-9bc1-c0bb0941f729", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T03:07:24", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "268d4b7c-89c3-4c89-9d38-30219422c256" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/39f9d63667821d7b12267a250b84e6979eb7b88b1c7573e82da42dcd162b81ca/analysis/1573873644/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cb4208de-268f-48a5-ba9e-04cdd36f4336" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "abb4534b-b57a-4c81-8b99-fc14de994dba" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0f18d2de-6860-448d-87ad-d7daeb9022eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "pattern": "[file:hashes.MD5 = '9b4774b6033da19753bdde316eb6f67e' AND file:hashes.SHA1 = '6817de55865b4e198dac84c934b39c0ac78c3b90' AND file:hashes.SHA256 = '6cc3efcc4d64393074d60aea4c50585af789ff68b4c7b1181abf352b129a8840']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--78e30eb5-6d68-493c-b7e9-01d872e9b47e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-18T07:37:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "31c61828-2449-43b1-9f61-e0d110a96bab" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6cc3efcc4d64393074d60aea4c50585af789ff68b4c7b1181abf352b129a8840/analysis/1574062647/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d6c87ec0-e31f-4df3-a13a-fdf79950691f" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "08161ed0-99e5-4393-88ab-812d4cbe7ca5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e905908-feb4-4bc9-9c9f-be6c013deabe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "pattern": "[file:hashes.MD5 = '65487edc873b631cea9be79b176dcbc3' AND file:hashes.SHA1 = '7b3ec09c372ea1fe66eae05b633f65655abf41dd' AND file:hashes.SHA256 = '8264b7930cd796ac0665159e87568b3d493449815a3a38fdbbf36ef4a732e046']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2bdc1369-156f-4352-b274-343e87e014fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-08T13:26:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "94344ebd-233f-425f-8bd2-eeda20ef7a25" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8264b7930cd796ac0665159e87568b3d493449815a3a38fdbbf36ef4a732e046/analysis/1573219616/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ab0bc70-c43d-4ea4-bbd3-b6679ae70054" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26e6fa8b-a520-4dac-97a0-29ff36be9206" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6620f764-ad31-496f-a9b1-1f5d3cba2720", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "pattern": "[file:hashes.MD5 = '3f80b5f5806063ef9ae9f92eb5c64488' AND file:hashes.SHA1 = 'eaf33f007b5bb4d4185cc4c86f82f18aa1e9b66b' AND file:hashes.SHA256 = '122e7c75b0d159fbe36e277b1c66fe136fb58a73f42c8a3ffe8677fde56c1daf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e6afe7fd-4808-48f3-9e13-86d21eb5d043", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:13.000Z", "modified": "2019-12-11T09:17:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:28:09", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a5ac96aa-52a9-4e73-8d2d-39029d56b86b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/122e7c75b0d159fbe36e277b1c66fe136fb58a73f42c8a3ffe8677fde56c1daf/analysis/1574782089/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "960702d0-8c2e-45fe-8f54-39a3be413a12" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5025024b-a3db-4775-b1a8-e7f31ff9b945" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c25a987-39a8-4df4-a449-34c6e50aaa83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:14.000Z", "modified": "2019-12-11T09:17:14.000Z", "pattern": "[file:hashes.MD5 = '30215f8873baef28cc31b47b8b5323b5' AND file:hashes.SHA1 = '2ce88c677df2830e7d58da1dcc0aabbc91bfb9f6' AND file:hashes.SHA256 = '28348068d4a96533884f5c481a16083dcd8e331c09facf08df1a331fe6ba4395']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d0988bd5-e3fe-4b3d-86cc-4f487be10b9a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:14.000Z", "modified": "2019-12-11T09:17:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-23T22:10:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26e987df-8396-4443-8e3a-ebb1c13fb482" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/28348068d4a96533884f5c481a16083dcd8e331c09facf08df1a331fe6ba4395/analysis/1574547021/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "53622cf2-e4ae-4e11-bd1d-9e6a5bab9ff7" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "3f6334ea-cf16-4e6d-b0a2-0ee2ab541810" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--31aab19d-f800-4ef6-8d32-74c6db0f8981", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:15.000Z", "modified": "2019-12-11T09:17:15.000Z", "pattern": "[file:hashes.MD5 = 'b56a8cbbc280446caf72667f1701d593' AND file:hashes.SHA1 = 'db016d0c4e5f9fd83b857e49971b4cdd8c58d861' AND file:hashes.SHA256 = '574de62d0fa0bc8fe1af444960a9d8fb61f95f5bb23b42c9832fe7d288b7d147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d65a4876-fa23-4956-9b83-993ca4626952", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:15.000Z", "modified": "2019-12-11T09:17:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T11:48:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "23b8d8e5-951b-4e51-8c32-cd0848832d35" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/574de62d0fa0bc8fe1af444960a9d8fb61f95f5bb23b42c9832fe7d288b7d147/analysis/1574250531/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5a95c0ac-708c-40de-86d6-1df4c8c8b309" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a4a5a5c5-1070-494c-9ace-60556c67f14b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f9dc79f-f7b3-46ce-a6cb-31984ae06835", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:15.000Z", "modified": "2019-12-11T09:17:15.000Z", "pattern": "[file:hashes.MD5 = 'c4917443928e74a6277768a0a2658b7d' AND file:hashes.SHA1 = '151d8dd17c842f2ab011afb4cbc7711ee6a518e6' AND file:hashes.SHA256 = '5e05284cb4efc45f8cf8ca3818bb9461f2a106285ecd2b23125046691a3839e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--33a5510d-f8d9-4e09-ac75-a43c9fa9c815", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:15.000Z", "modified": "2019-12-11T09:17:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T09:22:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7a60b2fc-70b5-4930-9502-2cc8336dc88a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5e05284cb4efc45f8cf8ca3818bb9461f2a106285ecd2b23125046691a3839e6/analysis/1573636974/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "944981c6-eba3-4b1f-a0b4-2f693514a82e" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "122ed7c0-7a7a-4ec1-8cfa-cd8d25db827f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--af2c0ba7-1d20-40b1-8df4-ba840f095ec5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:15.000Z", "modified": "2019-12-11T09:17:15.000Z", "pattern": "[file:hashes.MD5 = 'e5377004a96bf5b2b5653eb7802b98b6' AND file:hashes.SHA1 = '7dc40ac9efb86909b51cdd34e3e5bb192a4809bf' AND file:hashes.SHA256 = '52a1dc7dbb067a3c37b3ee776f56e97b926fcf419d7dac3b1b99576ff1095fbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0f05b691-83cd-427e-b4f1-d023a58e914b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:15.000Z", "modified": "2019-12-11T09:17:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:34:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8adfc3ea-fc4e-45f5-b08c-34f663cf8b0b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/52a1dc7dbb067a3c37b3ee776f56e97b926fcf419d7dac3b1b99576ff1095fbf/analysis/1573961663/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e413824c-6193-451c-a4ed-19610e6098e7" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e875a169-6077-4051-a8e8-9a1808742117" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4037054-8a55-4fdc-8e7c-6c8ee7055455", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:16.000Z", "modified": "2019-12-11T09:17:16.000Z", "pattern": "[file:hashes.MD5 = '82cc3ba7cf377710eb9d7b16d7cc07f1' AND file:hashes.SHA1 = 'f8516778b8c615a0b04382c1ad93e6cbd190fa8f' AND file:hashes.SHA256 = 'c8d71f59dcbb6a9248a1d6d2face02c1e7f7d54a70ccf32d1111cb0ec81d21af']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8d164152-93e4-491d-8174-71ce50247de7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:16.000Z", "modified": "2019-12-11T09:17:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-20T18:50:57", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9b8ec38c-8c7b-4c42-9d1c-0ec30ef0d9d9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c8d71f59dcbb6a9248a1d6d2face02c1e7f7d54a70ccf32d1111cb0ec81d21af/analysis/1574275857/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f46e5b1f-b4a5-4b22-9634-1af7220d727b" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1cba8761-816c-4eab-89f2-34557114cac7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1fdbd81-ae8d-40a8-8a37-aa3da6836d41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:16.000Z", "modified": "2019-12-11T09:17:16.000Z", "pattern": "[file:hashes.MD5 = 'eb68198fe475e9635a0e29601db71e6f' AND file:hashes.SHA1 = '50dd3dc5ccafc578167d26be27085acd3a939e7e' AND file:hashes.SHA256 = 'bfafa8be3980f026bc1a0561f7a376f83b2c4dd0594654acf3499df18c84c29a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d8d6cc05-a655-4af7-9dae-3486ca8047f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:16.000Z", "modified": "2019-12-11T09:17:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-05T14:38:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "63e44892-31fd-4c1d-82f3-eeee0deb082b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bfafa8be3980f026bc1a0561f7a376f83b2c4dd0594654acf3499df18c84c29a/analysis/1572964718/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b7f99b21-899a-481a-82c9-c41c00d3f5ad" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "82e01fd0-8ea2-4fa7-927a-898994779db9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9d6f735a-20a6-43bd-bd48-cc666ccf0bc3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:16.000Z", "modified": "2019-12-11T09:17:16.000Z", "pattern": "[file:hashes.MD5 = 'bc6e933ecddd5fda107c3901f295ce16' AND file:hashes.SHA1 = '7f90faeec5c486b3f2cdb7a1a0498f57d2490ea8' AND file:hashes.SHA256 = '6cee05723caefbd2f1f92aad74d7f1cac9f0074e20b4423fff56e1a8acd689c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--16861013-0e17-4c80-9221-24cc9b73b85b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:16.000Z", "modified": "2019-12-11T09:17:16.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:23:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d28b30f3-6d36-4a30-b82a-13132d7cc861" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6cee05723caefbd2f1f92aad74d7f1cac9f0074e20b4423fff56e1a8acd689c2/analysis/1574612603/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "985799f9-e317-4d56-8fc4-00c2f883db7f" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1c2beb13-a58c-4e40-9153-969becfde05f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f72b5eb-27e6-441d-ab60-7fd97834c781", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:17.000Z", "modified": "2019-12-11T09:17:17.000Z", "pattern": "[file:hashes.MD5 = '79e3ae4176aafda4aef69e646dcdf5cd' AND file:hashes.SHA1 = '888cf3f4e5e610aaec24feadc6ee67645a30d993' AND file:hashes.SHA256 = '781f84274d6432596325a04276a68d0c5599bfdb98771a853400d94605dae631']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b3a698f4-af39-4d2a-b5f1-0826edb603f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:17.000Z", "modified": "2019-12-11T09:17:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:36:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d24d6f8d-2663-405d-9283-fefef2f80a3e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/781f84274d6432596325a04276a68d0c5599bfdb98771a853400d94605dae631/analysis/1573961801/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e47d724f-e09e-4183-a2fc-41f3a84ae715" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a579e1a2-4ef9-4330-90b2-f46e1aed5486" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc226cf9-3901-4edc-90f9-9de75bd2d00f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:17.000Z", "modified": "2019-12-11T09:17:17.000Z", "pattern": "[file:hashes.MD5 = 'af87cfd616077e11600a47c62a5b96f9' AND file:hashes.SHA1 = '1356bcd1fff013be285fc3f7ec33078fe3710470' AND file:hashes.SHA256 = '281841ed84abc658c8b77a2a284d4a95f5e82cd3990135f463cd2a45c719bfeb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--93d35eb5-e307-4820-a47a-a57aa72cfe2c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:17.000Z", "modified": "2019-12-11T09:17:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-27T16:34:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b312a556-2d2c-4721-a7d6-45b934baee52" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/281841ed84abc658c8b77a2a284d4a95f5e82cd3990135f463cd2a45c719bfeb/analysis/1574872492/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "66dc26e9-689b-4e94-b0c7-cf242ff4bca8" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7a21ee72-83b5-49f3-b473-8a571c0ed326" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2cabe989-3926-4b82-a18e-ee6350cfb8b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:17.000Z", "modified": "2019-12-11T09:17:17.000Z", "pattern": "[file:hashes.MD5 = 'f942193f278026cfc1bb338da9a49fdd' AND file:hashes.SHA1 = 'e94d86dc41cf26a01e397b91855611df6a684bc8' AND file:hashes.SHA256 = '7bbd5336a9e203070e55890136006d4c41d4b87fa89986600b11669a15c0dad2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2b338a76-e93c-4865-86ce-579be4f77db0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:18.000Z", "modified": "2019-12-11T09:17:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T11:09:11", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "47e145c7-7f42-435f-8d16-60ac75ee6e66" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7bbd5336a9e203070e55890136006d4c41d4b87fa89986600b11669a15c0dad2/analysis/1573816151/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d30fda7b-9a98-45eb-beca-4a78ae5c00c0" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "49a2258f-e9e2-40e9-a2d8-4c0ecd928337" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96a29e4d-f0b4-46a6-b1fc-7149ae1ad279", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:18.000Z", "modified": "2019-12-11T09:17:18.000Z", "pattern": "[file:hashes.MD5 = 'd27d2e3a6dd4bf06eb3299af2bd6c15c' AND file:hashes.SHA1 = '31a36074be839120f317d4f339f2147fea6470b1' AND file:hashes.SHA256 = 'bd705bae29e82a184dc1b697fe12e31e0856fd5cdfafb8e6eabd6e78ae4a16d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--31c7787b-9094-44df-b7ca-87a0e7021c77", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:18.000Z", "modified": "2019-12-11T09:17:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T06:25:04", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "91a03381-aff7-46c7-8037-9ebe8cb332e0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bd705bae29e82a184dc1b697fe12e31e0856fd5cdfafb8e6eabd6e78ae4a16d2/analysis/1574922304/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0bb5c536-2db5-4b14-a927-3a26fb94dbe8" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "84a1e548-7088-4658-865c-4362c54f7ce1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--49eb8d09-d848-4ff0-8816-a3d7326ebccf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:18.000Z", "modified": "2019-12-11T09:17:18.000Z", "pattern": "[file:hashes.MD5 = '0a27168a3cdfc3103ccb4c459ff230c9' AND file:hashes.SHA1 = '487973cf83325eee28c7911546a5aba0c7e94b56' AND file:hashes.SHA256 = '6540b42f334391d3e48b964e39e199e9d75d7e58086aa6c40b528c9bb306ec8b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--062efe17-65a7-4b2f-b136-d58822c364f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:20.000Z", "modified": "2019-12-11T09:17:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:03:16", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93b93eb8-8bef-48a4-b3b2-9f2277052e0a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6540b42f334391d3e48b964e39e199e9d75d7e58086aa6c40b528c9bb306ec8b/analysis/1574780596/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c6568d2f-e929-46c1-a2ee-4c8eb50457b5" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8a7a45a2-2086-4983-af9b-66d183972501" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db7298fa-263b-498f-960f-1b194cfe4de5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:21.000Z", "modified": "2019-12-11T09:17:21.000Z", "pattern": "[file:hashes.MD5 = 'bd7dab59e6badce95dbe6d6d40778d09' AND file:hashes.SHA1 = '4652a511a93abff691e7ba012180a1f89843bc59' AND file:hashes.SHA256 = '7f160a49ee4ad098f972f8bf86b52afeca4ccd77ed47f5282b36a9ab40040e5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e2c7bb3e-63e8-4dee-bbd8-b7d6dc6e2e02", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:21.000Z", "modified": "2019-12-11T09:17:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:14:43", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b254ae70-92a6-47ce-897d-c1c36d2d1b27" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7f160a49ee4ad098f972f8bf86b52afeca4ccd77ed47f5282b36a9ab40040e5e/analysis/1573985683/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "21a45685-b76f-4220-ab22-124397af45b3" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1a1cd1d6-0a7a-4625-9583-9867e6dceaf9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e073b10-f5b2-4b40-b03d-2ac3c346c623", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:21.000Z", "modified": "2019-12-11T09:17:21.000Z", "pattern": "[file:hashes.MD5 = '9c8e3d1cfd6d13544d9a2b9b2ba7384a' AND file:hashes.SHA1 = '1e5b7486fe1d00ad7de6056563a9b5990e5638c7' AND file:hashes.SHA256 = 'bbd1ebcab780a0d5018b033a89b83ea4216aad07c8c73e41c86e878d77d8a8a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--78957d62-12a5-4e50-95bb-1bfc7d52c0a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:21.000Z", "modified": "2019-12-11T09:17:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T10:06:19", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88526ae0-fbb6-44d3-8cdd-05e595b97849" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bbd1ebcab780a0d5018b033a89b83ea4216aad07c8c73e41c86e878d77d8a8a0/analysis/1573985179/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "93eff5c2-5752-4858-93af-4cb4cbe15bb6" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d8fcfd35-cc14-436c-8456-62825fae07bb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b06cd6d-1b04-4eb1-a5b3-5ac16957a74b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:21.000Z", "modified": "2019-12-11T09:17:21.000Z", "pattern": "[file:hashes.MD5 = '76cb9adc877e519f8e6954434e79dea1' AND file:hashes.SHA1 = '364559a5e20c44a51f4caeb174929cd0ed21a1c0' AND file:hashes.SHA256 = '5a7b1f75b6082530340c4cacbc39341ec9c259f78297194fa0d6143cdf67c92b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--225b9831-90f0-4a1d-b648-39c64b06e224", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:21.000Z", "modified": "2019-12-11T09:17:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:54:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "490b9395-29af-4f73-8350-b41704f85eaa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5a7b1f75b6082530340c4cacbc39341ec9c259f78297194fa0d6143cdf67c92b/analysis/1574776467/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c5b56ba8-7f3a-444f-aa01-1f6d27d87f00" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "81de19d1-2831-455e-8041-586936747ef9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4291cde9-27ef-450d-92ba-2744f8c947b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "pattern": "[file:hashes.MD5 = '850dd8031df8996f6066b7dead89cf7c' AND file:hashes.SHA1 = 'f0bb13f5f84eaa29cc8e4bfa214a6a4aae332a9e' AND file:hashes.SHA256 = '800636f452b0dad4e1b48e925463194ebb26ee2bb2a7d30e263766ae05801f13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c144293b-4b7f-4679-904f-b7434c4d9c8a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T14:39:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e84744a-7c12-4bde-9926-2be149004e8f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/800636f452b0dad4e1b48e925463194ebb26ee2bb2a7d30e263766ae05801f13/analysis/1574779161/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "12eff1fb-cbfb-4c03-bd7b-280de6dde94d" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "36831e4c-4a3a-4165-9851-13131e10c40e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42f53055-e221-4cf7-b437-044ce5ca2211", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "pattern": "[file:hashes.MD5 = '3cf6081cba529416b1061526b043ecac' AND file:hashes.SHA1 = '6bfaf1d63fb8ec6f6eaf5a7b363f67be4b7948ec' AND file:hashes.SHA256 = '06fc21ab8354c6f6012ecc23d1c5fda1f8cb0be3b474a96da9587c6cadba99f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--178b2283-f003-4655-adb2-b3eb8bfb8661", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T08:47:59", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a0c0cf75-ede8-4d87-8d24-50c9e078cf1d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/06fc21ab8354c6f6012ecc23d1c5fda1f8cb0be3b474a96da9587c6cadba99f6/analysis/1573894079/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9165dfc6-881f-4ea5-98f8-ecb985f8a9f6" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8e76d993-be80-434d-b021-b116339c9ca3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e077c8e1-eee3-490d-a8e6-650a84d6da8d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "pattern": "[file:hashes.MD5 = '80121f2435dc0f84043b7dda3152354b' AND file:hashes.SHA1 = '0a1ef9df5a309a7721c7f55ae1959cc951cc04c0' AND file:hashes.SHA256 = 'd885ace57e9c72d3026b994e70cbb52e68dde1df934e69084a9173c6d37f4023']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3da85cd7-1e21-4793-afa9-f535e305f09d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:53:01", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d984aefd-7786-45c3-abe3-34de9f107a68" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d885ace57e9c72d3026b994e70cbb52e68dde1df934e69084a9173c6d37f4023/analysis/1574333581/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7269d431-52bf-40dd-ab0f-00ce9e767a81" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6381a9ba-4aa1-43ba-aa03-ed3d60633323" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--096051f1-52d6-40ff-9a26-27cc4cbd5340", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:22.000Z", "modified": "2019-12-11T09:17:22.000Z", "pattern": "[file:hashes.MD5 = 'c77333ce2cac64f607864923e26dd356' AND file:hashes.SHA1 = '2dffbcc7c91adaa686792e26d28e5d1703159704' AND file:hashes.SHA256 = 'd65de0d445035740cdf1cd4baf0405a8924edc0e9c3024aaa70df20cb7f28a32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--eaf1bd61-312a-450d-a6ba-98a75c96cc4b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:23.000Z", "modified": "2019-12-11T09:17:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T08:38:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2a3cdaba-bbef-4f6a-b136-e3c98c917337" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d65de0d445035740cdf1cd4baf0405a8924edc0e9c3024aaa70df20cb7f28a32/analysis/1573979934/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "82f834ca-6df3-46b9-a696-842c0c0e31e4" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "1e20b630-870c-4eba-906a-8f01d3cd8ca7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e75a5ddc-399f-4cef-b8ef-3ba62b37f3fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:23.000Z", "modified": "2019-12-11T09:17:23.000Z", "pattern": "[file:hashes.MD5 = '351dba3b6d4ed53cc1c699adb5de5acb' AND file:hashes.SHA1 = '6ed2cb63f05c7b0358a0dd2cda2b03a079661d49' AND file:hashes.SHA256 = '51f64cb9a8e015fd8b960c82e5cceeeabe379966de4038b460e0d77bd91273ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--691f5fc6-1432-4104-b2ab-91845bef1c80", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:23.000Z", "modified": "2019-12-11T09:17:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-05T04:55:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "c1054c06-a75a-4bf1-9aed-493de1284aad" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/51f64cb9a8e015fd8b960c82e5cceeeabe379966de4038b460e0d77bd91273ac/analysis/1575521742/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "858eead4-e7b1-4cfc-aff2-b0e6e9c01959" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6e59bc5e-50bb-4d2a-8caa-4e60fb3db0e6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a5297e6-1764-4b15-833a-dcf2da04d712", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:23.000Z", "modified": "2019-12-11T09:17:23.000Z", "pattern": "[file:hashes.MD5 = '7d24f545690680c7905468139a7069f5' AND file:hashes.SHA1 = '998ceae0b5951b06680e380b99b16b4a4ca49d0b' AND file:hashes.SHA256 = 'd2c301d3d084ae6f68000e2daed358fa538b4cf7e4f2d78ad86646c7d601fd95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9c8c3b07-a837-487a-84d4-2bc1dc29af73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:23.000Z", "modified": "2019-12-11T09:17:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T13:21:38", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d38a4d40-e669-4e2a-92de-53a3b24e588a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d2c301d3d084ae6f68000e2daed358fa538b4cf7e4f2d78ad86646c7d601fd95/analysis/1574774498/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "8ee38e67-41b9-41e1-8a42-f7ee1342e967" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f3a47981-1c86-409b-88c0-ced4525164ad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e099433-6b3b-4670-aee9-8b7df2e13945", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:23.000Z", "modified": "2019-12-11T09:17:23.000Z", "pattern": "[file:hashes.MD5 = '75879dc703f89383b08912a50c7129d6' AND file:hashes.SHA1 = '99364a4c44ed330dcbe95f634fd17a1bafbda436' AND file:hashes.SHA256 = 'fe59d5a474a9cd104bdd34d874e71cee88142eb467ea6c93962e23590194047a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--95dcd0fc-b65c-4d8d-810c-254cb5b8a74f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:24.000Z", "modified": "2019-12-11T09:17:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T14:13:15", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fc91f900-572c-4942-8fdd-7da9ddabcf44" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fe59d5a474a9cd104bdd34d874e71cee88142eb467ea6c93962e23590194047a/analysis/1573913595/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88872acc-3fcb-4e5a-94a7-f573dbdc688f" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "fd1792c7-caf4-41fd-bdd6-547fa61a15ba" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bc9e536-46da-4612-85ef-3ae475a779e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:24.000Z", "modified": "2019-12-11T09:17:24.000Z", "pattern": "[file:hashes.MD5 = 'd0c978cccafe592d451779d347338fc3' AND file:hashes.SHA1 = 'ed8f6c559e926da62768d56d20149279bdaa4eb2' AND file:hashes.SHA256 = '08f53891c69302e820db6ec3e54907497c50133a0b02d8151a3f0f84d4d798d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--164e873a-a433-47c5-b72a-871a36a0277a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:24.000Z", "modified": "2019-12-11T09:17:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T17:00:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "737ed95a-a5d2-409f-bb01-547b7f0b9274" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/08f53891c69302e820db6ec3e54907497c50133a0b02d8151a3f0f84d4d798d0/analysis/1573405223/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6bc0074d-41d0-4ddd-8ea2-b1f31fe46664" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "aa5857c5-dea8-4872-be23-3e9c1d06aaba" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4efc00e-8725-46d8-8eea-f816f13f8217", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:24.000Z", "modified": "2019-12-11T09:17:24.000Z", "pattern": "[file:hashes.MD5 = '9d70dd53cf51cd1a1fbddeadb38d7767' AND file:hashes.SHA1 = '578f4653d1be0654f13345742ef32f0c4122d3f7' AND file:hashes.SHA256 = '56f4307bffe1f95775fea20b85fe181ea7d0b1d0713b59d1183cc37535e9402d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--61f15f05-9676-4c7f-9d50-63725077ca79", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:24.000Z", "modified": "2019-12-11T09:17:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-26T15:03:20", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "72e46504-61ab-413a-827b-8ee06238799b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/56f4307bffe1f95775fea20b85fe181ea7d0b1d0713b59d1183cc37535e9402d/analysis/1574780600/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7887bdea-f0d7-41f8-be1c-0b410de48ce1" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "dc66794e-78e6-4e06-8f6a-bf1bb8891d76" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ac70318-589c-4c88-9b83-9e3c52632fee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:24.000Z", "modified": "2019-12-11T09:17:24.000Z", "pattern": "[file:hashes.MD5 = '045b32edfccb5d82ff2230debcbb0165' AND file:hashes.SHA1 = '07ea28f918fef1f234fb008aa1f726997ba7b9d7' AND file:hashes.SHA256 = 'c839355e4a53b4ec4a7cc4267efc78a9d7ddc429cb76b3aaa38a70857810d846']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cd1c5269-192d-46b2-8484-d5672a05cdd2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:25.000Z", "modified": "2019-12-11T09:17:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-09T14:01:10", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "71274237-5159-48fe-bc21-b565b3d1a13f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c839355e4a53b4ec4a7cc4267efc78a9d7ddc429cb76b3aaa38a70857810d846/analysis/1573308070/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9577a5c8-392a-4175-9648-6ed35e40c448" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ede36884-8762-47f7-84f7-6526c4eda086" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8e994ef7-443b-4711-a08b-5a654a62ca50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "pattern": "[file:hashes.MD5 = 'e9bd7eb34ff4e7d583b2570ae607c2c2' AND file:hashes.SHA1 = '9d79796a0ccf1490b97a23cb529ca48cfeb48693' AND file:hashes.SHA256 = '35c322773997578185364bf8ec420dea5195e1e450aa0585c805115c593d62d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bd08d423-1190-4b66-9395-012fc9783231", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T03:36:51", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "68e34e5b-354b-4b19-b3d2-0dcf81ff4a94" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/35c322773997578185364bf8ec420dea5195e1e450aa0585c805115c593d62d1/analysis/1573961811/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d2afbd49-5400-4a1d-9c59-e3b590d6a185" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "520a4e6f-b1fd-42bd-993d-99c238329edb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a6c70bd6-5746-4f7d-816e-13c91d9750c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "pattern": "[file:hashes.MD5 = 'fcfc6d7e36c86ada816eb9e046f61461' AND file:hashes.SHA1 = 'cdf4e2cbf5b17645bff433c603c9fda0d3e066a7' AND file:hashes.SHA256 = '0ba437dde133d54fe3ee1c2882320698fa2b0738d7ed8ffd53f1d76ea8897481']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af5461e7-5cb9-4010-b77e-07e856f70881", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-29T17:41:36", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a00b9882-4637-4deb-85a8-a06c199e12ea" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0ba437dde133d54fe3ee1c2882320698fa2b0738d7ed8ffd53f1d76ea8897481/analysis/1575049296/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "118cff82-f298-40a6-9d97-1ca16c295933" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a62cc48-7f70-4ee2-8d96-0c35653317f1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--963eab17-4976-4e37-a597-18564603f162", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "pattern": "[file:hashes.MD5 = 'e150ecd8ea4d9d6b59108b2f0ce7a258' AND file:hashes.SHA1 = '8da35e1a350c6f44b981923096da970b7773e5e0' AND file:hashes.SHA256 = '9544a35e1dcc645da251a6a56db8bf5232b14824c1591b2760cfcb62ee4eb127']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--02d36b0e-fd99-4989-9d36-810644b59d5b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T21:00:21", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f174f23c-ade1-409a-9b4c-28bb9c038869" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9544a35e1dcc645da251a6a56db8bf5232b14824c1591b2760cfcb62ee4eb127/analysis/1574974821/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5770b587-9296-4447-bd50-63da973c49bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d64a2fbf-1f01-45ab-9f41-01c5df499579" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--986317b2-6bcb-4cbf-97a0-fa7112dd0685", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "pattern": "[file:hashes.MD5 = '0cb675a8c1010082dac043a36cefe403' AND file:hashes.SHA1 = '4a93025e5be47729620aaa7f0626108ba69c94aa' AND file:hashes.SHA256 = '3b16a2c27a1869216641d1ae2fa122d1d62b7b2c03ccbb98b92a35c91231b561']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7c1083ee-e7b6-482f-9879-13ec6ee3c5c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:26.000Z", "modified": "2019-12-11T09:17:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-04T20:33:54", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "002c271a-3e1a-4452-8c69-55a81307de17" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3b16a2c27a1869216641d1ae2fa122d1d62b7b2c03ccbb98b92a35c91231b561/analysis/1575491634/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6a274514-7bbc-4a19-82b4-59f21abe5800" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "26a81c35-a3f0-45f7-9876-37dbd63c0770" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1cd008e-8200-480d-a5fb-8e173036480e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "pattern": "[file:hashes.MD5 = 'bb2795bfd28075b3aa25ce154906eebb' AND file:hashes.SHA1 = 'e1646cdb300f64772113184e8950a020464a07fa' AND file:hashes.SHA256 = '3da8dba74d4e1965885ee13b87a34296cd0bed175cdc52f7995bce780a88d3fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aaedd3d9-81ad-48d4-bb08-21118d6c5c92", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T23:38:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "328987a6-dabc-46ac-a543-a2c748b23004" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3da8dba74d4e1965885ee13b87a34296cd0bed175cdc52f7995bce780a88d3fa/analysis/1573947520/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cae6bf99-e21e-4642-b560-ff83af6c471d" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5ac6b192-8f5b-4ac3-8c24-f277f1a2363a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3c485b6-9b8a-4569-ba1a-8b9d6dda76b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "pattern": "[file:hashes.MD5 = 'e47de8e10070b792e2157589187a8c6f' AND file:hashes.SHA1 = '6db05bb248acf02c72e9f3e79948dbf4e93e27c1' AND file:hashes.SHA256 = '5b706dbca4b0975be310481c0a238641873bab44cd73de01d09ae00cd0061287']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--69b65471-2062-4ad8-8af4-58686651264c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:24:27", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "cbc503a6-b503-4e79-b093-e6840dfc3ec8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b706dbca4b0975be310481c0a238641873bab44cd73de01d09ae00cd0061287/analysis/1574612667/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b70bef5-65b9-4cc0-aae5-f33427f54b9a" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4215f01d-3924-4007-a342-9fa587b553e1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef8cca41-43ea-487a-a1ec-12b5fefd4e8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "pattern": "[file:hashes.MD5 = 'bf5b2c87a10160ed1f793bd45ea4b930' AND file:hashes.SHA1 = '8807b5c53f4c466874662c207515fefaaf3d6e7c' AND file:hashes.SHA256 = '424708e82897b74f3b31cc8408949e969353177be0fa88ddfc387f050971068b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--039b1866-5082-48d1-ac4f-8458c388d040", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T09:10:53", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "6a87cd4c-5c80-4b8e-bb3f-3231a59059c3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/424708e82897b74f3b31cc8408949e969353177be0fa88ddfc387f050971068b/analysis/1573722653/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9f02e652-bc53-4150-965f-94b521750e37" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9ee9be73-2120-48f2-8d4a-c24a9805a4bd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--226fe583-a514-41be-bd33-7866c1179721", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:27.000Z", "modified": "2019-12-11T09:17:27.000Z", "pattern": "[file:hashes.MD5 = '9c681568ebdc3f38c16a7d3cce428886' AND file:hashes.SHA1 = 'c3664bc584061b7d85b9b77961a5285698d7c350' AND file:hashes.SHA256 = 'ffcb32513e35a6404482528b90b4eaab4bb4e3b4d2bffde5be51fe1fac0eb152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0ffab07c-a846-47b1-aa43-521be8c2a596", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:28.000Z", "modified": "2019-12-11T09:17:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:27:42", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a2f4bb05-c1bf-4d87-8ca7-681707f8e8e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ffcb32513e35a6404482528b90b4eaab4bb4e3b4d2bffde5be51fe1fac0eb152/analysis/1574332062/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "4c387a23-6fea-4aa0-b89b-90ffe16841da" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "78d15162-3f29-4786-b1a2-ee9a1d38fa93" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50dec8fe-3cd0-4f41-a870-20a9b6db6128", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:28.000Z", "modified": "2019-12-11T09:17:28.000Z", "pattern": "[file:hashes.MD5 = 'ff9d91a5501bf54c51567d38ad1226c3' AND file:hashes.SHA1 = '450279b8b58911337be66d631daf8dbf221391b4' AND file:hashes.SHA256 = '6a1fcfdd092049a7fd75b42fb7e8e3f256806098ce884c06ca683d145a875fc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3c4872eb-8452-4a07-b687-9c0f6e7a095c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:28.000Z", "modified": "2019-12-11T09:17:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-28T10:26:56", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "56b868d6-bd8f-4ab4-86dc-37bed42878ce" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6a1fcfdd092049a7fd75b42fb7e8e3f256806098ce884c06ca683d145a875fc5/analysis/1574936816/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d8aab43-dd8b-413b-9038-330649c24f1e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "88d98fbf-afea-4724-a3b7-924a73cc5899" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c47ca59f-8107-44e0-bede-9da7ed3e3ddd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:28.000Z", "modified": "2019-12-11T09:17:28.000Z", "pattern": "[file:hashes.MD5 = '0936ff4ec153b2c8d01db48fa2078391' AND file:hashes.SHA1 = '51cf005b9976da113b5617d0beed9329ff85f45a' AND file:hashes.SHA256 = '9f0ab599f89caa081c5f65e1666092da42759d27a6e272508ee2d3b416659e7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--06b80fbd-8d89-4ff3-a9c4-97c0f4799814", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:28.000Z", "modified": "2019-12-11T09:17:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-13T11:23:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "41889e7a-67a1-43aa-8f18-bcdf27416f20" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9f0ab599f89caa081c5f65e1666092da42759d27a6e272508ee2d3b416659e7b/analysis/1573644232/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "ce0183f2-50b1-4fe7-bd44-213704e4f586" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e5d708d0-2d47-4060-bdc7-c9bc26befbc6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--793a3327-6441-4b54-a2d6-60235d929428", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:28.000Z", "modified": "2019-12-11T09:17:28.000Z", "pattern": "[file:hashes.MD5 = '78af5eab9d316c71f4e08f56e6bac7e5' AND file:hashes.SHA1 = 'afa41963a34fbb7f37c296b4f6f07375e02d62a5' AND file:hashes.SHA256 = 'd49247bd53a156dd0c9f89240ae41dcda9b393ed204f5656735cd2079dd2653f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8485114a-e92b-40bc-a589-7c4820cce159", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:29.000Z", "modified": "2019-12-11T09:17:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-07T22:00:52", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "17f0d662-bfd9-41b5-8b83-7ce900251bb7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d49247bd53a156dd0c9f89240ae41dcda9b393ed204f5656735cd2079dd2653f/analysis/1573164052/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "451a3e0d-5af7-4008-8b07-fc5713dc7018" }, { "type": "text", "object_relation": "detection-ratio", "value": "8/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "28ebd0cf-203e-46ed-b925-eafd7f57cdb6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5807ca57-bc74-4766-ba66-c3799022d537", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:29.000Z", "modified": "2019-12-11T09:17:29.000Z", "pattern": "[file:hashes.MD5 = 'b911896f9c216e4fa9dee35132f23316' AND file:hashes.SHA1 = '8202177f28fce9dd1bc9a966b26181863b1f777e' AND file:hashes.SHA256 = '4926cd1eda6ef5314a1eaa49d2a9ddaf9ea1894cb97bc29a57ad28bff70c4b07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5103ca8a-800c-49b0-9213-441f504a0ef9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:29.000Z", "modified": "2019-12-11T09:17:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T14:15:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "36305cb4-7dbf-499d-a507-dd54ea9d13ae" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4926cd1eda6ef5314a1eaa49d2a9ddaf9ea1894cb97bc29a57ad28bff70c4b07/analysis/1573395346/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "f27137ee-fc31-4da5-9e15-e39572ae358d" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7b4b6afd-3faa-47d0-83a5-068b2e9961dc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4eaa3b4f-092f-47d3-82c1-737f44a09d84", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:29.000Z", "modified": "2019-12-11T09:17:29.000Z", "pattern": "[file:hashes.MD5 = 'eb0cab67609c1fe01c3d5286f241ec12' AND file:hashes.SHA1 = '900ba9c45ed24585fd7e05736daca114146f9cc7' AND file:hashes.SHA256 = '34c389cd507f99a380deb6ccabe2c6cead6f25e5fe78e710acdf8707a60a57ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fef1241e-6180-442e-a04f-37882c440f94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:30.000Z", "modified": "2019-12-11T09:17:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-21T10:20:46", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b16c58e8-3672-4636-839a-49d83dcabc42" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/34c389cd507f99a380deb6ccabe2c6cead6f25e5fe78e710acdf8707a60a57ec/analysis/1574331646/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a80f6b64-ed29-435a-9ef9-77d47af7d7c7" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "2d3c5a86-3f28-44c0-9f84-641fe84dbc98" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f19f7fe6-911c-4772-b318-3fc134181a04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:30.000Z", "modified": "2019-12-11T09:17:30.000Z", "pattern": "[file:hashes.MD5 = '4cc268755f774668b17cfed152bbf98a' AND file:hashes.SHA1 = '376d412b8c522d69eba82fa538634665699b2e16' AND file:hashes.SHA256 = 'edea204fcd030a0b00c8951b1fa6dd0397129067f893b2da490f32d4e8a7f2dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4381004-4cb5-4eb5-ace2-c1e4a08fbfb7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:30.000Z", "modified": "2019-12-11T09:17:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-17T09:13:03", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "34604817-62ae-4bee-bafb-91cc678f841d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/edea204fcd030a0b00c8951b1fa6dd0397129067f893b2da490f32d4e8a7f2dc/analysis/1573981983/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "450cbfc6-6834-4449-a6c8-1276754c49a9" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "7110b34b-71ca-41b0-ac99-ceece7adddc9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01b59dd8-4bc6-4e51-9e74-355e39d0a682", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:30.000Z", "modified": "2019-12-11T09:17:30.000Z", "pattern": "[file:hashes.MD5 = '89beba9fd1efe0b1fe641780c6e34e1b' AND file:hashes.SHA1 = 'e8e27525ffe6325ea439e5c357cc1eee608581fe' AND file:hashes.SHA256 = '3f819b905a4cec128b33469fe4b8eda61f969ec58247955a0b98b021e9a16a48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4cef2bfa-e8af-4f8c-beea-1e92db05b867", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:30.000Z", "modified": "2019-12-11T09:17:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-24T16:24:58", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "9a9d1254-9c03-46f5-8227-ffc3a8617696" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3f819b905a4cec128b33469fe4b8eda61f969ec58247955a0b98b021e9a16a48/analysis/1574612698/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "02678b21-1ebe-4af7-8a5a-4d695a45edca" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74564750-1d36-4615-b118-6d54cfa26a15" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbf658d0-da2b-4e98-92c8-4fe1014d7849", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:32.000Z", "modified": "2019-12-11T09:17:32.000Z", "pattern": "[file:hashes.MD5 = '9ab9f375f7f6bf363ab94ff7c6703af6' AND file:hashes.SHA1 = 'b8faf1c738e02d23f022106e96c96c571673c259' AND file:hashes.SHA256 = 'a0970b9addb86c5dca18c5b4e155b93b6f5a5d45106568014de8310367433d78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1d589c18-3ec3-4138-8e6e-ca6f296f1847", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:32.000Z", "modified": "2019-12-11T09:17:32.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T05:42:40", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "05343474-c038-42da-8ab0-1f36335c4380" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a0970b9addb86c5dca18c5b4e155b93b6f5a5d45106568014de8310367433d78/analysis/1573537360/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e829eff1-e21b-4580-804e-bb38db71b92a" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/72", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a615581f-9bfa-46b4-8186-ae1543b0c4e6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13b44bea-1d81-49ef-8063-f34bffa7bc4e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:32.000Z", "modified": "2019-12-11T09:17:32.000Z", "pattern": "[file:hashes.MD5 = '304c392be941887a569787af0baf1cea' AND file:hashes.SHA1 = 'b8a016a513824f0b66dc15f3f885bdaa89c6890c' AND file:hashes.SHA256 = 'bf41c236fc909089e5b4220ed35d7b2c379ba862aa469219ea0c03ed7fe02de2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3af0974d-d8d7-458f-9b9a-4db4aa839f43", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:33.000Z", "modified": "2019-12-11T09:17:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-30T23:39:17", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "b6adb7db-2081-43db-a228-ab3a324381cd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bf41c236fc909089e5b4220ed35d7b2c379ba862aa469219ea0c03ed7fe02de2/analysis/1575157157/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "06bb6adf-f2d6-494e-aa9e-9c7fbc3520b6" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "79f93585-71ff-4a76-8c29-c0d335dc4212" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a53820f-5888-4777-9aee-8b8e0b61bed5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:33.000Z", "modified": "2019-12-11T09:17:33.000Z", "pattern": "[file:hashes.MD5 = 'c4fcf9946d218138f3ceaafe35d33c39' AND file:hashes.SHA1 = 'd94a09ee6e670661a3132bbe8de3591ea0d386bf' AND file:hashes.SHA256 = '017ac2aed0f08d650d722308b79fb8f831b9be6f43c4368b7394b44ffd4f6f09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ada1ab8f-647a-4bd0-9b40-355d456990cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:33.000Z", "modified": "2019-12-11T09:17:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-16T09:08:12", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "403e2254-1e09-4162-8ab9-727f14296e6a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/017ac2aed0f08d650d722308b79fb8f831b9be6f43c4368b7394b44ffd4f6f09/analysis/1573895292/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "753bcf73-24cc-4453-9a1d-d811953341ff" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/69", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "74ab259b-667e-438d-b936-e5d5c2583073" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1429c623-c7c9-494c-9515-6f69b26cc3af", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:33.000Z", "modified": "2019-12-11T09:17:33.000Z", "pattern": "[file:hashes.MD5 = '1e98d379d8edcb7b6d4d1480c0dfff10' AND file:hashes.SHA1 = '623e6ff4c4d2589820a58bae1d8cef6fd799be58' AND file:hashes.SHA256 = '09e6f6ef125c7ce41a07b72f6bb16ca3036de4c309d864f2fe1d5eebd4a01b4d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b4d4de39-ecb9-429c-9ef6-a9db4f14947d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:33.000Z", "modified": "2019-12-11T09:17:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-10T01:00:23", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "a7a9a55e-aeb9-4836-b374-3cc53621fc1b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/09e6f6ef125c7ce41a07b72f6bb16ca3036de4c309d864f2fe1d5eebd4a01b4d/analysis/1573347623/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "e280ee71-8b00-493a-accc-48767d05d4b0" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "d27d950a-58c2-43f7-a080-11369a2041b4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--45a7c66b-623c-4608-856c-f81e805d30f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:33.000Z", "modified": "2019-12-11T09:17:33.000Z", "pattern": "[file:hashes.MD5 = '1885973f3de1dafaad7cf7cae39e9eec' AND file:hashes.SHA1 = 'cf411e50189eb2b57eb584ae7b56341b187bc363' AND file:hashes.SHA256 = '80048f4537854c73c3a77a4a746e436e60c75956a3823e979658c6dad919e47f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-11T09:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f1af9694-19f6-448e-99a8-4bbcbc9627b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-06T21:10:41", "category": "Other", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "5edaf176-f98b-4ddf-984f-4e7356faccc9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/80048f4537854c73c3a77a4a746e436e60c75956a3823e979658c6dad919e47f/analysis/1573074641/", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "523910d5-06e1-4e38-8237-94247508cd30" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/70", "category": "Payload delivery", "comment": "from https://raw.githubusercontent.com/pan-unit42/iocs/master/Trickbot/trickbot_cashcore_hashes.txt", "uuid": "0e22f409-a4f9-463c-82cf-3206c66d4812" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8524226f-c818-4d6b-9fa5-2347f4378bd3", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--53843aec-5e04-4543-94b0-bb3fa5395712", "target_ref": "x-misp-object--b406bf9c-4d7b-47b6-a576-ebdbb551bafc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4983605c-e26e-49f0-a290-544e254a0d08", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--45873b32-efb8-4b5f-8a53-212212b36a39", "target_ref": "x-misp-object--c3b3b92e-5eb7-4d9f-8337-11db8eb78ea8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd2fbc11-323c-4281-9cdb-a717804298f1", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6af81f2d-c191-482e-bdf9-3a203e914d02", "target_ref": "x-misp-object--e67a5294-4b42-4ae7-9990-7a8a00e63c15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f4d38b30-004e-4ee6-8e1f-8a2e925e536d", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e3f8e0b1-5829-46ac-9a3b-b18e4bbab0c2", "target_ref": "x-misp-object--085b8738-a4b2-48d6-932f-9d31960d6f2e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6acc04cf-39d4-4f14-8785-e2569a34a5ec", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5f42c00b-7637-4194-ac20-42251320a11f", "target_ref": "x-misp-object--70aee2bb-57f7-4a3a-adfa-e0f9c7161010" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01c0cd1f-2f1c-48b7-905f-125f4df182f2", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--57218619-38a5-49ec-866b-28d99faec70f", "target_ref": "x-misp-object--464709b0-9fd5-4f9b-a968-04d1f3e133e5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cad69ce8-5d3d-4c11-af4b-8d62494307ab", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--50f17323-e87a-471c-8d6e-de6e49ec3832", "target_ref": "x-misp-object--0bd39994-6fa8-42ab-8327-3ac615d55235" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78acc9a5-1266-4f97-8d44-588aa520116c", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ad04c4b6-3c89-40e1-8311-010c91a8dafb", "target_ref": "x-misp-object--760bc727-d819-47ad-a487-f06db213eec0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e455bb35-7bc0-4d74-b562-432ad66dc98f", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5286af70-d331-4220-989d-b7ad41f09013", "target_ref": "x-misp-object--93bac262-1ef6-43de-99a7-a78933bb4cde" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2eb86ffa-63fa-4ae3-850c-fbaade06d20a", "created": "2019-12-11T09:17:34.000Z", "modified": "2019-12-11T09:17:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--027e0da7-33d3-4dd0-8368-8f321e6b1172", "target_ref": "x-misp-object--067e4870-d444-4651-b5df-a2b914aa08d4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--faff92d9-d4b4-42dd-aea5-31d78086ca9d", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--155337eb-25c5-4eac-b29f-97bac3db5c2b", "target_ref": "x-misp-object--cc9f22a2-f853-4d5f-947c-d4942c4eff15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e4269d0-3998-408b-bbba-a6aca37fc87d", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c874f5bb-748d-4b33-961f-21eb9c2d12fb", "target_ref": "x-misp-object--315bbda1-95cb-4da9-9452-f9cc93338e8e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f561c24-01d3-43d7-ad32-40f71b971e9e", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--01a37991-491c-4dac-ac7f-f843b2467e3a", "target_ref": "x-misp-object--163a4d7b-ba77-4981-980e-8223237f08b4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d7d6a9f-9698-4809-b60c-20ce470bdf88", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--70891908-cfa1-41b1-b79e-44d3aa835e33", "target_ref": "x-misp-object--49c2af30-879b-40e0-bb29-8c7c4f36a98a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--afb63504-0e4e-4956-81ed-9ac82998b0ed", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1ff7bd52-ba3a-4e0d-98d8-1d1fad5c169c", "target_ref": "x-misp-object--8e6ae9bb-6a42-45ac-8a6c-463adb7b41ca" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ee8bdf5-e461-4b3d-8f81-983a612030d8", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--02ca4e6e-8ca4-4d3e-a582-9f0c30fcacba", "target_ref": "x-misp-object--8e2cbb96-0ef2-4953-a62e-2b6348c450f7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9f84a58-3c6b-4b67-9447-d9bb88759ae6", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6492648f-3b49-431a-b533-f9672d741ebf", "target_ref": "x-misp-object--ea818a51-b19b-48eb-b3ef-3e7471105ffe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--911f08d4-a530-48b3-a393-661efa214bc7", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c656aef6-991d-45da-821d-0e7a06b83a6f", "target_ref": "x-misp-object--061414cf-10d9-4cc7-a728-49ae97e09078" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73b2bc84-c929-42c0-af0b-b757073219d2", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c8200800-2b59-457b-9fcc-51aa49b1140f", "target_ref": "x-misp-object--8f90af4f-a996-4a90-b933-4f22270b2ee9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4299f1ba-7da7-464a-b99a-babb7f349243", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d48c1dad-ab04-4faa-8840-925beae7eabd", "target_ref": "x-misp-object--242c1ceb-f1ec-419a-8003-5c4d20c7a000" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d5afdb7-e6c6-4106-9f12-5d8742459d5e", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--89372313-0fe3-43a5-8330-72763405d433", "target_ref": "x-misp-object--56af0e8a-886b-4f36-9fad-f8ea6169b387" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b99a23b1-20d3-48e2-9d38-3dd634885143", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2d361394-c14b-40be-b1a4-1dce3e6fc98a", "target_ref": "x-misp-object--ceeffab8-c4fd-4b76-a34a-6c1cb8f713dc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b22b578-724d-4d34-a438-383e3e05ea1a", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d462d433-a3a5-4699-bb8d-843a484d999a", "target_ref": "x-misp-object--38ac9306-a074-4133-bb49-8d893dec7e1d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc26c85d-bdac-4c29-93d4-1fd9d3aad42b", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f3fb18a-fb74-4e6b-ad53-544f17fd557c", "target_ref": "x-misp-object--9e2f72ad-7487-4fb2-86fa-3e9e22d31800" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ec9ff8c-f16b-41ff-a8d6-cb0e10db118b", "created": "2019-12-11T09:17:35.000Z", "modified": "2019-12-11T09:17:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d8262582-33c8-4944-93fa-479041980c74", "target_ref": "x-misp-object--ce967ff0-32cf-48aa-9880-d6e42b44c466" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1b07caa-b103-4ec5-a289-4be189273264", "created": "2019-12-11T09:17:36.000Z", "modified": "2019-12-11T09:17:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--28d13118-1a57-4449-be04-397881739a86", "target_ref": "x-misp-object--c037b8c4-36c0-468d-8a99-21a5b6619a15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96440039-de88-4964-9116-b3d62b0a1e78", "created": "2019-12-11T09:17:37.000Z", "modified": "2019-12-11T09:17:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c8f76e09-c13b-4ea3-86f0-2335a83af33e", "target_ref": "x-misp-object--ced1cdcc-ab25-4e5a-bfc3-18e04ed4e89a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf19c146-8fab-482b-aaa0-1f4c56a6d33a", "created": "2019-12-11T09:17:37.000Z", "modified": "2019-12-11T09:17:37.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cc2a2628-8010-4d98-bad0-f6925aca44c8", "target_ref": "x-misp-object--d719e1e7-4515-470d-a2ce-ab8acad3e7c4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f018a761-4c35-46d6-ad8c-1913c06549b7", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1dbb3a84-2b1a-4a57-9b17-8f0b7ca1c525", "target_ref": "x-misp-object--341993c1-a49f-475a-ab50-aa56dc25d7df" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62a84ab7-1893-4ea7-bec3-a6e78edd3b1b", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ef192623-cc91-4453-885c-8ed4cfc7baa7", "target_ref": "x-misp-object--258e9e08-24e6-4022-8dff-046060944c15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49b6d502-2235-4eea-ab3f-19c147ab76ae", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--41478f83-05cf-49ec-a1c8-1cacbbc09e33", "target_ref": "x-misp-object--608a6e2a-f326-4619-b78f-aeb942b24638" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07ccdd04-7f81-4c8f-863b-b08387f88492", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ed93e93f-413b-43b4-96a6-7abbf8040d75", "target_ref": "x-misp-object--1b36bb45-fff1-497d-90b6-44c336c6348e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bca68e99-3f10-4493-8137-b95c947ecf50", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fcf29ec0-d5b2-474f-9b47-a009302fffd7", "target_ref": "x-misp-object--9acdff64-6582-442b-b72e-400c5de70d40" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d3801fc-aad3-41b1-96d6-c3ba6dc05099", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6aeb3879-bc39-4994-bc04-600eb8dd6fe3", "target_ref": "x-misp-object--9ca20ea2-6e65-445b-9676-3f62af9b5df3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e260ccc7-6ac0-4785-8a4e-df8e7b7ef9c4", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9e18c6e2-bebf-4581-a657-dcb4782bcd69", "target_ref": "x-misp-object--2eeba3bb-9a78-4ebd-bf31-387ae7ec7c35" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad53c28d-a2d4-4f09-a493-4d5a1929b703", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ae856592-4152-4ad8-8d72-3af1f275d7b9", "target_ref": "x-misp-object--13f496f0-29b7-4a37-896f-1ce2ec1e7286" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b737fa3a-5cfd-4c67-8a96-151acc370976", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--680d2e52-6fb4-456a-b196-07825f047910", "target_ref": "x-misp-object--0cee6148-5413-41c1-809e-5906a5637c40" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9de28e7d-0d4d-431a-b501-176585fb695a", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3b29f7eb-dbaa-416c-a4df-cff9599465f5", "target_ref": "x-misp-object--f33804ac-e880-46d4-8e34-0f25bddc3a72" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c0ed56b-9b80-46f8-a372-626caa3af3b4", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f007ef4b-7c49-463b-8140-0e7833584ee0", "target_ref": "x-misp-object--2969123a-0982-4b37-b0ce-d619dab67a7d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b05693b6-e947-4b73-8e0a-7b0f48413f72", "created": "2019-12-11T09:17:38.000Z", "modified": "2019-12-11T09:17:38.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--733a51f4-bfaf-445e-b9d1-6f2aeb3e9e13", "target_ref": "x-misp-object--a2d4eae7-25dd-48d5-a73c-17b0e3be9fd5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d16dd80-c906-4cbc-94fa-e8aec5a44195", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dc339a82-4290-4b72-825b-86c8e2ad63cd", "target_ref": "x-misp-object--566796ba-2887-481f-883e-5b87f2c294f0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8283a87d-e332-4606-bbb3-e6a952b6c951", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--94d47416-8a94-46a9-b15b-072940dad7d0", "target_ref": "x-misp-object--6694a7e6-ac32-4aa8-b716-1e85b713d64e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--58f15b02-9483-46a0-ac3a-9c5d26b87e90", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ed520552-6513-4917-95ca-c0d15f0d74cf", "target_ref": "x-misp-object--1f2f93a1-eb02-4b87-a2d0-c8caeca58406" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--94dd1fa9-e4da-4693-8c5e-545cac87fe2d", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5ad6514f-d7af-47f6-87b0-372df8ea3b16", "target_ref": "x-misp-object--2bba21b9-106d-4208-a5d6-0bb9ac801ca1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--267943e8-ead2-4161-898f-ee09e309b999", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c1d78a4c-9ab4-42df-93d0-24cc1963f3e8", "target_ref": "x-misp-object--9f576870-69ac-47d0-be4f-e77b9436dc99" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4eacc473-c1c5-4320-848d-325a86c77cdb", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3d5d7a8c-c996-4571-b8f9-f03d18a95bd9", "target_ref": "x-misp-object--0e5a61b8-b5b2-4a86-8ed3-eebb7e258896" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b925c91-15e5-481a-8a0d-21fce7b470d6", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eb13fb99-e9ea-45e5-992e-595fa5379eb7", "target_ref": "x-misp-object--827ce421-4c33-4102-a38c-9a82d7ad034c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--527024f6-eed7-45de-b376-1c7604836a06", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--39a79b60-8c0c-4d11-bca2-38537491f6b6", "target_ref": "x-misp-object--af12b4c0-e8d4-488d-876f-2d49989eca09" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--139dfe65-8fa3-485a-bb32-836d00ee4583", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--096eb58c-0bbb-4b98-8f29-f478d1aaae37", "target_ref": "x-misp-object--fccc7090-fbf3-4298-a67d-83a1c81e2dfd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f8850e8-46ef-4a31-88d7-d411451236ce", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--91d86c14-5d8d-49d8-85a6-62eb1f6660ac", "target_ref": "x-misp-object--28d1f5cd-035b-41ab-8939-160f3e815c0f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--369b9b62-a9ce-47d7-8cca-41f45b5d9169", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--75f113a1-ef9f-4310-bb5b-989dee8f489c", "target_ref": "x-misp-object--1b05cb70-d19a-4aad-aac6-551661f56eb2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b852df8-14dd-4dd4-afd1-8bf1d54ca6c5", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fc8fd229-2908-4983-a730-d85c9e352575", "target_ref": "x-misp-object--dad20706-fc2f-4dd4-8d9c-f5796f819c6e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a37cfc4-062c-41f3-907f-865379bb9247", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b8383e3-acd4-4fcb-845b-5cb36e10a7b3", "target_ref": "x-misp-object--a1937f9b-ec9e-409a-bef0-adfea851fdee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--881b81d1-6249-4293-ad0f-79d1116f8aea", "created": "2019-12-11T09:17:39.000Z", "modified": "2019-12-11T09:17:39.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0eb9d16a-03f0-44e8-843c-b8df2c4c083b", "target_ref": "x-misp-object--9e66898e-3b53-4951-a5de-b420a21476ff" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4489edfc-5f80-4cde-b985-f673c95332d5", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--58bef497-df6f-43a2-a37c-3739ec6982a1", "target_ref": "x-misp-object--9fd11823-de41-477c-a350-c3e601be0c4b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b15043b9-01a6-467c-8c92-cfd3008757b4", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--454ad45c-85a9-460c-a56b-9ddb03bad44d", "target_ref": "x-misp-object--f2bc0b22-e168-4e10-8055-c642cdbad347" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--568dc793-59dd-40e5-859f-16b76da04182", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bb3ec885-0bcb-47f2-aacc-6cc62f5df396", "target_ref": "x-misp-object--7b9da427-bab9-46cc-b53b-cb15e0e7670e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ca4fda7f-4ebd-4387-b9cb-6db633b89b90", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d70047d-25af-4bab-893c-1819ce2ee2b9", "target_ref": "x-misp-object--728bb84e-4c46-4cbb-b5b9-d61e905d206d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f68960a7-33cf-4faa-9a5c-b642d2c290b0", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d2f19e2c-8d0c-4282-8dd4-8717b98dab76", "target_ref": "x-misp-object--583eed35-20a2-4f3a-9c33-e2c329a021b6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c886445-da0d-4ac3-aecd-dadd3c760a36", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--18f0a394-59e8-44f7-bef4-e629c8e2d48c", "target_ref": "x-misp-object--5f4bcd14-cb63-4b73-9f04-0cd48d621451" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f8b24609-ab92-4a9b-929e-14e5faf6cbaf", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--844f9804-c3f3-4cd2-95a7-cd42db3561a4", "target_ref": "x-misp-object--11e37e76-d0b7-4f98-a663-7e1deaad4dde" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ceddfa6-80db-4424-ae96-d3baeaf20a2e", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--505c4912-ec7c-4bd3-800b-f96b928d60a3", "target_ref": "x-misp-object--37a3479c-7016-4207-a0b5-e1871d62918e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cdde5ec8-2384-4d71-9353-e179b4906d18", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--19df27ac-fb3a-4564-a333-92b694f65766", "target_ref": "x-misp-object--f42a3419-4657-42b3-b6e5-e947e0c25827" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e0528c19-98cb-40e6-bc85-981d6eef8de3", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ba3c7e43-259b-4b53-86bb-637a52cc5504", "target_ref": "x-misp-object--6a6d30d5-8af3-4c31-9b47-26cc1384e2a0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8ce9ddac-eaed-4018-9798-f207500e372c", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--801dda52-f305-4225-81ae-63a537e2d416", "target_ref": "x-misp-object--ceda2ab2-2d4e-4f23-ad1a-88370c893d41" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82c6187f-07d5-4ca5-b1ce-6d2173820d21", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--738b07c1-e0e9-44e9-9fcc-7724e09a8534", "target_ref": "x-misp-object--0053d5cb-a02d-43a3-ba7f-5e5f5a645c5f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fafbd7d7-9de4-43cc-be75-bfe028cebc6e", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c78d4ad-76b5-410f-b769-8ac2de68cc29", "target_ref": "x-misp-object--fe7b8b9b-6817-4f6a-8161-df3ec4b0a993" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fdc2cffd-25e6-47c1-91dc-e8f674df8b58", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4a07ccfc-b2f0-4a9e-8fe3-f56da0287be3", "target_ref": "x-misp-object--aa2fa223-8f0c-4b45-91fc-a10098460bdd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a103373-1a6d-42c9-9fb3-7554d39588a5", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--30ad66a5-06a2-4526-984f-dc929f8e78e8", "target_ref": "x-misp-object--18ffb939-9527-4c34-95f4-6863b04bbaf4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c21a97b-fe17-482b-a2d3-908d9ccbdab4", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68ddc97e-64a7-4d39-8f72-ecb926dc6263", "target_ref": "x-misp-object--8cc13a6a-0de2-4a47-8a0d-0884a02779ad" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6bb95631-4257-4c3a-87e2-083e4de3b228", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--31e0b85f-066e-4c0c-bba6-5c67b4ef5cb9", "target_ref": "x-misp-object--a8e16593-8a35-4cbe-9a7d-27a011ab0aaf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--282d4fc1-a8bb-41b8-9999-d4f41dd192a1", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--88c85dbb-b9e8-4798-aa8c-afd1bb83ee3a", "target_ref": "x-misp-object--dc6d7328-3b68-4028-8355-b1e4af009420" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--631150ac-92e6-4721-8cae-1501f1d79b55", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4ddfa380-3b6c-40d6-b390-266f76f1ebac", "target_ref": "x-misp-object--871c3fde-844e-44b7-a6d6-5e987c48076c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fef75b8f-7df6-4a48-a5ec-5a84bfa9b17a", "created": "2019-12-11T09:17:40.000Z", "modified": "2019-12-11T09:17:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--04e865d4-f9ab-4eb3-bb87-ec890c68e194", "target_ref": "x-misp-object--483975a4-7d98-4a54-95a2-8cca2a3e727e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25596eeb-17fd-4eb7-afd6-e0748986b0f8", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a7033e3d-da01-4bbb-9f21-4c5a7d34da3c", "target_ref": "x-misp-object--18688fc5-95c7-40d9-b6bb-f6ac2ffad357" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--549c5d39-de7d-46ba-8d39-51a72cc1765b", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--02663258-e7f5-4809-98ab-835c3dff4272", "target_ref": "x-misp-object--8f2a5a0a-2756-4cd4-bc4f-22a7245eac25" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--48f33ee4-d3b7-4d7f-be48-9bee7f89e288", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a2e8a416-c2cb-4015-968c-0984172383f5", "target_ref": "x-misp-object--cfcdd3dd-5638-43f1-aee0-3bc1577d74d5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--825f8054-8dd9-4bfd-a62d-a21dfc48ec6f", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9604190-10c4-41ee-b981-2871bf53e73a", "target_ref": "x-misp-object--9e983312-376f-4ab8-9881-e110e5c4fa30" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--41871b2e-25b6-4c19-959d-8e1f6d8fcace", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9eeda890-927c-464e-b272-333ccb1d3058", "target_ref": "x-misp-object--6e50a755-b8dd-414c-b623-07ff6a2ac065" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ea2a8e8-ceb5-4295-9d75-7415aa8fa912", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b984b421-3546-43ec-8344-db330fd09d51", "target_ref": "x-misp-object--79699cf2-b8f5-47d8-befa-6b82e9355fe7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--71ce98f0-7344-4a83-909a-32f06555745e", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1fdac306-8c84-465b-8b79-04b0d475093a", "target_ref": "x-misp-object--ffdb3b2a-3c94-486f-a65c-987a2be986ee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aebbe93c-6da5-43e8-bf3c-338cdc2eadb6", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e2312244-516e-468a-8cdf-97d0ada59a51", "target_ref": "x-misp-object--a639c694-9dd7-434a-bf7a-f51ad0e469d9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8d54591-290d-4be2-a27d-9192687cb29d", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e47e2828-2a48-4ee3-b3bc-de782c7ef605", "target_ref": "x-misp-object--c768ca64-4061-4565-8b5d-f720aa735f96" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae06246f-9d26-407e-91cb-0a8a045c9d7f", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d137df9-f16c-44a3-82d8-f2f77bc2fe37", "target_ref": "x-misp-object--4cef0992-a69b-4bc0-8e3a-608234f1d26e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54fc8793-c595-48a4-ab8a-9065000f69bc", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b2f0df78-42f7-440f-8a3e-d0578ff2c69c", "target_ref": "x-misp-object--9e0d7701-e758-4b09-a953-2ea4a67743a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aadfd850-f59c-4cdb-8d7e-8b2af57d6bde", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8cd6651b-a7bc-4da8-aa76-4698e77aaac1", "target_ref": "x-misp-object--14d365b0-f7a8-4e2e-a026-e564567fb451" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7c6d64d7-2d4d-4dbe-a774-6cad374d854c", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--52b2c640-0b6c-411f-8a0d-b194db9d6378", "target_ref": "x-misp-object--2e9e748d-071a-46ba-b209-0fcf55b57f0f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e8f2a5a2-c692-411d-ae82-185c1aadb5e5", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7df70663-58fe-4509-b0dc-d5d6315c08ff", "target_ref": "x-misp-object--95da7e68-522b-4946-a596-37288c33b6c6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c0be9d0-9716-458d-99da-06eef4dd9505", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d6289f73-5f31-4dc4-86dc-fc9c8a4e4d2f", "target_ref": "x-misp-object--747ff1d3-f9a9-4d54-8653-269224f4abe0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b7d9b6da-3937-408d-8143-15e82d76ae6b", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--73b0dd1f-f6ee-4dc0-b174-30a1d7645102", "target_ref": "x-misp-object--88f5e0ca-db40-49c6-ab76-631672d838e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7828fac-e730-433b-96b4-4622c128d149", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--834968d5-1a82-47c6-b38d-1d07cc666f1a", "target_ref": "x-misp-object--ad9a99cc-55a2-4be5-aa2f-57485a1c382c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d24702df-edbf-42cc-915a-da60913ea194", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--af18f7b6-3eaa-4a20-8b94-16ff1fea68c6", "target_ref": "x-misp-object--855313e6-0a4d-48c3-8c9a-651443069d81" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--115f4090-256d-411c-a311-b00f7c0b1aef", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f621cf4e-e2fe-4191-baa7-bd7976d7e961", "target_ref": "x-misp-object--6cce9811-cfdf-4980-9ebd-ac168212f216" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7d94a71e-d850-4a9e-89f5-a0a7ab42c14d", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6ef008fa-8022-452b-bbd4-5e069fb5d1ef", "target_ref": "x-misp-object--d4162df1-da6f-4448-b4b5-d6c6b8bf313b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60a65eee-1c47-46df-ad0c-d6aae303b443", "created": "2019-12-11T09:17:41.000Z", "modified": "2019-12-11T09:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--debf20d3-7b2e-4364-80bc-ce7d116f0901", "target_ref": "x-misp-object--ac2df624-1ecb-4b0c-ba28-8948b4203c6b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--177d6aa8-5af0-42f9-af77-523e56bb7da6", "created": "2019-12-11T09:17:42.000Z", "modified": "2019-12-11T09:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d2b033b-9412-4234-ba79-ecc2b81ee7c8", "target_ref": "x-misp-object--32b4bfb7-fa21-471f-ab73-c2107993457e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b44537f8-2860-42da-8eec-e5808840f179", "created": "2019-12-11T09:17:42.000Z", "modified": "2019-12-11T09:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--19cc2434-e10e-41ab-8507-f4fdafb4d98f", "target_ref": "x-misp-object--ba0df8a7-c288-43c1-9721-e9471d8d902b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3df0abfa-9a08-4e4c-91da-bbde6a69bafc", "created": "2019-12-11T09:17:42.000Z", "modified": "2019-12-11T09:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--990911cd-1546-4834-8afe-22d4f992f8f2", "target_ref": "x-misp-object--f9578ad9-21bb-40bc-8fd9-a0c401d70399" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb92b0c8-5a51-4e5c-8c83-a02e7a4b2cc8", "created": "2019-12-11T09:17:42.000Z", "modified": "2019-12-11T09:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--61649bc8-85ea-4a00-a42a-ab2733d534ff", "target_ref": "x-misp-object--03f94760-3040-4661-97dc-901931fcdba8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31f90967-0d2d-4671-aed6-52b6b4b6f4da", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4f14f254-78de-4214-bc39-c0df5a560d29", "target_ref": "x-misp-object--93e1d54f-78bb-4456-9ad9-20a0684a8c5a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9d4ca6b-e10a-4a96-9d45-7cbed231ad13", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1cc552f1-b224-4112-a745-d38d157a1970", "target_ref": "x-misp-object--011facc9-5dcd-4acb-9b28-35f8abb33b32" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--018e01d0-29fd-4f8f-be8d-a0ead8d64d41", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6451bdc5-05f7-46ac-bb4a-2ebbe7779aa7", "target_ref": "x-misp-object--1c344cfb-d472-444d-8ac4-89d0a9fe796f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e300d24-23db-4381-97f7-6d2b45f5133c", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c830d89-4fd2-444c-b4e9-dee3d0c4c995", "target_ref": "x-misp-object--993b393f-8537-40ce-98a2-0b9c885656ea" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--19e5323f-5504-482b-8d56-1af42034364b", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b69acd0-5b57-43b4-bb0e-8533ec34f7eb", "target_ref": "x-misp-object--4a5a3841-ab89-40a4-bd73-520e5c71800f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13465fea-3187-49d5-a3ff-fb3d847d09d0", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--015ec164-a274-4459-a93d-7f10c3d98b92", "target_ref": "x-misp-object--8bc83cd6-5f03-42df-ba44-f321406ab01f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e15a560e-f139-4045-893b-07c9ce18cf07", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aa2a4eab-c640-495d-88e4-0c396fde1f7a", "target_ref": "x-misp-object--1423a5bf-6b87-40a1-ba85-90cb015c11bc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--17d31c07-efec-4353-8e3a-fbadb87d45ee", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ace7defc-9735-4613-b3fb-9e31125f1eda", "target_ref": "x-misp-object--577481d1-9d6f-4c45-aa66-1db3601b5411" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a34b812-70ca-4d7e-a2e9-0b967481f8fe", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--675f1102-34a2-470f-9f12-3fcb2530b2da", "target_ref": "x-misp-object--81363ce4-7dce-4ffd-bd43-7f1056a446fa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--37db2053-0e97-4a3a-b3e3-22130e951067", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6db377f7-be37-4153-be95-4aa62e6fcd17", "target_ref": "x-misp-object--e05a9b63-89b4-45cf-b76b-cbde69e1641c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--152dd14a-fe35-4528-a46d-7cf56418ed24", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a3b2ddaa-5eb1-4e4e-9679-718ef9d63591", "target_ref": "x-misp-object--b38f14f9-08fd-4d10-88a0-a050bbb3de6f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fec6344f-6023-4e3a-b9a6-20c660264b11", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--91cb5c59-36ac-407f-9255-7fbbd82f25a6", "target_ref": "x-misp-object--59db51e8-4f1a-449c-94fe-e24d0a282761" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecd58f58-68df-461a-9e96-1464846bb479", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c706bcc7-088f-4f88-a120-ffc65a6a06e6", "target_ref": "x-misp-object--c6d0459f-086d-497c-9855-c5447d1825d3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a8b0b98-4e36-402b-a7f7-dc695615c6af", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c7b7be9-c366-49d8-b8a9-754aa1b93f55", "target_ref": "x-misp-object--e287d0a2-e783-49d0-8410-7f42e413f841" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1d2784b8-4dbf-45d8-8e90-023d2b962864", "created": "2019-12-11T09:17:43.000Z", "modified": "2019-12-11T09:17:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3f6d211a-d796-40ed-bc41-c369ed217261", "target_ref": "x-misp-object--2aad3842-22c4-4221-b87d-12265d43a1b4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--052adc79-f041-4907-bd37-1429094f574e", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0ea2d283-1a5d-4367-8812-0fa934532135", "target_ref": "x-misp-object--e0e2a5a5-ef08-4488-8570-06d814722566" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a604f387-cd73-45dc-9ffd-23767455605e", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8da2265b-d8b2-4191-9bf2-c7267078f161", "target_ref": "x-misp-object--c3af7af2-ddde-4ee9-8d96-17be802ef8b2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de336815-8c98-47cf-a16d-e7566f0537c6", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0a5b77d6-e8ee-44e7-b9c6-4d6a1344883d", "target_ref": "x-misp-object--a5e5117c-32e1-431a-80af-f302be915453" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edb756a5-1671-4cce-98fb-84c5719221fb", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e8c1cd66-8313-44dd-baa4-e5d56c6cb036", "target_ref": "x-misp-object--369fc7e4-6cec-4030-81a2-6ddab8cad305" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03ef7214-143d-4474-874e-ddde009d4cbb", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c7bfd5e1-211d-4900-8e62-017d2241fa53", "target_ref": "x-misp-object--bf234a47-3939-440d-a2b0-977f4ddc4990" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4e04c30b-8249-48fe-b939-a5791a704f9f", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--47d1ccaf-3093-43cd-8a5f-abb12fef0733", "target_ref": "x-misp-object--dadd1af2-cc8a-4206-bbfd-4b710a5a569f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--caa27ba8-0f47-4d6c-8f71-3800bc59545c", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e636c9f8-0933-4361-8337-e8098023cb5e", "target_ref": "x-misp-object--16aaef18-7758-4ba3-9812-1ae52cdd54a3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--121ef90b-cb38-41bc-a6da-cf3517162d2c", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--155289df-5fee-414c-aae6-246a6d8d67af", "target_ref": "x-misp-object--2498acd6-03c0-4697-8313-4dc82677d7af" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72997182-3048-4a39-827d-2c9c148cfc41", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a453afe2-b3af-428c-8bc2-7556df970d28", "target_ref": "x-misp-object--40ee550c-f33f-416f-8062-f598e5df8cea" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cbfc17ad-2dcf-4cda-8818-c3adb9a603d5", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d92a99d2-502b-4f2f-97a0-c29bb9d7700c", "target_ref": "x-misp-object--ae563ce4-619c-4135-834f-765f58f1f407" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9814300-5336-448c-a02c-c8e8dce99b4e", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8aedd19c-eb4c-4633-9ca0-0aeddb3f9b25", "target_ref": "x-misp-object--120de50a-2248-4f0f-815c-514de8b09acb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f45ae27-6f98-4819-a265-afb81eb34665", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ba5ab5ce-0a33-4542-a2c6-acf788063952", "target_ref": "x-misp-object--3f175ab2-692a-475c-866b-75cdea27be4e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9172da67-f59e-47e7-a795-74e8454a637a", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9fdd4876-a0f2-41c1-8920-8c5639670d0f", "target_ref": "x-misp-object--e1e38f60-2397-432a-a393-b1b28a3ba0ce" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--21eca4d8-59bc-4488-b43c-5313c40da28c", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--02377d96-8f68-42a4-aafe-e7c43db64444", "target_ref": "x-misp-object--455b6ebe-18f0-4ac4-ac15-e7f2af8eb699" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b66b7aa-bf0d-4acc-a1d1-c12896eb96ca", "created": "2019-12-11T09:17:44.000Z", "modified": "2019-12-11T09:17:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--beb1e4fd-15b4-4f26-a4ce-4e4b33b11e04", "target_ref": "x-misp-object--30c54480-288a-4424-ac2d-0072ec9b2fba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac99acb0-6c96-4988-bd20-6d32de9c0675", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f59feeaa-3635-48d2-8271-a8ba1ad32842", "target_ref": "x-misp-object--761365d3-43d7-4c24-a9a2-5f7f6c437746" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3fa3f122-79d0-461e-a9de-aef78a087014", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4c380efd-b92e-4540-8b0f-cd6758f8b8d7", "target_ref": "x-misp-object--50513047-46b2-4b1a-9072-a647b4e3c329" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b8a45269-1d1a-42a0-a44e-ed82e0cbed7b", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1505983b-85d8-4be4-ae57-08b47195939b", "target_ref": "x-misp-object--69b4d08e-f41a-4e06-8e1e-ffe262cae494" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--226154bc-adb2-4deb-b262-bad3473be0c3", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--524b27f3-92b9-471e-a88e-06274ac0bcdd", "target_ref": "x-misp-object--2761f328-46ae-4324-8cf3-e9aee76859af" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--af2a2f57-881b-4063-9d16-74badcd601f1", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e014ea4e-91c1-47f0-8716-dd67fc7e1091", "target_ref": "x-misp-object--18b8939c-3f03-4037-bb05-bfa7cfa7b3aa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cf840de9-b416-48b4-b342-87df0ea575e8", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9985ce2-8055-475e-a517-a1a61e519d7c", "target_ref": "x-misp-object--a709d916-083e-40b8-84ae-e72053d94392" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f895b58-e019-43a4-8cf1-a6f4b48f1e07", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9a0bfbc-49ed-4f12-95da-d2e7edfd20c6", "target_ref": "x-misp-object--ae2c2a2d-efb9-4a40-a0e7-01e923a24d31" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2e4efe2-4482-43a0-a22e-8fd3722afdd4", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7bea7e57-e22f-40c7-974b-33d10278a526", "target_ref": "x-misp-object--7c0200be-0e96-40f3-b1f4-fd77050ea522" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a19d507-ce5b-4649-8657-dd7b20f7e4d0", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6288f9a7-f50b-4de6-ad89-3a208e06ff99", "target_ref": "x-misp-object--a801038a-da64-40d9-98ad-4a679fea56be" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d7d0cfb-a53c-47eb-8422-3eebd66514c0", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c134528e-87e8-4503-9697-134891ede3f4", "target_ref": "x-misp-object--b4b2203f-cecd-407e-ae29-2748c97aa26b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd07d4bf-4134-491c-99e8-d9008c2d668c", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--22b3dace-f93e-4359-a836-03a21ca924d0", "target_ref": "x-misp-object--d2dd428d-ad1f-4676-b67f-8de340cb58c0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cc5490e-9a03-45a7-acb7-ba19d486d8c2", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f780104a-9c5a-4335-930c-7d273716381b", "target_ref": "x-misp-object--4fdd419d-ea30-4669-8e1a-94000db3f917" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e192b7b-e4ed-4b03-ab4c-f0dcacbb0ccd", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f139ab3e-03f5-42e8-a2ff-a83a60d04010", "target_ref": "x-misp-object--68d7863d-3c4a-49af-afde-b71d15fe2078" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6165c56d-dd57-4514-b3bf-5b9528e123af", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--83ac84b2-0bc6-4376-8c04-ac09e8e07d57", "target_ref": "x-misp-object--e7340379-0531-4697-bc6d-7d79e0c2185b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc463f7c-c961-448a-a5bf-6cca8c4fb04e", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a5b32bf-40e0-46d3-b152-78769ce84014", "target_ref": "x-misp-object--40d0eb49-b028-43e6-9060-8ab02e096e7f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--de94edca-12c0-46df-a85f-57021892ff5d", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b3c43005-5e8b-4a20-a478-2ab60bb3a0b5", "target_ref": "x-misp-object--f1f0f739-5357-4e7f-95bf-487cc2e7e6dd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d1efbb47-af0c-47bb-b66a-a5759af1b9b9", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9c1c6c0-12fb-4f2e-bf0f-bc2bf5a23885", "target_ref": "x-misp-object--87c726c0-e744-44bc-9aca-2fb279195878" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b9ee5a8f-9e52-4d39-8ffb-08b512577fa2", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e49b9428-97fa-4838-a129-b688d3c83d4e", "target_ref": "x-misp-object--5b535b86-7c4f-46aa-822c-2a6308169766" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3685f535-f9e3-4b36-908f-eddbf1acf72c", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5e6120dd-95d3-4678-861e-06421dd709e6", "target_ref": "x-misp-object--4a0916df-a51e-4f95-9090-8237d80b625d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4d9cf95-7da8-481c-a71a-7e207159968a", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--640f6907-c758-4746-9a05-b0e07c7d89c6", "target_ref": "x-misp-object--203c3941-4c2a-41d6-be23-fea6313f70f1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7b5d729c-df0c-421f-ad81-7c72560fcce9", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--26b40d0e-f672-4efe-b54c-e6dbc07452e0", "target_ref": "x-misp-object--131dfefb-6bc2-4c4b-a51c-13eb4b59ad44" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3dd80056-46ad-4420-9c18-99d4acd35cce", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9350a97-54b8-4b16-96d5-08b6546d09b6", "target_ref": "x-misp-object--f253f18a-314d-41f9-91ce-7267ac60bcb5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f13cbfe-0f2d-4536-9745-e71a4ec14132", "created": "2019-12-11T09:17:45.000Z", "modified": "2019-12-11T09:17:45.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1679843b-577b-4504-adf2-dee263fdf152", "target_ref": "x-misp-object--935eebfe-1960-444e-a06c-15246c5cb4dc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--15ab1af8-4826-4f0a-8bac-cf793a118073", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1cd2d9a6-7b0c-400d-8832-b0a99caaf9ae", "target_ref": "x-misp-object--74100cda-75a4-4cdb-87e7-f04b7faeb90f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--321487ec-3356-44f1-97a8-166aef752e16", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b2aaba6d-0711-459d-9744-3e7289111728", "target_ref": "x-misp-object--86d7fe43-b9c8-4f18-809e-389a95f58132" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f8940ed3-2fad-4145-98b7-bb4652272262", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--579b5a05-074e-4bbb-be13-b63f6858e7a2", "target_ref": "x-misp-object--a91f6684-8fc2-4f39-b683-9cd4e2b9a770" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c09e535a-65b8-413e-a5f7-8f1ff87cbc20", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a7e94977-9343-4e7d-a6e8-158e386489db", "target_ref": "x-misp-object--093e6e02-6a8c-4617-b8d0-3c6b539ec3af" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c365aba5-b26e-4641-92cb-1ff7e3d7636b", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--77089a38-652a-4032-8377-5951c6749eb1", "target_ref": "x-misp-object--26598531-087e-456f-acb0-81740dc24465" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d189be0c-5829-46dd-863f-26b5676c01f9", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c72eee4-3ece-4ef1-8970-8421b8b49fd6", "target_ref": "x-misp-object--a50a31d7-dd93-4e57-82f6-8c2d86f02eeb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5dc9211d-c1fd-4e93-aca7-4a489d3aea72", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8d4316ec-22b2-419f-b8d0-2ad091d8fe3d", "target_ref": "x-misp-object--a3cef8c0-e867-4fcc-90ad-4560b0b862b8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9eb4803-c837-4ecf-a185-0255b1e1fad8", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--092a4d19-c82d-4c39-9d3d-4c8a59684860", "target_ref": "x-misp-object--ef9876f0-2be5-48b4-b385-34c6e1a8b5bb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--193a4de9-e903-4d30-9d6b-7ab2fa69741b", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c83b4e3e-8a89-4a7d-83e9-e90305c8b85c", "target_ref": "x-misp-object--9e3681ba-3155-49d2-b043-dc95c8156bd6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0bc4a8a4-5f97-46bc-b385-7528e508d385", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--32d80030-0d4e-482b-a898-803cf9bc334c", "target_ref": "x-misp-object--ffe6a7bf-bd47-4cd4-b4da-eaf078136bf5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--833c6193-f759-4c85-bab1-0e51e6782d29", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--554f48fe-4bf6-45ac-97de-d340b97dff19", "target_ref": "x-misp-object--30c7946f-9ae0-4d5f-80aa-8d898cfb3804" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d40e22a-99e9-413f-a69a-7b544a7d1c63", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--778ae72a-499b-4228-b976-7206cf015fed", "target_ref": "x-misp-object--4a008bfa-f123-4fe9-b7c1-512c3dab17db" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e2617ff-ab5a-48ac-af6b-cbfc3709f897", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--11fa24c7-61a0-4ca7-8b53-c47d33ec8457", "target_ref": "x-misp-object--4b2305c1-09ba-4219-bac1-7c7aac4c423e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e63a5b9b-df59-4c94-92d2-8c0fe48c024a", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fc263859-499a-4ba8-a1ca-4b3065114f5e", "target_ref": "x-misp-object--24e00e33-40a9-4a20-bc4a-f40c105d5616" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ed24479c-05e9-469d-b123-7909e0c2af19", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f41b5936-5091-43d5-b8c8-10b828a44ce3", "target_ref": "x-misp-object--afefc42d-7075-460f-9942-056893327173" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0b6adae-70a3-46cf-ad84-53cd0a8b6b42", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--790661b9-5abc-41a4-b941-490796a36e39", "target_ref": "x-misp-object--f54ecbf1-94d8-48d7-918b-25db40ef69f9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--14138d3c-2a0f-47fd-b6bf-6a82f456bc83", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9248c2fb-b379-4e16-8dfc-a1f50b2f7635", "target_ref": "x-misp-object--db05e4ed-64be-44c8-b71f-19fcc1b090dc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0ec6ad0-504e-4f5f-a897-1bc2129d17ec", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--97826163-af4a-4b54-bc10-c2a879c26bc4", "target_ref": "x-misp-object--72dd2f88-9263-4b6a-be00-9255dd1d602c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0fb70f47-13ab-4dac-9145-603952fbae45", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--be252845-2208-462d-9c4c-db7003378a71", "target_ref": "x-misp-object--7c90a156-0032-4733-8e34-241a4cc01652" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1021b638-e4c4-40fa-b072-5eb0473b2feb", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d10d07d8-f413-4f92-9afc-b1f9c5a932f3", "target_ref": "x-misp-object--5625b2c9-c4df-45ed-879a-2b27bd0ea47c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7ce19e0a-8b21-43ae-b577-623ab5cf2446", "created": "2019-12-11T09:17:46.000Z", "modified": "2019-12-11T09:17:46.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c2c3a5ab-3fca-45df-a938-1945f6a88540", "target_ref": "x-misp-object--6752c41a-88ce-409e-aa3b-147affa33d30" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78cd048c-9644-47ed-840e-e5e90fd74d83", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4c379350-7ab8-4d9a-ac2e-fd6e22d67175", "target_ref": "x-misp-object--75bf21eb-4910-45b9-aca5-140ebdd73228" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7a1c4a9e-e1a9-4a23-b36a-28574ce1bbcd", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b9a392ec-a68b-43a6-bb0a-8190b3e61a82", "target_ref": "x-misp-object--54bee58a-c009-4395-a517-3e4eb31920b8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--00224f11-f77d-47f4-b551-a547d6fa313c", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--704d9b2b-ba91-4907-8141-20c2ef96d4d4", "target_ref": "x-misp-object--595a372e-8d2e-46a7-af22-f9951cdaac88" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--83851036-ff40-4eff-a3fa-48865dd493bc", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6d2d9af8-e198-4722-bdf9-8af7c3c95ddc", "target_ref": "x-misp-object--f205d829-81be-4736-af7c-14d5e42515a8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49e42226-e863-4a40-b332-3d221fa89e0f", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--be5860a9-26a7-4525-a2fa-d595d89447b6", "target_ref": "x-misp-object--ae75e2b7-9bfd-4189-8aed-4fe5ed12ad92" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b58ca582-54f0-4531-9409-bcea34c40389", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9e1259cb-bc1e-4c7f-8edb-a09e082ff79a", "target_ref": "x-misp-object--8fcf3f77-2a48-48a9-ae78-16bce9c47cac" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e6e5de9-1893-42f1-8c27-b38e6ee8e5a8", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--03665592-a692-43b3-ae7c-5c44042a9611", "target_ref": "x-misp-object--af5c999b-6767-40bb-8949-ce6fdb0e348e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea63931d-50d2-40fb-a4b6-41c5fc782935", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f985195-63be-4130-8570-2eb74d1c65d2", "target_ref": "x-misp-object--ad0c7ee7-17b3-4d04-87a6-a56cb3b0d0a3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1165a607-e1d9-4d4a-9dde-336e8af4096c", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--af868be2-d87f-4f4c-8ae7-aa156542e19f", "target_ref": "x-misp-object--7ce83015-b2e2-4464-9236-d9fa1aba1fe4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b4a4878-e63c-487b-b7c3-3175c24e17eb", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1a3e8cbd-32d7-4fa3-9e02-142d5e212517", "target_ref": "x-misp-object--c5bc33a7-1263-4c90-81ee-0c21da76e67f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4331b89b-bab4-4308-84a0-96b6a24c80c3", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b4b65fc-7250-47ed-a17b-7ea0880f45e0", "target_ref": "x-misp-object--3f48ed89-af7e-40ba-938b-e74dd9c91e55" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4afb6351-7653-42a9-8e0b-4125d7994a11", "created": "2019-12-11T09:17:47.000Z", "modified": "2019-12-11T09:17:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a0058eb1-5f03-47ed-afab-2efd3e995eea", "target_ref": "x-misp-object--07576deb-5352-41b5-a479-2c5317d0c86b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--64fbc438-c7f3-47dc-b275-c31e5bc46344", "created": "2019-12-11T09:17:48.000Z", "modified": "2019-12-11T09:17:48.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--80d35444-5e69-489e-90cb-5042335a6fbc", "target_ref": "x-misp-object--1b4c7c89-9561-4419-b2f9-1c274ee62854" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8e5dfdeb-cca3-4810-ad27-cb621a0d8306", "created": "2019-12-11T09:17:48.000Z", "modified": "2019-12-11T09:17:48.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--48c053b3-3044-44cb-a28f-a7d52591daf4", "target_ref": "x-misp-object--4cb3c70c-abc8-41b8-be9e-a03b38671347" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a77f0ce0-8c1b-4e56-91b8-82c8c780ff2d", "created": "2019-12-11T09:17:48.000Z", "modified": "2019-12-11T09:17:48.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e16742e5-9cde-41ba-af1d-091d8bedf4b0", "target_ref": "x-misp-object--3b5f9f6d-5343-4f06-a8b5-31861c2e1de6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0a93a781-c873-4fc1-a84c-75e797beb40c", "created": "2019-12-11T09:17:48.000Z", "modified": "2019-12-11T09:17:48.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1acdcdf2-193d-4bdd-8360-a26ed49a0793", "target_ref": "x-misp-object--d5e4bd27-6691-4b2d-8eec-2fbf4e24baa7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--edad3875-964f-4e1a-a173-f3d68fa99ff4", "created": "2019-12-11T09:17:48.000Z", "modified": "2019-12-11T09:17:48.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b401a8db-a6fc-4176-b07d-10973bd9bcf4", "target_ref": "x-misp-object--6a8e60ae-a643-4b5e-b5e6-57405a6c8597" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e7a5814-85be-4368-acd7-ba36af60936c", "created": "2019-12-11T09:17:49.000Z", "modified": "2019-12-11T09:17:49.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4d42dfa2-8146-4ce4-9bb2-ff4cc7aed489", "target_ref": "x-misp-object--1bfd9b32-6528-405b-9df5-1bc170d35ab9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--904aff0d-6eb4-4fba-91ce-221618b5578f", "created": "2019-12-11T09:17:49.000Z", "modified": "2019-12-11T09:17:49.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--675e1716-6a26-42ea-a062-e6da3b6ad681", "target_ref": "x-misp-object--c18b282e-e307-422e-bb53-905e3acaba81" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc6815e6-7c26-48ca-a6fd-b7d11be90da9", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--334a5d8d-d499-44cb-a4bf-a1b09f5c957c", "target_ref": "x-misp-object--34d09d98-c515-4fd3-a13c-cbfb8f173195" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd6a7445-1a71-4877-a4e6-1ee339cbb1d3", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7376a665-9c9c-4711-8f68-1f45047546f5", "target_ref": "x-misp-object--ebf1c6f5-884c-4017-b8a7-6420e0f653f8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--07ba961f-5057-40ab-988b-dfad0d8fc99e", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b4de5a4e-2a19-43d8-9da1-57730d22dab3", "target_ref": "x-misp-object--b156f377-075c-41ec-a520-dd934705382e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c1e5906-a849-40fe-bbbb-fadb81c5aa2c", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--56cc4fcc-15c0-489d-8bf0-7f683885a03e", "target_ref": "x-misp-object--622a2879-7329-4bfd-a8a6-58f0523d1ebb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13e7ef80-9265-4852-bc3b-8ff825b744ee", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d10942f1-7e0b-4700-932c-37a24ca2a7b9", "target_ref": "x-misp-object--8d74ec39-ab53-4434-a82a-4cad16a3a23a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eec92dff-aa13-4f37-a774-dbf6d9de9a12", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7aaf28e3-f95e-4803-ac53-ee1c1c50272b", "target_ref": "x-misp-object--1b0fff68-525f-40d9-88dd-df82f4ef0a94" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4233b7de-69ec-4ff4-b477-9372d00eb024", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aee07c40-25ea-4b3c-b4ef-b37feb1ea25f", "target_ref": "x-misp-object--fb6f45ed-fd7b-4bb4-92ca-05b6fe37d18b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81510441-72aa-4ee2-a752-7da052d35fe6", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f4b6869-ebf6-46d7-82c8-947888af0c08", "target_ref": "x-misp-object--ffb7dc9b-afec-47cc-884f-4e1dc971a3ac" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e5287f7a-69d3-4152-bf2e-0cc1fcdf5f19", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--190115c7-882d-4856-9092-b742108a2eab", "target_ref": "x-misp-object--15b205a8-cb6e-45d7-9aad-da527c8ff5de" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24dd237e-493d-452e-8cbb-a9d4d14cc8f2", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6e916952-29d1-4de6-bba2-d3fc796e53d4", "target_ref": "x-misp-object--95526d28-ceb8-4f8e-aa22-f14c264d5a47" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f47b22e2-6bfe-4d23-b0c4-b6852e3f45ec", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68313563-5349-4294-9eee-4a4b6930b3ee", "target_ref": "x-misp-object--491197e9-5698-4c91-85a8-0f83e94954e8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba5587f4-0e25-45de-a6d6-39509ecacbf5", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--64dd15b3-2453-408f-b6f5-699ea53bf1b0", "target_ref": "x-misp-object--e253786c-c98c-4560-9b8b-7646ef35d4c6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eed1f17b-355e-4bb6-9708-5df11b90a413", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ee0adf9c-a186-4916-9c43-bbc20ddf6742", "target_ref": "x-misp-object--6c819924-59ed-4ba8-9075-9b44378c194b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--accbde32-76fb-4506-b4dc-cf33671b15ce", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--32858727-1f3f-46c2-835b-d92df8fbbe42", "target_ref": "x-misp-object--03b98b00-c2d4-4bab-8c3b-994435c9d01f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--386868cc-ae6c-476e-8b79-2c70d6247c15", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--af710a53-521f-4c89-bc1e-e0009e897980", "target_ref": "x-misp-object--a7ff9f45-3a50-4e9a-8f65-66403d663a62" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--41ca4961-a899-4dd5-acb2-bc85c5ff5026", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5e0029f8-d3d4-4f3b-b46b-f1338edec78a", "target_ref": "x-misp-object--cfd88dae-dc3a-4c99-9f6e-95c373ebd3e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f9583c3-0137-408d-95c6-f4dbbb5e4aae", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9abf1fc2-6b35-4683-ba31-9f6e137d9c08", "target_ref": "x-misp-object--a64a8a55-a61b-4d0d-8b08-54ee89ee7ea6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33535d7a-bbfa-4424-b935-2f0cae526f1a", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e79989fd-61f9-4ddf-8828-2d65e697945e", "target_ref": "x-misp-object--fd5f1ceb-997e-441b-b218-5304fd5ab648" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee0a8634-6f5d-4c6d-9f83-cf0cc7c65bc8", "created": "2019-12-11T09:17:50.000Z", "modified": "2019-12-11T09:17:50.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--076ec3fc-a672-44ff-a43b-f6931a75b962", "target_ref": "x-misp-object--4ebc765f-3147-4a56-b87d-d57279baaa14" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a49ca78b-d454-4be7-8860-f39f4808bbbe", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9197aad4-39a3-45a4-9ccd-7d919989468e", "target_ref": "x-misp-object--6b7d265f-5cac-413c-8cd9-95c902b73228" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cd139a3e-2b6a-43dc-8966-6ac2ee9d700a", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--508c47de-d7b2-405d-87a1-47752784e5bd", "target_ref": "x-misp-object--c8f8cb6d-5af5-43ea-bbb0-06f60165a41d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62481af8-cb59-4c22-a77f-5cefde4d233b", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e38e5407-e670-42ef-93cf-b00573c36cd6", "target_ref": "x-misp-object--69360a5b-7dcd-4424-b1f7-edc91902d8fd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--119b9e76-1bc3-481b-8d06-5758b8b51e46", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0b989039-6f0c-462d-9b45-cf9cb3f1b3c5", "target_ref": "x-misp-object--a8607e7c-7ff2-4432-8535-b79232cff49e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--435aac78-f8fd-47da-a227-5123c09186fe", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7ae255ca-988f-4503-974a-d7f3176d71ce", "target_ref": "x-misp-object--722c1268-12a8-4655-b6d2-92d8e2067996" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d102633-4849-4065-9362-faa7f84d299f", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3daaa8a6-a836-4877-8f62-d16e6a99cd89", "target_ref": "x-misp-object--31a94059-6a6d-4b60-9d34-ffaec33d6bbb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d07d9d4-dea9-47c5-888c-fb510c5525a7", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7d0baec0-5a8c-479c-b612-010d1cfc2de1", "target_ref": "x-misp-object--9c2f4bf4-446d-4a13-a18c-e0e3a5c904a0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72dea030-e8fd-4df4-ac02-1e4deb6d7a99", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--600fa261-6de5-4436-9730-3ccf84bb3bec", "target_ref": "x-misp-object--2d1cd09f-2c06-4db7-8079-15d878241205" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--295d7376-6986-4721-91ae-bf2ed8d8e15c", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0e29bb53-4317-42ed-8b7d-4919f4b831b5", "target_ref": "x-misp-object--7e548b9b-5d25-4628-856a-0d559a6b67a5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0953c052-7f8f-465d-8c15-585e7ce11746", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--11df11e9-c64d-45d9-9474-b234b06cdb98", "target_ref": "x-misp-object--52beb6bd-475a-4dd5-9d70-fbd1aa29c3d5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98fd78c6-9579-4be7-b5c2-fafc99157f39", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--321ff7b0-34b7-479f-8dd0-41c259ebbe25", "target_ref": "x-misp-object--64d45127-0af1-44cf-9934-4f1d4d4a9840" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--651b7515-cbc8-4c39-95d1-de4e58124e0b", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--64429339-5b9d-4b6a-9614-167fa0e883cb", "target_ref": "x-misp-object--5ccd21bd-6cca-4733-8961-9b0e4906afe1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57a0b596-6b2a-48a1-ad49-1ed88da294de", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--62ba4a06-02e3-4eaa-9f23-156bd0911684", "target_ref": "x-misp-object--4cca88bb-70ad-4884-b433-e3803ea0a1f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ae250be9-9b01-49fe-a8ec-5f2fb6df4e29", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bc9f7c61-9813-410d-8947-bd622d3428f5", "target_ref": "x-misp-object--22676db9-d003-43e6-8e61-bb9751963fb7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2dc318fa-217e-4f92-b144-314bc575f7d5", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d9749493-6aa2-49b2-aefe-f207ff3a8aba", "target_ref": "x-misp-object--e25bb58d-f313-41ce-ae1f-fdc088624f99" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f96c194-6fce-4084-9b1c-7569600f5ade", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cedddf8b-6830-4953-8a90-eac2e56849fa", "target_ref": "x-misp-object--c3319757-81fd-449d-9452-0034f18e4e50" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac48534a-eb81-498e-ada2-ff2c6e3ca331", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c2d8cb4c-350a-4881-b1ed-ab623c674f91", "target_ref": "x-misp-object--7af9923b-7777-4df1-9ecf-86d8db86dae1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5b22ab1-eb9a-4b60-82a2-c85793b0e976", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--16144424-d01f-4a4e-b9db-53fdcfc431be", "target_ref": "x-misp-object--58833fab-1a5c-4762-99b5-55e98ce88973" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92bc31c8-2d66-43e6-b8b3-1e253985ef3f", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4bd10b1a-3756-4b4b-8767-0d9a3c9259e3", "target_ref": "x-misp-object--cc5656d8-39da-44e3-ba60-194af764034c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba527f6e-af2c-44ce-9d85-dfcb132dbcd0", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2e87724f-2380-4b47-8c65-e7972a25ca50", "target_ref": "x-misp-object--5adfe6db-846d-4c5a-819c-8c457b28f2cf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--038c62bf-38e9-4368-8487-70dfbff59f9c", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8f0a49e1-0ce9-4944-9200-1e2db8abfcb7", "target_ref": "x-misp-object--492231b5-8f97-406b-9e0c-41ea31df35b8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a0a68bb6-58e2-4012-986c-9cae85474c69", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e09181c3-54f6-426f-836d-630195f98612", "target_ref": "x-misp-object--0815fd32-3f74-418b-b2c5-bffb1186f647" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e4bb71e-977b-47ff-966a-87606b986e14", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--376494e4-19fe-4182-abfa-864ac7c9c6d2", "target_ref": "x-misp-object--19270c9a-bdf2-4e27-911e-b793dc82e57a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4753db3e-caa6-40e7-9bd3-1aba9a9861af", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d35e9b13-b591-4c3b-ba81-7d6ebcdf1ee9", "target_ref": "x-misp-object--dc362422-092c-4b92-b4c1-ad3c5a322fb4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4591ed32-4e19-43a5-b68c-21ea5321b288", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4db3dcc5-b9ea-4f99-949c-1373ba9efcf3", "target_ref": "x-misp-object--7bc644f5-5b56-4fc1-99da-77653550379d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52566fae-6ef9-4f62-9974-0e4e04fafa81", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--76057e00-e1a3-4d4d-9234-8491d141c504", "target_ref": "x-misp-object--d38800a2-86e8-4e1b-ae74-91b94534efe8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9aa6369-7076-4f35-b1af-ed9d0f896c14", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3297203a-bd22-4cd1-921c-c9b13bca5da5", "target_ref": "x-misp-object--aa505ab9-f601-4648-a1b6-4da40901ae55" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0658482-5975-40f7-91dc-3c99c8b652d0", "created": "2019-12-11T09:17:51.000Z", "modified": "2019-12-11T09:17:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2df84a4d-abea-4e71-8580-bda849f4db82", "target_ref": "x-misp-object--0a24cc34-7c45-46a6-9f16-0ff607c41ee3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7cff076c-d01f-4e05-a74c-d0c920a58746", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2dc85285-8460-49c6-959e-6766a6124fdd", "target_ref": "x-misp-object--48201af7-1b01-48b8-a9b0-18b859fe71e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--18fd0a3f-eeb4-4d6d-b677-077003b47dc2", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--93e653fd-f737-4eec-91f9-ccea68f69d57", "target_ref": "x-misp-object--06dd20c3-b244-4c18-bc92-a85103e4c889" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d4442e29-9b4e-4dc2-810c-5f856de70784", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fb75d84e-2cfd-49e2-9227-a78141eb1d28", "target_ref": "x-misp-object--05ba90e1-fe79-490c-830e-e2e3127e4bd1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--208f32d7-d1d4-4cbd-8aed-c38bc00d60bb", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f3fb5ee8-ed83-41a0-94ad-8ea9fb6daf99", "target_ref": "x-misp-object--7f9ff2ed-5ec2-4c8c-b849-4703420ccd75" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8de2c830-eb37-44ad-9e67-1ec03cadebc2", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2c8d7a6f-dd71-4981-931f-da97c781a7db", "target_ref": "x-misp-object--3850e17f-7108-401a-8f24-ae76491b291e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5867adee-cc2e-45df-9a3b-19a3e69874db", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a330fbbc-71ff-4351-ae7d-6778300ecade", "target_ref": "x-misp-object--2d60e889-6d1e-4213-9dd1-26cad6266082" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b84730d-c1e0-40ae-9a88-7809a30b7e88", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e42db255-fa7a-4fe5-888b-bf13513a1e95", "target_ref": "x-misp-object--d60cbc76-f3aa-4e86-b35a-3c42054618bf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60dad972-f99f-42a7-a49f-5f5f532bc0fb", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e4e7f5b0-cb82-4bec-9022-8acb50bde3a2", "target_ref": "x-misp-object--e4818923-cb6d-4bb8-aaf6-dd22ae551267" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f4ca59b-8118-4781-a0ae-2702761f9175", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c10d988c-86e1-429c-acfe-62eba6fcdc3f", "target_ref": "x-misp-object--694e010b-ef72-4745-8003-038028ec9c82" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b221ad2-8945-470c-92f6-5e1a05f950da", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3f0a0ea4-7de2-4468-82b0-05957a73095c", "target_ref": "x-misp-object--ccd798a2-85b9-494a-96ca-92ff60d480e6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--10178051-8f99-413a-a600-13fd8d2e824b", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--45848e9c-e246-4efe-ae50-99e816a1fa44", "target_ref": "x-misp-object--87726c1e-2cbc-4272-b3e6-4a72c3639ad8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e680cea1-10a3-49b1-955a-393d5cbfc0b2", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6f6ce68e-1adf-467c-b9bd-3706a9f28e58", "target_ref": "x-misp-object--94b20788-3705-46e4-9ab2-166139b97539" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c650844-511a-43cd-95d0-c0a628a738fa", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--12ba9b4e-ef1d-4b74-a1f1-7755d6f100d7", "target_ref": "x-misp-object--f052f615-c2e5-45f0-9e0f-fa089034617a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--223b1150-36cb-48f4-a42c-b6d9b57b7fce", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b96a2951-99bd-49a6-b34e-059d4af7a1eb", "target_ref": "x-misp-object--69dd4883-4cc8-4c53-92d8-ac366fb4e9b1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d3554bdf-52d4-412d-a52c-dc3024674328", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e6bc0b01-e272-4a47-a5ec-0fca029e1d9b", "target_ref": "x-misp-object--e524cc07-e321-4478-b1a7-155c1045b2b8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a745350b-bdba-4030-9640-39f06f864c04", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--abc5a718-9535-48bd-868a-54740ddc4773", "target_ref": "x-misp-object--70f154df-8874-4f39-a4f8-1078e3df16bf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d466b826-41bf-4c73-a5a9-d1559678b205", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--398657cd-cb88-41ce-b9ac-90ef2f426d6f", "target_ref": "x-misp-object--ebfe3901-8768-4d85-8970-fbb9efbd2d21" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c502c8c8-c9f3-4b77-905d-b3202777e02a", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6413791e-00b5-4ffb-83d4-ffee0cd2ca0b", "target_ref": "x-misp-object--da879160-458a-4dab-a126-245cf0f7a285" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6870e291-dd6f-454b-b50c-857a27640739", "created": "2019-12-11T09:17:52.000Z", "modified": "2019-12-11T09:17:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--07fc0794-5e29-44e0-9cee-faf0ee755c32", "target_ref": "x-misp-object--b17d7848-e8ad-496f-96de-51da10e952f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82974672-bcb4-4272-9373-8946a57519fc", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--005be038-8a2e-4cc5-a0f0-57f5df4df5f6", "target_ref": "x-misp-object--ab5ce77c-edac-43f9-8955-f9b70ca25c78" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bbb2361b-00ff-46de-9652-fcfbcb3802dd", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bea1130e-4cb9-42ba-be62-dc58d29271fe", "target_ref": "x-misp-object--fb0d63a5-2ef7-41ec-891e-318ad1af405d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d6c08f2-d085-4102-b8e1-cf2b11773a5c", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c06d918-976c-4d51-9e99-8d3e37432ebf", "target_ref": "x-misp-object--ae92dd95-4a6a-4791-b9a2-859713516919" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f315fa7-c682-4442-bc24-6ac0cbed4811", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0970bf3c-d0ae-495d-a9bb-8f0850d31d02", "target_ref": "x-misp-object--6faf13be-b871-4263-8384-a4ea165c6dbe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--161a9173-d740-4fc5-9b68-7d52af466a75", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--805c7a97-f0b2-4be5-a3a7-3d5ed004fe8a", "target_ref": "x-misp-object--c33d8677-d9e8-42aa-a109-9c077c74fa7b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cff7dfc2-091e-42ff-a200-4be4bf643b40", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6d4d528c-aa9a-4678-acc9-706dc617b813", "target_ref": "x-misp-object--13daa6ca-eeb6-4793-b7f4-b240a5694a49" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--430f2832-2de4-4255-ac33-231ef13fd6c9", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c52e2698-5238-4c6a-acd7-878cfeeb08bb", "target_ref": "x-misp-object--77daaa86-1ca8-4829-848a-2ab124fbde2a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b608e36b-761d-4a2c-a8e2-9b0d783a5fd5", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--53be0e4b-423b-498e-a3d4-7b7835134977", "target_ref": "x-misp-object--368db7b2-fd52-4253-bfd3-0e8d6b1128c0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88fd7a06-59a3-4ef6-9378-6018c9b54a0c", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5f78f768-d3e3-4c57-b99e-c9ca1afc0719", "target_ref": "x-misp-object--3bf6bec5-5936-463d-b7eb-72f996f0b0dc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8002808a-3fb6-4ef3-9ff5-f22ca584028c", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--72f0eb8b-cd3f-4b91-865d-29034d6fa578", "target_ref": "x-misp-object--c990f842-45cc-4c91-9362-7e36d9ea686d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b4436fa-c4b7-4446-89a5-ae570cec9f2c", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b85e20d8-4cb7-4223-ae59-3ad7b984a218", "target_ref": "x-misp-object--bd96673a-9739-4b1c-90a7-cf93e7983d65" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b476ebb-ffce-4782-b44f-b93dd2845c43", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8853e5c5-1501-4b21-8b6f-908bb944d562", "target_ref": "x-misp-object--90821f3b-1e17-4f71-92cd-5d7575010e48" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c94264a7-8c91-44ea-9b3d-3f0c6f2b8ff9", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--765924d0-c38b-4999-aec1-9a458db95dab", "target_ref": "x-misp-object--8db06b60-3ee5-4c7e-abf4-89fc457b7ca9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a565fb96-75ea-452d-a7eb-e2a7dbe82933", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5acb8ec4-b43f-4dd4-a054-52c01028f440", "target_ref": "x-misp-object--509ca6ee-3003-4a6e-85a0-f088ee39013c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ed228e62-8992-4a96-9517-3b3ceee82da1", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eaf72681-d495-4bcc-ad7c-a28fae80cad6", "target_ref": "x-misp-object--a9fbf066-90b4-479a-b421-249d0eb7fb88" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9eb683d-1f04-437e-98cb-937127b38a78", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1357b011-56bc-4256-9daa-e8e58a0bb2c7", "target_ref": "x-misp-object--b6d9408e-2eb1-4a92-b402-a87daf6b32c3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc802941-c3c0-457e-b166-a79be2972724", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--63103b77-e89d-4f87-a9eb-4bc77fc2848d", "target_ref": "x-misp-object--05b819fd-e576-4d36-a984-73b763610cd3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60e6e430-c02e-45cf-b69c-b53ca0f43e70", "created": "2019-12-11T09:17:53.000Z", "modified": "2019-12-11T09:17:53.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--89debb59-6a70-4aba-97b5-f77df678a97b", "target_ref": "x-misp-object--ad5d9831-f2ea-48e5-a022-dab7337f9f49" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--350be120-469d-4d30-8884-45bf94f1d9ef", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e20c0aa3-0cf4-419b-baef-4d2d30a38f23", "target_ref": "x-misp-object--1d4e08cd-ae5c-4f22-9f30-44f4fc820458" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ca116ad4-0e5a-4528-b931-4cf85a6f8434", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68c04910-f986-4c23-9521-62f771f9ebe2", "target_ref": "x-misp-object--ecb65e70-f259-4ecd-9423-946c1b5648d7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f7111f9-9df3-4264-995c-a570f7d656dc", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--98c067a4-1ab0-4b27-8776-b278725b50be", "target_ref": "x-misp-object--a2680e73-6889-45e4-a65d-a298f11c2d17" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6179c41-0f3a-4b1c-9d31-5ea764e74483", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec9966dc-77de-4518-8609-95eff444388d", "target_ref": "x-misp-object--795a1fdf-49e1-4e50-a85f-3a4176494389" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a837aa8-0d35-4985-9e82-a4bbb2f3dd55", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fa646c42-4280-46b4-9cf0-4aca39a04070", "target_ref": "x-misp-object--bfdc67ce-6583-447f-8e13-7569e81ea7e1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87a8e573-91a3-41c6-abc7-6333776b575e", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e75026c9-90fc-4278-93b3-ec2f98892005", "target_ref": "x-misp-object--a7cde723-daa2-469b-9dec-4ab357ab0656" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e5210c2b-19ab-41c4-aa18-093b03b31a20", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b1f82c4-364b-4993-b254-be89999295c3", "target_ref": "x-misp-object--b9e9b270-e201-48d8-959d-c53b47510fb5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--89c2fb12-28ba-467b-9678-c1b906873051", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b58e3ceb-0d5c-436d-9d6e-98c592d75ee7", "target_ref": "x-misp-object--ae22c98a-7e4c-4576-bad3-daae1a313c19" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2adbf480-95bd-4519-948e-afad1685d2ff", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e4ab5c2a-0f29-49ed-8101-f53735fd9327", "target_ref": "x-misp-object--841a3d54-f045-4cd9-b58f-0bde95db27e1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a469a11f-702f-49dc-888d-51a71de3b5ce", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d2c8766-dca7-489f-9550-73fe0f885d1e", "target_ref": "x-misp-object--2bc88896-973b-4215-8f4e-11ae835bfdf2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce0ccfaf-a973-419a-88c1-99035cbea395", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c0b27747-705c-4d72-9e95-f231e6b93f53", "target_ref": "x-misp-object--628f43d4-9f52-4a66-84d2-6dbfdfe969c4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--751eda9c-f2f4-45d6-aad3-1d133911cb03", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8a376444-9c79-42d9-928a-25dd1a1afa29", "target_ref": "x-misp-object--d3c2b24c-f847-4414-85c2-e71fecb4d9af" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1877da2-2989-4304-9333-2d481e54ea55", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6195996f-6bdc-4e2b-bf9d-202df3c89f50", "target_ref": "x-misp-object--e1983e63-f280-4191-8fca-6fa561bc028e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7e40294-adc9-4b7d-bde2-064739a1db2d", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9ab032a-2aaa-4363-8145-5daa9a819b0a", "target_ref": "x-misp-object--81933a57-b24d-4a30-817f-22ba642fd14c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4784a2c3-ee09-43cb-8aae-5511227a3775", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9218748e-8966-484b-aa99-5803ed53ec7c", "target_ref": "x-misp-object--3ad4d357-5277-4598-9d15-a362ab9519b3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e07eaedf-95e5-4e69-8c22-647997f8eeab", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8eef2549-360b-4985-889d-209f5ca535d3", "target_ref": "x-misp-object--30ee7c44-f887-4b02-991c-a000534e6030" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b2d674bf-06f9-4cf8-9b03-d4c53adabfa5", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c4ea6dd-24d5-46bf-beef-7dd6bd35499f", "target_ref": "x-misp-object--2cdf5f0d-47bd-4ae2-9c5c-da56b2e77f58" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f87c060-6dd6-40f7-8d14-e27541bb9a64", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9ed61707-31ce-4559-a85b-f177c85d687a", "target_ref": "x-misp-object--c65bed31-f64f-47b3-ad8b-9a641ab6b7b1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6140d7d6-63d0-4039-b3ac-3a3e40682981", "created": "2019-12-11T09:17:54.000Z", "modified": "2019-12-11T09:17:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--62f71c3d-8724-4888-b634-a7d3752695ba", "target_ref": "x-misp-object--a4fed9f6-2f64-4b0f-8511-3705a306a1ee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1cb61801-57e3-4f37-b7c9-5fe37d0c74f7", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c4070ec2-5078-4852-9dfa-e67a2649d36b", "target_ref": "x-misp-object--821c8d27-03d7-4cd9-a184-166decec2856" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81247d70-35b2-4d57-a9b0-e6fb86773762", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d349a739-f27d-4dcf-bae7-d67012620f33", "target_ref": "x-misp-object--c1d50dcb-b695-48fe-a49a-7cff10f11589" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5ef7b51b-27dd-486b-ae42-6f22544871d0", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--caee4aba-0102-48b5-ad8a-1287cb213030", "target_ref": "x-misp-object--abcc5d71-abb4-4dee-b1e8-ca6001c3758b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1e9f7a9-bf8f-4f84-a9d4-c408cf183777", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9117ae19-7708-4000-9533-a0c6d3138ea1", "target_ref": "x-misp-object--35aa4f54-4b30-4128-8575-214523fc7d11" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b8acd508-7431-445c-835f-41dcd7453ca4", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3134b067-1d49-4a98-87b1-aa6e600338ca", "target_ref": "x-misp-object--3620e830-e0ff-40b4-94e7-92e149c6e981" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c1a9222-760c-471f-9385-67076a3ae801", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7d0241be-d6f3-4c08-85ed-ee43dac5847b", "target_ref": "x-misp-object--444a0e7b-76d5-4530-91c0-0dfc79237131" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b3102f6-2f18-470d-afd5-8ea102473ec8", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7761bf51-5f5e-4aaa-be9d-bb35c740f714", "target_ref": "x-misp-object--e6f2bff0-8edc-40b2-97e0-1ee80576493e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a57dcfd0-90d3-48d3-bd33-758927e1acb1", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4457b0e9-bef0-48ad-aa21-f7ba7c652f75", "target_ref": "x-misp-object--a3d4fc30-7761-4e42-bc4f-b8e1acc63987" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90e89269-d845-4536-90e9-69e2f46614e2", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1dd87091-752e-42f5-b428-f51736b257ee", "target_ref": "x-misp-object--3b199135-e920-4a9d-981f-54b70738f142" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eded33a1-ce8b-4974-a0db-4d8460fb6bd5", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6b6aab10-96a0-49e2-a255-acfded4a9373", "target_ref": "x-misp-object--5c3f6466-8b63-42db-a888-83e5094a5c96" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d77914e8-e57b-4e18-9d6b-9d29871b5640", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--78b8ffef-e689-4c3b-b1d5-36ffc621736e", "target_ref": "x-misp-object--5953cb1f-a9a3-48f6-b7cb-b3c7b2085357" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b9be729d-1091-4516-97e4-c0dc9d8558b6", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4ab5c507-07a3-4754-ac60-f56a90a07a59", "target_ref": "x-misp-object--10ce3811-2d64-48d3-866e-21b2f38196fd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b54a9d58-0007-4095-83e5-8580c7c8934b", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--565e58b9-37d3-42f9-981f-94b5a196ff67", "target_ref": "x-misp-object--ce46afa0-ea40-43bc-ac74-fe77697eb8b7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e61fa3b9-f5c4-47e8-ac06-168f2c6b0522", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--53fbeb11-1c73-4a07-8ce3-4d100c4d9e06", "target_ref": "x-misp-object--b3a0d1e1-4d1f-4f6e-b160-f5ef4c73d24c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc99f5d7-058f-44d1-abf9-c8f011e06984", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--892f24c1-e6e8-4898-b3d8-dd58f03d9aee", "target_ref": "x-misp-object--50404a55-6518-4320-b02f-277a8f95d517" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01cc13b1-713f-4c51-94d1-eda81b8f11b0", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d7f7a218-00fa-47cb-9d48-8f41aed63824", "target_ref": "x-misp-object--29b2b7cb-981f-44b6-a0f1-b0ac00824eaf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c3f51ff-c5d8-455a-908d-1ead24463331", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d2d6b87e-b30a-4bed-a8fa-690cd8dd7b34", "target_ref": "x-misp-object--ec2ed37a-6456-43db-b5e5-4a0e947d4e91" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c69e583-6ff6-4335-89ee-f7becf1f1096", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--540eccfd-055a-4638-8fe1-996e4bd798bc", "target_ref": "x-misp-object--5ed81b52-cb94-4d23-90ff-924997e5ee31" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4c85731-4537-4c96-8e1d-64dd3a8d21a3", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fd9c1730-3934-4d96-9e4e-66d416fc1dee", "target_ref": "x-misp-object--20b3340c-2536-43ea-9a11-0d04b9cf9f60" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88ea597f-b4ca-40fa-962a-532c48d97af4", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d6c1c49e-8a88-41e4-a935-b22abfac6779", "target_ref": "x-misp-object--6645ca7a-2953-4aea-99b7-979afff6c520" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31ed3809-a260-4db4-8f4b-a691f5cafab0", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7595266e-68ad-42d8-aea3-030fff8c2372", "target_ref": "x-misp-object--b6a9653a-1c3e-42a0-b663-200c20c29f72" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73ee2322-b446-48ff-8a60-6de171536df2", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3be262ed-cbff-4863-9845-bbe8780e4060", "target_ref": "x-misp-object--55b81650-a1d1-4e38-ac8c-0cc8a57ba371" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c7349d4-e1e3-4832-a9f0-5f489b29d37b", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c3fbea3-3b94-4b4b-9658-58c0bda50729", "target_ref": "x-misp-object--daa9b3e2-e2ca-47a8-9e9f-deceb9f644fd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e23d13e9-e0bd-4c97-9981-f7a1f5056588", "created": "2019-12-11T09:17:55.000Z", "modified": "2019-12-11T09:17:55.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6fdb0082-f213-435f-b8f0-07c9505e93c1", "target_ref": "x-misp-object--e8cd3aba-3100-4a3e-a2b3-2c722681f9f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73dc56da-6946-4699-908a-e862cd15fdc8", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f8975b3d-872f-4935-bb7f-206c5b43f28c", "target_ref": "x-misp-object--7cf62d8c-3de3-4b2d-a7b5-3032ce3438e3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c09a598-e33c-48cd-b7d6-20af818444cf", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b79fac33-6789-4c6d-8203-86a543916337", "target_ref": "x-misp-object--c21a9315-97d1-4168-a9b7-12423024a3b6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c4a8ff6-a0ab-49be-a310-55dc24c063b7", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--91905962-1e77-4f65-a1f1-d7245a4325d7", "target_ref": "x-misp-object--50e15cf6-cf9c-4922-93d8-e1241e97e39c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47330458-ba96-4dc8-ae0e-afafdbdef1f2", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--182e3f1e-de06-492c-a4b4-81cbdb039aa6", "target_ref": "x-misp-object--d4e3e0a9-e92c-4ad2-aa0b-690729b25b92" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9d152ded-9af7-4050-b99e-5b239116377c", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--45f3d5b0-854a-4d2c-bf88-70cd8564f3af", "target_ref": "x-misp-object--1753520a-1660-432f-aff7-08385961ba2e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f715f9a-85af-4481-9875-5a46355d3169", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--241463c3-0626-4f97-b0db-f683cf972e7c", "target_ref": "x-misp-object--f81cf644-3724-4f5a-bede-b656e85c6c73" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b77d499-28e3-481e-9b0d-75abca06d68b", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6c895566-202b-4f6c-b7cf-798509971bff", "target_ref": "x-misp-object--2d8f6027-ce38-45c8-870c-a699fd9e9e3d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba2ebeaf-0eb7-4677-a678-eb56dc28d15a", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7503be52-e147-48ea-98a4-d7be3ace45c6", "target_ref": "x-misp-object--eb2a85f6-01e2-4caa-8c9f-988318c26249" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d6484d6-4ab3-496c-980c-652ad9cbc04f", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a462fd7a-1c1d-44a5-a57f-c42386b0ff1e", "target_ref": "x-misp-object--9ab5b90d-5dcd-4745-9789-c4e1ac9000f4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a0828773-87d8-4a24-802b-fce6aeaaf7c0", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e73a6fe3-456f-401b-84c6-6e6dcaacdfc6", "target_ref": "x-misp-object--2165f1bf-99b0-4e68-9d2d-1ade377d8956" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25af22cb-b2c8-4636-9fc0-80c3c884c50e", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dce883cd-5087-4904-a7b9-023d423dd1d1", "target_ref": "x-misp-object--737ec17e-d4f6-42d8-b4e3-390c2de98945" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f2e367a2-099a-476e-817a-17e193ef94fb", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--227c4286-3b20-4b4d-9856-ea87c2d3bd80", "target_ref": "x-misp-object--f365c021-ac24-4d53-aaf0-e221b311837e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45583b91-cd59-4e14-bdbf-5d8432484c38", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4615e70b-359d-4f2f-96a4-ea418c5a6854", "target_ref": "x-misp-object--2fee9edd-029f-47fb-8cba-757099976138" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e08d6706-a5f8-4d62-a46f-df6b39a381d7", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c3c6593-79bd-4150-b1ba-146da9c4bce8", "target_ref": "x-misp-object--ddd88357-7732-4691-8a56-ceacf2bee532" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--faf8f483-305f-44fb-a672-b053f60d92fb", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9785371-03f8-4af6-9373-5909e49e5adb", "target_ref": "x-misp-object--1295c57e-bbc7-468b-bb20-8211f7c4072a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a29aa6b-4aa8-4bfa-9ecf-1a9a16510567", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c763fb0a-4e8c-4f68-b194-4d1b8f482e8e", "target_ref": "x-misp-object--8a81d792-e18b-4e84-9be9-962c67005bd4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81ee7bd0-f0db-4375-bcdc-68aaeb7a93c8", "created": "2019-12-11T09:17:56.000Z", "modified": "2019-12-11T09:17:56.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f3e51af5-e6e1-46d9-a62e-2f8e8b6fbe09", "target_ref": "x-misp-object--61c82fe5-d83e-431a-b959-73ef76e2b052" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7fbc1c93-5799-4114-a8c5-31a9b25af770", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--91864f2e-a0af-4d1c-8196-7a5a3e13f097", "target_ref": "x-misp-object--1b3fea86-801e-4f54-abd1-4adc96fdc7c1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33c56b01-3587-4f68-aff4-deb1ae5774e4", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f0fb588b-6cf2-4e37-b528-94ae24244747", "target_ref": "x-misp-object--e30f84c4-cf2f-43e7-a1c7-f4fd20ecb6a7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f6d01f98-9188-4c75-bead-5f8fcf768c08", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0397a39e-c3a1-4b20-9b06-8da452770996", "target_ref": "x-misp-object--b242c8fd-73a4-4479-85c5-6cc76cdc4e15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec81f3ee-730b-4393-8055-f781749f434e", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6fce01ae-2da9-4ca5-b217-3e6d8f09007b", "target_ref": "x-misp-object--b13126c2-6c1f-4311-ab60-d411f81690f2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b4461e10-3099-4407-a22f-c65fac0eae43", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8cab29e2-5471-4e6f-8cba-03c645f0ad5a", "target_ref": "x-misp-object--41d9ccab-aa02-48aa-ab67-c8896f3361f9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1fea6fde-166b-4331-96f4-7f9b7c27ebef", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e7018491-83b6-48a1-aa51-93df57b590f3", "target_ref": "x-misp-object--5cb084df-c303-4674-8237-aa97afecf9a4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e07b3f22-f30c-454c-bfac-1f7aeeb2df9d", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68b9968f-45de-443b-8299-dc750d617381", "target_ref": "x-misp-object--b72f4f4b-d1a3-48f2-a061-670fde18a5f7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03febe61-f49e-46db-9a76-43e40cb20c53", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9b4cbbf2-4357-4e8f-ae26-33269481bf84", "target_ref": "x-misp-object--45db8aea-a407-4e78-b0b9-ab2c702c6065" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--426122ea-9810-4e30-b9fc-96aa4f187bad", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d6b22457-eed6-4d5e-b732-90f99716391d", "target_ref": "x-misp-object--968e5b16-fffb-4839-8985-44ec199de187" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fc324ccb-be8b-421b-a650-160e2ea1fa3f", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6a5e8842-f40b-4d5c-93fa-27aab8c66247", "target_ref": "x-misp-object--4252292f-16f1-418e-bc6f-4136e41d34c4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ab1e7c38-163b-4f3d-96c4-5293eb7c9566", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fe7b840b-0746-4f15-b5e2-c2724a31afb0", "target_ref": "x-misp-object--c77341c1-5bdd-427f-bc06-695839e43ffe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a28d3f86-220c-4450-80ee-8941eeca4959", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--792ae878-47da-478e-910e-83ab193363f9", "target_ref": "x-misp-object--ea550ad0-34cf-487a-af08-c26076576a4b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7a772528-c4e6-47db-b6d8-97918f8e6969", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--79c73e7e-d39e-4082-a90f-e28f84cf3aae", "target_ref": "x-misp-object--cc868828-7f2e-42b7-bd44-bf6720650d94" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d49c102-440f-46f3-8b77-9cfd55af3bf7", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f989944b-ad68-4918-8627-6c73f89ce3e7", "target_ref": "x-misp-object--b0bfc06d-a41c-4026-8a6a-73ec7789424e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bafb9796-9442-42b6-84ba-79fb8c62e6e9", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3c53c632-de7e-41cf-a444-246d60627cb5", "target_ref": "x-misp-object--fa188133-68e0-4fe1-b887-c29a3608077f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--49c62b7a-783d-477c-9f09-aa29301f18d3", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--811f3acc-01fc-4343-b0c8-0c88fee826cb", "target_ref": "x-misp-object--d77e9949-c73c-4884-8b13-e42b494681a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c31c5efa-ddaf-4407-9af5-c106c40f583e", "created": "2019-12-11T09:17:57.000Z", "modified": "2019-12-11T09:17:57.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2048516b-a06e-4511-a074-769e60b4d1b9", "target_ref": "x-misp-object--e270fb81-2868-4e01-ae02-006bb56ab6bf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f185465-8e26-41b5-a086-7d188a659375", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2ea063d5-3da9-4c37-b761-32429100b994", "target_ref": "x-misp-object--76ffc2c7-5151-4fae-a2bd-64b87bf32ffb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7272e64b-08e0-4c16-9718-a1e2e15a45d6", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a59ea309-176e-4054-86e2-2b6cf6269370", "target_ref": "x-misp-object--826cbe2a-4f33-411b-98aa-d29ceadddba2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47fd1c0f-658c-47f3-979d-71b09eba9e4f", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a50d9267-5c10-438e-bd54-c9227c0a2fac", "target_ref": "x-misp-object--a73f542c-92e8-4f71-88af-aa96ac8aeb3c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25fe0512-b00d-465b-88c4-74d1c99ee83b", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b5ee0663-e589-4f86-a285-ae5f253a4372", "target_ref": "x-misp-object--e4be0c7b-a75b-43ed-b9cb-fa765780eeaa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--553313e3-1a68-443a-a80b-0a814eeb970b", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--703e20b5-a285-49e3-b875-f69c6bda2b2f", "target_ref": "x-misp-object--017e3262-94cb-4836-9d37-b898ec560f5a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d3b6fba0-b383-4947-b450-f570ef8fa005", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--95607ff3-30bf-4d79-ab38-35bffcaae0e0", "target_ref": "x-misp-object--2befcedf-2a62-4201-996d-456460ef219d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5eeb5e82-7c38-4af1-ac16-5f0e48365a79", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e5f853df-553d-40db-84e5-5d44443c0ac9", "target_ref": "x-misp-object--55ce3116-9eb7-42bf-b0b5-08a50c2f3e84" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--baf220a3-83ff-483b-920d-8a432debce95", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9e63164-4df3-4e70-b9df-d525f1c39b3e", "target_ref": "x-misp-object--f4053517-9fdc-43de-ad33-48cf4532a0ce" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc77a41a-8010-45c5-8746-c4cf88732f29", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--11a82cb6-d88a-4b25-b8c3-ea78a7d2f0b3", "target_ref": "x-misp-object--031c14e0-1d94-429d-a43d-418379e2e106" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98995eef-34d5-401c-88e1-d13556d65f78", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--912985d7-e6d6-440f-81d4-8d6dda944e60", "target_ref": "x-misp-object--ec51409c-24be-4755-aecc-23767b6fb830" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d31876d-654d-4573-817e-0eb804790f90", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--92e64b60-b791-4af6-ae65-a768d7dd4b86", "target_ref": "x-misp-object--fee6a89b-8825-4d28-9495-546fb2d908b1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--437211bc-c685-4788-bd62-c52a211edc10", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d00daf8-7db3-4c1c-8275-0adf44757068", "target_ref": "x-misp-object--a05cd184-793f-4944-afba-2d4324aa7bab" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1fe5f77a-71b9-47b8-bcfb-c04866899559", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dbe55622-c9b0-4ec8-884b-5ed210d004a9", "target_ref": "x-misp-object--01d3c818-a783-4f52-bc32-26bc2d9e26dc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--53c0ac77-34c0-42ca-91cd-d6ca2fc29e36", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--04b75cca-c00d-4806-87e3-3247296ea953", "target_ref": "x-misp-object--86eca76d-8be5-4d39-88af-7dc5d879477d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe2845d5-9bea-40bc-97e2-3f0e50a3bb66", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cbe76aa3-6d36-4f5d-a686-c2298c1f4504", "target_ref": "x-misp-object--588d9160-539b-4771-bfc7-6aabe09bd0fc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5fcddd1f-3be2-4055-bd40-7760a91bd0b6", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3a09bb37-eec3-4d1b-9e41-20762a731531", "target_ref": "x-misp-object--c01c4c9a-a410-49b4-bde5-52efb20221cf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--04ecaeb4-7144-42c0-a7bb-09b1ba92bd44", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e504ff3e-46da-4aa7-a8bc-7f0464cd214f", "target_ref": "x-misp-object--4aea2bb2-1381-4acc-b920-c260e90ecc75" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3b07a0a3-56c6-48a6-a9fd-a44783eff7f7", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fb0c4692-fa82-49a2-bc09-ecbc22668e9e", "target_ref": "x-misp-object--9146a4a8-cb4c-4b93-8c6a-f63fd451c46f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b67f998f-b46a-4dea-9b96-0c5bc644c16f", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cc0a500a-b0f7-4f79-ac43-727f41467b2d", "target_ref": "x-misp-object--793774c5-ce1d-4e06-a8d9-4d3795eb9e45" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--53945e44-b907-4e2c-af8f-d49ab3832a63", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--21de6575-e36e-4e45-aa23-54c3da749d74", "target_ref": "x-misp-object--0ccefa28-3e07-41a8-9c33-f6790da24de0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f0ef4775-357b-423e-873d-f7b9e96c8a16", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b5a4ca5c-d36b-46e8-9f2b-9122c2403840", "target_ref": "x-misp-object--e49f5e2f-84c8-411a-9531-2f810fc29476" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47818ce8-84cf-4023-ac87-b5d7ec55235f", "created": "2019-12-11T09:17:58.000Z", "modified": "2019-12-11T09:17:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a5503207-cc23-4648-ac81-6faef28c9580", "target_ref": "x-misp-object--cebd7ad9-b557-44d1-9ee0-92cde95295f6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c145399-a552-499d-ad5a-452a5bf1bf1c", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9ab29f6c-8c90-420a-ab5a-54356a3489e0", "target_ref": "x-misp-object--e5617155-752e-4667-9122-5277e51bac47" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9d59577b-6f3e-4c68-a039-3c5ed0672810", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ce3923cf-7981-4adc-a3bf-0e8fd340dbe9", "target_ref": "x-misp-object--f417ecb1-4728-4ca3-84b1-e8d39801de4d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6815009-bbe1-457a-a17e-8867daffddfe", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--51afc6c5-9417-458d-bac7-9bc3595baac2", "target_ref": "x-misp-object--b68cdb99-5f9e-46d3-9f51-2dc28f0fa4b8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7fc079b6-3152-4edc-b270-5c6823d8c82a", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7cd4670f-d35b-4dcd-bd9b-3ad0f9656c67", "target_ref": "x-misp-object--2bb66712-a7a4-438c-ab0a-20a9f3add41b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e542a5a-c9ab-4b86-bc36-c7b3f02d0938", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b8150ad7-0d87-46fe-a423-859cf8f3a3da", "target_ref": "x-misp-object--e61fb1a3-6d54-44cb-ae75-960669681b7e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6c71b994-c6db-41a4-948c-8e609f55ec4e", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8658e4c3-d242-46fa-9e30-a377c972aa27", "target_ref": "x-misp-object--ed6a57ce-6012-47aa-83eb-1adf17a1cd48" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c47e25ef-a1d5-495b-af63-c457789f5ca3", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--76d4ad83-bf9e-4a34-b0f3-face750649be", "target_ref": "x-misp-object--1af73b85-9b9e-48c3-87a8-a2f0ddd2d0c9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47a8a720-49a9-4188-9ea8-cddb4dbd772b", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5bd44dc0-9ce1-4c93-b808-9edd63a0562c", "target_ref": "x-misp-object--701928f2-a29f-459b-8a12-ea8780384c70" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e469baa-f6a9-4052-8744-733d0f39321b", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d636a4f-2779-44fc-9e5e-b771a0becc28", "target_ref": "x-misp-object--dff4ed7c-9449-4bd5-ac33-80c689df3ce3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--926a9ed9-13b7-4497-8877-641cc0925687", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6d00f453-c339-4ce6-9d89-6a99535a78eb", "target_ref": "x-misp-object--118d0b85-97df-48d0-8dea-b2dc5350e6ad" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9ecadc43-bde7-4151-8d96-d988ce9cdd8f", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--771a406c-48bf-42d3-8b02-aee08d35f04d", "target_ref": "x-misp-object--6e01b19f-072b-48f3-95ed-ee6ae14fcef2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d52a2336-db19-4bad-956e-f49397fe2e4a", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9588712e-97cf-429b-8ee5-0de0ec6cf2ac", "target_ref": "x-misp-object--d5d92559-46fc-4f99-9520-5bcf358132c1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30b28467-fe41-4fcf-a1c6-805f3f0601b8", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d56b00b8-8795-480c-87cc-4e229ebac191", "target_ref": "x-misp-object--67cdee52-5fbb-4ff5-a4f7-58aa082e62ce" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b6dbb753-816d-4aff-8e14-38189ccdb054", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e9d72436-9ebf-41ed-ae1e-9029ecc2c48f", "target_ref": "x-misp-object--24b6e7d5-9323-4686-8c86-98456f98f499" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0abcd15b-73eb-4e59-bc63-850a456462a0", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e1c0949f-3fdd-457c-a678-9a40c7ff23a1", "target_ref": "x-misp-object--40fe5ecd-bbf8-44ed-aa75-f300463ff28b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--221f40e7-c51d-4b8b-855c-6090343b519d", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--92564276-0cea-45f2-aa41-b9e181a9eab0", "target_ref": "x-misp-object--835be3b9-e8ed-479c-8020-5eec9a3d77ef" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d175ccf3-517a-4785-9908-7c5676639f7c", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a71a4ca8-5de1-4c88-86a0-682e56066cea", "target_ref": "x-misp-object--803358ce-285c-408b-9e90-c914b7760d9b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0043c1a3-3431-4d15-bf21-3a548ba5c577", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cdfadc4f-a9d8-431e-9fc7-9e5b4b98df81", "target_ref": "x-misp-object--83c5c1d0-4e7f-43a6-9c06-d0ed11674427" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24a18bd2-235e-497d-b58d-bd35a4da5a59", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--66790000-1165-43e7-ae30-76adb333f2b4", "target_ref": "x-misp-object--4c6d8003-f746-4b01-af91-6279d3a9e511" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec69c413-faaf-47e7-a313-c6714ef5bebe", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e124f8eb-d4d0-47cd-9734-d7b6c627f041", "target_ref": "x-misp-object--e1815cd8-7eac-44a5-b4e7-f10eadf09968" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--110b22f0-7d70-420a-b51b-3dff844fd575", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6df16b19-c9ad-479f-bb73-98e47933b4b1", "target_ref": "x-misp-object--65ed45ea-d8a0-497e-be76-7b65ad16e7ae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c91f96c-20a6-4a8d-bd7f-cb38644c5a47", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aae2070a-93bb-44d1-b5ca-d7cc8f8c15e1", "target_ref": "x-misp-object--5abeb690-e725-4e26-8208-787592f0f1b4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8ccb24c-1e31-46ba-9c44-e00fd7f96410", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--49eeb9be-1ac5-4343-a6a1-981e07e76921", "target_ref": "x-misp-object--b24a4e92-c146-44ad-93c0-56ddc0bcd972" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da771d34-6dea-497d-a14a-e0ee3889cf88", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a4d2e885-37a4-4cdb-b556-03fb55ffc38a", "target_ref": "x-misp-object--7f67077f-37ac-4bcb-b5d0-e39f3200aa4c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2375ffc6-66dc-4d00-9cc2-c0138f93955a", "created": "2019-12-11T09:17:59.000Z", "modified": "2019-12-11T09:17:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cf5814e9-d3a7-4a6e-81ac-a4bc952b9598", "target_ref": "x-misp-object--30e6c4a2-b11f-4ebf-8f73-7c4b88e31fde" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7358c7bf-3636-4a32-a00d-2a0fa25d7c6f", "created": "2019-12-11T09:18:00.000Z", "modified": "2019-12-11T09:18:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--60718162-7fb8-4b61-8e86-d67989c5a68f", "target_ref": "x-misp-object--d4eb6be7-83c4-423b-a48f-b4441352f138" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5a19c5c-e798-481c-a5d1-8f1b8a8f2b75", "created": "2019-12-11T09:18:00.000Z", "modified": "2019-12-11T09:18:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4e358fe3-3b73-456c-8de6-16ea58413da9", "target_ref": "x-misp-object--05703f1e-495f-468b-a6fc-270cf1f16f76" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e47a158d-b9cf-4149-88dd-b7b906a4cc4f", "created": "2019-12-11T09:18:00.000Z", "modified": "2019-12-11T09:18:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b8e369fb-f4ee-4a34-bb02-3517f677f58b", "target_ref": "x-misp-object--40abe2ca-14db-47c3-be79-1cc5cadec350" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e3b7a75d-e205-4615-a720-68c94b764b81", "created": "2019-12-11T09:18:00.000Z", "modified": "2019-12-11T09:18:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--da8863b2-b371-4638-99d5-dba8ed6b7547", "target_ref": "x-misp-object--d48383bf-a7a8-49f2-a317-458f5135c42f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d17d669c-4209-463f-b361-b84ba9586735", "created": "2019-12-11T09:18:00.000Z", "modified": "2019-12-11T09:18:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6f5efc3c-a86a-4c53-90d2-f40b9b6e0561", "target_ref": "x-misp-object--b5497f51-98b9-4ab4-b1ba-829ff0a67a2f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd01f085-48ba-4a78-b9eb-b22dc6971232", "created": "2019-12-11T09:18:00.000Z", "modified": "2019-12-11T09:18:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d7114461-2135-4f55-a0ac-839e7873665f", "target_ref": "x-misp-object--22699978-01ec-48a8-8388-6b6bc9793dfa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4869c968-b0db-4f11-a667-ccf37ebf7d49", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--87e201f2-9162-440e-a953-12c5daea9c25", "target_ref": "x-misp-object--204a06dc-125a-4ade-9673-6385e113c794" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f3c6b75-4d68-4868-a1f1-c60838f225af", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0b6a50ab-f744-41c5-a7f7-300cec021f20", "target_ref": "x-misp-object--c970f396-119c-4222-b0cf-76fd8564f7a1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01837a9a-fd94-4d7e-97be-c77d5ab09b8b", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d6c1bfd-c5c0-48e2-844d-3fa7b1827af6", "target_ref": "x-misp-object--f228630c-9773-4179-adff-a48f7cec0f97" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35f26b3a-7ffe-47ae-8a05-6634f618bd05", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec79408a-e990-4718-bd7d-75a9f4fdb706", "target_ref": "x-misp-object--b963ea7e-e6ef-40f4-81b8-22568807c1c7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ca2f13ef-5ef0-4ce6-ab2f-31c22f981a17", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--92b2a253-ea2e-40e3-809e-92184164dc01", "target_ref": "x-misp-object--6c701979-b232-45ca-a78a-a23622e497e7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--465054e4-6f0b-4b64-847c-684333a42242", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--853405ee-f996-4132-af00-959e61bfe8e9", "target_ref": "x-misp-object--b91dbdae-2b3b-401c-ba36-e8a9320fbed3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0055f0a3-2d6b-43d2-9a52-8134ea92d0e4", "created": "2019-12-11T09:18:01.000Z", "modified": "2019-12-11T09:18:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dcda9e06-88e8-4217-a09f-dc647e46e65e", "target_ref": "x-misp-object--29edf574-988c-4686-aca5-a01b9f33ba91" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1dc67a24-acba-4ea9-9835-15a89a79bbeb", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dcd28e92-8066-4ff4-b055-191ca78b8486", "target_ref": "x-misp-object--16df8b30-00a9-45c2-8223-6e76ed652385" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d5f2bbd-3c21-49c6-a7cd-cf316be13901", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5f12e532-3625-439b-934f-80a21041e6c9", "target_ref": "x-misp-object--c91a948f-cbee-47f6-bb9c-628c67aa0532" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72eec1b6-a16f-4151-bc59-15646311006f", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4edc7773-8cef-4ba9-b89a-9a78d66ab684", "target_ref": "x-misp-object--6829fbe4-2201-46da-a95b-da4a68e290bc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef05a302-3449-430f-9c2d-f589dd02eef0", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--995a7853-9b67-4488-9db9-f8eb3240c136", "target_ref": "x-misp-object--500e591d-65c4-4d06-8bb9-dd335e43fd56" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54987c3a-a9ae-4ba7-b1e7-a019a42bf6cb", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--87be7c75-1120-4806-a175-4343f80793c4", "target_ref": "x-misp-object--bbd29299-8016-4ec7-b5d5-b7a13ef57670" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--260bcfe7-1fd6-40a2-af08-c07e052991d4", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5b39cbaf-c11e-4c8a-8b8c-dc91948a4b2b", "target_ref": "x-misp-object--d599f193-3395-4fa5-9806-26bf4cea5c41" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b14d82b-7964-4a3f-b31d-468ec127248b", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5bfcdfc7-5c40-445e-b378-46929764eccd", "target_ref": "x-misp-object--341d4026-5090-4861-b225-d306d1177ea2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54909178-2096-49be-87b7-f8a34dba5b00", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ca84aa69-d149-46cf-bfdd-11623cbbc9a1", "target_ref": "x-misp-object--5c4f6358-07e1-41f6-b1eb-28882358c0a7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d689ea65-af4a-4281-9d76-bb50ce57c8b9", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ffc627d6-146a-4114-9309-4070796ebe8f", "target_ref": "x-misp-object--40f54b0d-7ae1-457b-8c11-454d858024f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7bff7d83-d56e-406c-891b-f3cfc1819490", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bc3bffeb-184a-4e00-9879-3bf00bea009f", "target_ref": "x-misp-object--64672c5f-fe7f-4193-9af6-73aaed39d01a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c4abdbeb-9a46-4cc4-8332-2a40daeb107d", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--37e3db40-5907-47b5-839f-ec72520222e5", "target_ref": "x-misp-object--ff50118b-23b0-42f1-bb98-b3838dcac4b8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e34dc3f9-bdf3-4f2c-bb78-99d8ef71a182", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4e1b4cbe-8bbb-4494-a91b-31e2bca2e0ec", "target_ref": "x-misp-object--543e7e9a-349b-4cf9-bdca-8a0e4e3aeb83" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d37a00ea-0b90-43ba-b2e4-c45d58ce8cdc", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f1544ebb-6bed-4e66-a981-54b89d137019", "target_ref": "x-misp-object--b4b1cc7a-2025-47f4-896c-4994f9415843" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--971f369e-c3d7-4b3f-a6c7-a924531ddb62", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--66d3ebff-87c0-4e11-8e47-3b1728bd0a30", "target_ref": "x-misp-object--8770a5ba-82b8-43bb-bc0a-90265aadfad9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35d8e5b4-f592-483d-af0f-e1e7c07341c0", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--347e854e-079b-4802-897e-d55cac01354c", "target_ref": "x-misp-object--ab50559b-977c-4921-85d3-be33babde326" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--00832bdf-82c2-4e23-add1-02dd2d979139", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6742f631-878e-41a4-89b4-15eb2ee3ba79", "target_ref": "x-misp-object--1aec21d9-7e0d-4052-8d93-c9c7a1ca1b00" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a7b3af95-73d1-4e71-8662-4809993e94f9", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0802a423-f23f-44a7-8a82-ca2642f437fa", "target_ref": "x-misp-object--fad90066-9bb1-47d6-bb1b-7a77784f2739" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--997e78d8-8ea3-43ea-9597-30146ae16c38", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c0f22fd8-caa5-44c6-aaf1-fa5814db7c29", "target_ref": "x-misp-object--fced3284-f0bc-4407-8b21-e26732cbae88" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c62ef5f1-cba7-4728-b3b5-a18af45d2d38", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f750cbf2-ce34-454f-98f4-f6fdde8fbec3", "target_ref": "x-misp-object--06cc4d37-a03c-4523-bfca-3b62b5ac3618" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--01ffa936-31a5-4ac3-a76d-dffc4e03e0ab", "created": "2019-12-11T09:18:02.000Z", "modified": "2019-12-11T09:18:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f27ffa02-ca85-4ffc-9d0a-d8f10ee9f08f", "target_ref": "x-misp-object--4b509471-e9a1-4881-95a4-aef78539177b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--79977d3a-a2c0-4293-86b6-523b28aa851e", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e7397a20-e912-4960-a191-ecfec70aff18", "target_ref": "x-misp-object--556043f5-281e-4848-91a2-9aa85e3a8c1d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dec5360f-8b35-4485-82dc-a6fccb5cd6b3", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fc4dd3f6-2b8d-4b7a-b668-05be37166b6f", "target_ref": "x-misp-object--91742e2d-4b6c-4a6a-8572-1a33f5b66383" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77e7c81e-05f4-4d53-b2e7-a078dd5a9d34", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0d635259-0a09-4cb9-9288-79215da8904c", "target_ref": "x-misp-object--c9e45bc9-c121-4773-8fa2-98776492baa5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4d70abac-b53c-4281-be67-5386999810b2", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fbba8bfe-e2b5-4c49-9566-d663036dbfe5", "target_ref": "x-misp-object--511b7be9-e361-4374-b0ea-3f7e8fbd80c6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cef6ca94-33bc-417a-adfa-77ca076fe1fd", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--390023c7-060e-4856-bee5-0e1e817eaeb3", "target_ref": "x-misp-object--dcf3ddf3-be51-4573-9d8f-22ff6e475120" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82690d6b-a1ab-40ab-81af-9d9e09276a67", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cf030cc3-9f11-41be-a3d5-5bb43972f2d7", "target_ref": "x-misp-object--28f8ef49-f459-47d8-844a-3ca98d72d604" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2f11b2d-191f-4513-9d14-d7699c277821", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--49ea3782-8d97-443b-b549-362ff8d11df8", "target_ref": "x-misp-object--29f28d31-ab8e-4eb8-bc0a-0bbcf7e9e078" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0740e18-94e2-4183-92c6-78912c43aac8", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fd08e4b1-817b-46f6-b5b6-cef63cbd0916", "target_ref": "x-misp-object--44ff5482-47d1-49fe-8d7a-756fffe06448" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7468820b-d644-454a-a598-2f9caab6bc06", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f59c0559-e449-49d5-b744-2ca87005ed03", "target_ref": "x-misp-object--8abbde30-d6a7-4f02-b021-3f759b76aaa3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2f23485-c319-459a-91e6-1d067d566764", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--433edd6f-8b51-4930-a303-ef7182bdd062", "target_ref": "x-misp-object--a1af993d-3e48-4c1f-b0e2-a7662fbc2561" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dca97328-8b6b-42db-b828-b7b4c31aecdd", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e4358cca-2e7d-4887-b45a-95aafe27e443", "target_ref": "x-misp-object--9c81e46c-d140-4e77-9114-25e385fd3439" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd193a29-e2b7-4ca7-8c78-f9d3d2fd4d96", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e51053e7-eac0-4122-b4a1-4fb362590a52", "target_ref": "x-misp-object--253c787f-cccb-4b0b-8a9e-ac9986485b34" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd2a900a-2e2b-4e52-8193-b98b1aa4015e", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b9b31733-b0b6-487a-9c37-e4ee40bae3a0", "target_ref": "x-misp-object--c965737b-60b6-4b4f-aee7-83508d341199" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--08a45b49-efa1-49dc-938f-1d20017cd49f", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--73413171-74ab-4bc5-809a-b48278e48791", "target_ref": "x-misp-object--89d6b195-c0bc-44eb-b981-fa928e93c985" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33834ed7-990a-4a0e-b012-2bca51b8d8a1", "created": "2019-12-11T09:18:03.000Z", "modified": "2019-12-11T09:18:03.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--833cf2de-3176-4bef-bfc5-e1957f91f345", "target_ref": "x-misp-object--bffca5a3-f581-4bfb-b887-0fa4ab93529d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--99fad6db-c48c-40da-91c9-a5cc0c77f08b", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9ff168f6-cabc-4940-ac70-b6721693196d", "target_ref": "x-misp-object--dd6819bb-f333-4dc4-8444-46017b82edeb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57d76f83-553c-41a3-89c9-19e3908a6af7", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b58ce546-ad9b-4543-9cac-c40fed7ad12c", "target_ref": "x-misp-object--6b6be089-fb35-4a02-add1-6879c84503b3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5cf975a0-b3b2-4e2c-910e-a6f7001a9d58", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68ab1dc1-97d7-4324-a850-c61b41914184", "target_ref": "x-misp-object--0d7f48a7-9d64-4d2c-93f9-7783f3c712c2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--414e2740-dcc9-4078-b8e6-671fd0172e1d", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--02f546b6-230b-46bd-9dd1-1f0796744045", "target_ref": "x-misp-object--c32e1e82-252e-420f-94d0-c018ff0ffaa2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--357a7593-5916-448c-b55e-2ee14b21d581", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--865a96d7-07a2-4448-b542-395de055c747", "target_ref": "x-misp-object--3b97f4eb-85ff-4981-b88a-62c62ca0e62b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0645170-34d9-4c2b-9d6b-6fc456343779", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--02eeba7f-705a-4125-88fa-8e4923d5a61f", "target_ref": "x-misp-object--18c7fd1f-7ed4-4efc-b3cd-70fdb06189d8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f173512-e2d7-4e80-82cf-d0f7194ddc3e", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e2c30a2a-c656-4741-9d56-e361a22c15da", "target_ref": "x-misp-object--179036f5-708c-48d8-8712-c87f2f35ce2d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57e62f34-6b52-41a5-8a26-2ca841d5822b", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0e5bcca4-e030-410e-9c95-ef622e38167c", "target_ref": "x-misp-object--57fe645b-611b-4634-aaf5-9736d2f7512f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd89fc7c-594c-45aa-a753-ad68a993f7c8", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ef9ea3c0-0b45-4e2c-88d3-b0c4afa71389", "target_ref": "x-misp-object--285921ca-386a-4821-bcdf-1ca48d14ab28" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fee681c2-fc2c-45ee-83bc-936c40892570", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f632ffbb-fe0f-4b7d-a6bd-9aba0218708d", "target_ref": "x-misp-object--7359d420-7e56-4c90-bd7a-97f8c96c3fc7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--238ffd9e-6546-4490-83ee-a0cd2460de02", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--52e1b715-63da-4894-9e90-a1ababb25d07", "target_ref": "x-misp-object--8910927f-2b82-4e20-9142-364070f878da" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7090600-8bae-4cec-93b7-6139a430e7a7", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fe89bbd5-e34f-49b3-8b68-ce51d82a0552", "target_ref": "x-misp-object--f9b41a2c-03bb-4fb6-b971-36b49f7dee14" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fbc4accf-24b8-443d-92e8-2ce754330a98", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--058bacec-120c-47b3-a012-988377948f34", "target_ref": "x-misp-object--36fac7a7-808b-46f8-95d6-b637bbe18361" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c667134d-ec7b-40cf-8669-b8c8bde5ff1a", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--34c7f1cf-9c69-4a94-8048-eac6dbfa2fdf", "target_ref": "x-misp-object--a0c68808-b067-426b-8c86-bb17f86624d2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a4777e0-7e82-4510-a23b-227759c559da", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--20d8f135-5262-42fc-96e5-45d58f28e490", "target_ref": "x-misp-object--faed525e-6cae-465f-94b1-78ed5816b3eb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--85d6838e-32b2-4d01-8fef-ff67a083917b", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d03f098b-2e04-4fa1-81dd-56b75b20b877", "target_ref": "x-misp-object--ba74af6a-6f09-4d21-8a4a-18b6704151aa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7f3f94c3-07b6-462b-b086-7e0614a1b6a3", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--30ffb310-60df-42df-b35e-80ddfc891d0d", "target_ref": "x-misp-object--33d540a4-2645-49b7-bdb2-ff74d2a68a12" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3272bcdf-b23f-4623-8a4e-245d2f8f5fe5", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--69ad7ddc-87fd-4aff-9f37-6590316bd742", "target_ref": "x-misp-object--ea1baf81-4893-4970-9437-75572e348717" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0b13e0e2-c41a-4bee-b80d-428d44a33766", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f8eb9b50-76ed-4eb8-9826-12f72a7c5260", "target_ref": "x-misp-object--c4fdf570-3629-4b1e-944a-155f5c54f20b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac55f2b2-2df6-4b26-b899-c09cefa083ff", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--59ef410d-f214-4619-84e5-a441cf642aad", "target_ref": "x-misp-object--efce9314-bc8d-4a28-9926-69401d823d6f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a3eb6a5-21f6-42ea-85be-34e09483bfb3", "created": "2019-12-11T09:18:04.000Z", "modified": "2019-12-11T09:18:04.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b18c4fa-c251-44c3-bbb0-16203a07ba72", "target_ref": "x-misp-object--dbfc2cb1-1ae2-476f-a72c-d7beb9e77ec6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8027f8e5-f464-4091-94bb-3190caa3afa0", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b582897d-0656-4ff5-bdda-eeed85d5818a", "target_ref": "x-misp-object--4b6862a9-0ab2-4c83-9386-aacd572ee6f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--71fd1188-85c9-4ca4-847f-0c67451d4585", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--db1ed8f2-c742-4725-b847-d099864c4db0", "target_ref": "x-misp-object--b2177994-2d20-47f8-b480-8aded52942e1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a25caf86-1286-4f7a-87db-a3bd108a63ab", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--97847982-368c-4a03-a8c1-441ad84613c0", "target_ref": "x-misp-object--b0f3da7d-4277-44ee-9202-ffae44b71da5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--734cdae2-8ca5-49d9-9005-0b242d75235b", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1f1622e3-4b08-4970-bf9b-8ab7a3e432c7", "target_ref": "x-misp-object--41c7d3c8-ded2-4c65-b002-60136f8eae1c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--060c4a85-18a4-4f01-93b1-b3bfd433b6de", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f5a90394-db82-4471-8e8d-4db079f7e7b1", "target_ref": "x-misp-object--cae7ba7a-da53-4120-b59f-b7e8c4e47cd5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a25621d5-cc2a-4a89-ab56-fa45827992cc", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--53a1fb49-2212-4701-a6e6-3ca822352ab9", "target_ref": "x-misp-object--ee991046-2a8b-402f-a917-1f704f429029" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c01c786-15e8-45cd-809e-c9f59da01a80", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5512cc85-e982-4144-ace3-81b2e289fbc5", "target_ref": "x-misp-object--c461ecd4-af71-4fe6-b511-38f1f5e4e326" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2855529d-c84d-4067-98f3-ee7708022b26", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b5733791-0a50-4f85-b0f9-c1c5e8e45ca6", "target_ref": "x-misp-object--fb6e6769-e229-4b35-b8dc-151e22070f2f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c2b57c9-f2a8-47ae-8fea-ac2d8415261a", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--843fee68-0293-4764-a937-af5de8e097f8", "target_ref": "x-misp-object--a0fd2f59-19d7-4303-b65c-8ab271666a8b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee74452e-78b2-4008-a222-4e11871721c0", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ad9a1f53-356a-49f7-bdc2-a6fefab36e80", "target_ref": "x-misp-object--1a96e2ef-ba18-4a69-badf-760a9efd9a94" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d44591fc-d295-4f72-8984-9e98c35f1016", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--77f1a4c9-2809-4734-a95c-d1da6258502d", "target_ref": "x-misp-object--ebfdd4d7-ce07-4499-a795-358cb4c8304f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0eb193c-a369-4876-a4f4-fc6e400435c8", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--58242813-9dcb-4652-8f0c-89a3f8f0fa5a", "target_ref": "x-misp-object--0f9fb0de-2c25-4ae2-90f6-9860a8755eed" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0dd10649-dd02-43cb-99db-6c6118afd430", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5eb4789a-68b2-4326-9701-beea94a87318", "target_ref": "x-misp-object--d08edf4c-4105-4c8b-9ff2-2a86ca3e55b7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2cb0772a-9935-4539-836c-8ccc4264c70d", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--81313716-2908-40cc-afc1-69a373c5f08b", "target_ref": "x-misp-object--8212d8ac-4cca-4eac-b678-6346fbb79895" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f278e32-ce44-4d5c-b344-2dd0ae7f7622", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--52f91f3a-83ab-4a57-bb43-4dce436633eb", "target_ref": "x-misp-object--d1d5d919-bf56-4eeb-947a-904985b078f5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--311a4114-a3d4-46ed-8e82-d470ab6e1bf5", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--453546c0-85f6-4be9-8dcc-d1bce32a66fd", "target_ref": "x-misp-object--d73824bf-8527-42ba-85e2-0cecef9a56f7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4d5199d-bf18-4fc9-aff1-a9b14f93a3cf", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec35b74e-09b2-4023-a42c-cd4c03ce65f1", "target_ref": "x-misp-object--7657c0bf-49ee-419b-8f48-91a7baca55e4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dcb8b500-06df-4637-b279-5c8ee076652e", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6bef3e87-fc5f-4cd9-8e13-630858d8c597", "target_ref": "x-misp-object--9582f930-237f-4d6a-95cd-f02170e86da9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--735b44d5-2e68-44ee-a501-f3e58e0d01aa", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9b1f60bf-71c6-437b-8d6d-1a6b8d1a12ea", "target_ref": "x-misp-object--407be71e-132a-4b52-b977-c571e1dc13d6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d115dc4-d7f5-4e35-bcc3-d5e823260dda", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dcb1f7ef-4e2b-4be7-8211-1547ed9305cc", "target_ref": "x-misp-object--bf704e96-c15e-4eea-9d24-8085c659cc6f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--61fe2626-750a-4aca-99bf-e7611b78fd24", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--86c58388-e9f8-492d-97c0-18c8b31b9793", "target_ref": "x-misp-object--c11a9cfa-5986-4160-8fd2-de980114fcad" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2ec3198-cee5-462e-a298-e940a8906cd7", "created": "2019-12-11T09:18:05.000Z", "modified": "2019-12-11T09:18:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c998b408-f43c-41cb-95c0-2a783c244a17", "target_ref": "x-misp-object--906613a8-9ba7-4e57-bcfe-dbd2e48705d7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b8f6f00e-ecdf-45a7-a041-98e24cf1c8e8", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e62278a5-9c99-4067-9c30-d19dea8912a5", "target_ref": "x-misp-object--7f4685e6-11ff-44da-83ee-18d216c61e85" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0259839d-1ac8-4f29-af46-6ff059c27ce7", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ae7a8ab0-c3c2-4429-8b07-f035b3b56f0f", "target_ref": "x-misp-object--04cae305-5c94-4f59-a0c6-8ed1a49accbb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e994bffd-de1b-4c12-9f3b-c326f78e2825", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d807e00a-0236-4b9a-b492-46fe9ac63458", "target_ref": "x-misp-object--261076b1-5676-4375-acad-1842a29b5769" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1644f3c3-0d71-4118-94d6-93eac1993922", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--43cb2dd3-323a-4782-819d-1eaf7c480862", "target_ref": "x-misp-object--3c4821d7-a588-4682-a5d7-5e36c8f0f783" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e73019d2-3577-4126-9f76-66f24b86ccb0", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ff194367-6c13-4a6c-a833-2db3884542ca", "target_ref": "x-misp-object--f4909c2b-72e3-4ccf-88c9-a681b1d7bd5d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--896d2d6c-1654-4d4a-a59e-1f97a28a8af8", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8a0e84d4-35bf-4663-a96c-b7a0b8d738f5", "target_ref": "x-misp-object--1a713b5f-e818-45a3-a0bb-38b0051e7cb8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d6899d10-c281-4459-a76f-e66f8e844c36", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b048e551-b041-42c5-89ba-6b693421ed49", "target_ref": "x-misp-object--0a043ed1-ce60-4bae-bb7a-231dd60e2888" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9aaa9b6d-4e2e-4029-9ff6-53550d17cf97", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--932f5a4f-3614-4a5f-b91a-bbee7c97a5d6", "target_ref": "x-misp-object--c3077bf7-1383-46e6-92a1-e41279097a1c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--083af6ab-ebc2-470c-8bfe-a5271a164e01", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1941e2e-0bf4-450f-94c5-75a6f82f374d", "target_ref": "x-misp-object--8cc36cd5-a417-45d1-a01d-964e17af8489" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6ff45ea1-d248-460e-9d91-c0a1d29be34d", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--00ba63be-8575-4111-986d-c44f0481c130", "target_ref": "x-misp-object--cfc64d8b-9351-44f9-9a0a-fd4961e5beee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--807952b9-c6cc-47db-84b8-c93c3317a2e3", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--831fedf3-d85b-4369-a431-f06b3e36836e", "target_ref": "x-misp-object--faed2832-7661-4f42-856a-d42dc47c0fbf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ed2afeeb-ebf1-4bf7-b3a6-52880f4295a9", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b65c3e8f-b07e-4fa3-b209-3185df28dd88", "target_ref": "x-misp-object--d5ed534d-2134-4104-9308-430c61cd2074" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a88c477-c526-49af-a83a-375c42bea4d4", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7a706a8e-eb20-4d6a-8613-87f5824e2c6f", "target_ref": "x-misp-object--c73ef637-3ed5-4a0d-8614-0b16c828b411" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9cb47625-d74a-4ec2-994c-c4cf7d3e3154", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--77f1a696-029f-45b8-b1b3-1c0ce9e75559", "target_ref": "x-misp-object--1e0e74b7-0b03-40ee-b237-7c6652d65438" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4b9616c-b616-45fe-9aab-98f35b3ccd6a", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--008b727f-237a-4e1a-a0ab-ed4b02d30df9", "target_ref": "x-misp-object--c6a480b1-ff07-4d8d-9ee0-e3df961ca4e8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--974185cf-9de9-44e5-aec2-611388752f80", "created": "2019-12-11T09:18:06.000Z", "modified": "2019-12-11T09:18:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--36adc039-a5ab-49c3-b37b-eab8cdb4fb20", "target_ref": "x-misp-object--d1602636-27b9-4ccf-8005-c67b24c76d5c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7dd5fff-f887-4227-9951-e115306db37d", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5168c613-2cc9-4859-bc2f-d5d1377e98e5", "target_ref": "x-misp-object--3504dd66-01cb-4f36-a5ee-ff65bfee9302" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26bfe85d-6cd4-4530-ae1a-6481caeac707", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f56a8d7a-95cc-4718-849e-8b33a6b96dbc", "target_ref": "x-misp-object--d0b9f398-6696-4921-a66e-b12a8f295db1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d3e331ce-3835-430f-9ee1-e3cef610fe70", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d6c96963-fe0b-4238-b04c-5d4d044a9ab6", "target_ref": "x-misp-object--a16c85bb-640b-4908-bb5e-12b09c2049f3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0fa2200-07bd-4e9c-863c-4dfde79b5257", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c642837b-e171-4b1e-84b1-e1bfe9234bfb", "target_ref": "x-misp-object--ed70f2af-596b-4afa-b2c7-93e22671eaf5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25e02809-b4ff-43c9-875b-364d9910e42d", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b6e3ab22-b8a4-42fe-ad55-6c4f84bab692", "target_ref": "x-misp-object--00f54809-a40c-472e-957c-ad15462306ad" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d8b4181-41cb-480a-92ce-292f036f11f2", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dc085cfa-a323-4109-9723-2856e2449668", "target_ref": "x-misp-object--f9c8f4ad-22b2-450c-8d06-7c4894196c2e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e03723f-4033-40d4-be90-78ef7da81380", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6b2a9860-0ea0-4e21-b39e-5b1329c1e165", "target_ref": "x-misp-object--b260df0f-3c44-446a-8498-c28ac402bc01" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d6672fc8-290d-400f-9967-20eaa143d0a4", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c0873cbd-8da2-4175-9b01-88eed9046eb2", "target_ref": "x-misp-object--6989c742-4270-4198-aa06-694b87a09813" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3de805b3-bec5-4767-87db-f34bc1df01fb", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--70235016-7a6d-437e-8007-cd94349b2bc8", "target_ref": "x-misp-object--e1eec834-f129-46e4-a494-49343a144561" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2058249-88f7-476f-9d0b-ac7473b345a8", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ba57e38f-7f2f-4163-ad57-a9a005307876", "target_ref": "x-misp-object--205e85cc-875c-4b50-a5b4-0bf576867dbd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe432bde-0f38-414a-98be-87d17c2c8e18", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bca2087d-843c-461d-bdf8-43a463b026ec", "target_ref": "x-misp-object--1cdfef9d-352d-411d-9ba2-053c1034a71d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--291b08c1-c00e-406c-9f7a-b278f4cb84dc", "created": "2019-12-11T09:18:07.000Z", "modified": "2019-12-11T09:18:07.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c1f7716-5cc5-43bf-8e10-fdc7ab9176c7", "target_ref": "x-misp-object--f6d96fde-762e-49b1-b35d-41ab311856ab" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--85186b26-061d-4bb6-ad8e-ba9802a80465", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--654af31c-3b70-492e-9fd4-3c392cd1b3a2", "target_ref": "x-misp-object--696418c6-786d-4db4-a076-f8afa5b4e9fe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--170c4cc3-558c-4b45-8419-d7e232fc4583", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3ca33392-186c-402b-9a1c-24980c78cbae", "target_ref": "x-misp-object--1fd1d2cd-4aae-4483-b0b9-4d398e35e257" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--742039c7-63cb-42e8-8f14-ee4c07e138cb", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f335ec2-b6e3-4001-ad79-be53421c0dd9", "target_ref": "x-misp-object--e3bc4c3e-33e9-463b-858b-d26d2f608ed5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8706bc49-510d-4fde-adde-81b70e85eb19", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c1bcc19c-685d-4c4d-98a8-66df5a4e5458", "target_ref": "x-misp-object--a35d6b3c-56bf-4d96-976e-a9923a94b8e2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--654f7c7a-7e18-4521-bc03-49b38dc70482", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--71247c37-a80a-43c9-91c3-11f4eeca4487", "target_ref": "x-misp-object--112dff7a-2e72-4795-b911-2f4686040178" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e41898ed-8ea9-4710-879b-15059c7bdccf", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--856835b4-8600-4040-a650-befc7b4a0bd0", "target_ref": "x-misp-object--d105ccb8-9e5c-494e-aafd-c43f57ceff82" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fd91586a-04de-4749-b3b9-ef78b72ec420", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--57bc967e-3d44-4753-a154-4023da3698aa", "target_ref": "x-misp-object--affae7c8-303d-4636-97be-295bf6d84136" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5b1419e-fb00-4264-b5a6-9dfc49049327", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1041116d-b2f5-4a15-9af5-70780985d5bf", "target_ref": "x-misp-object--0063f070-f011-44b3-9b1c-5090f08fbbd0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9d2885c1-1b5b-4af0-9532-1fcb8e052de8", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--61d882b8-8aaf-4725-8a98-000b110bd374", "target_ref": "x-misp-object--7fecf5c4-77ba-4c00-8600-54d5cc570987" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6671afe5-f7df-48da-afdb-a73cad3b4d5d", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--74b7eac6-edc1-4719-aae0-30242c74d51b", "target_ref": "x-misp-object--febdffe9-4e17-425d-a8d6-4c51cf33224e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d7ef229-0680-4a62-a3b6-e88795fe658f", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--026b2ae0-605a-41db-9cd6-dacc072e20d9", "target_ref": "x-misp-object--cd56979c-e304-44fe-a86c-d0f0a77458f0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cd1d5cc-a2e7-4286-87a2-133c95c07b22", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8dfc28af-b55c-4152-a857-ab4522899cc2", "target_ref": "x-misp-object--4bb02d38-1f1e-48d8-8898-c7f2da8af6e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--adc28268-ba7a-48b6-b1d6-e1be91652007", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3f2e12db-da2d-443b-b757-4e9e6c122ea4", "target_ref": "x-misp-object--82cce140-33ee-4095-921e-fa0543e21649" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1ff80a7e-410d-4765-a583-2e8c588dd29e", "created": "2019-12-11T09:18:08.000Z", "modified": "2019-12-11T09:18:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--088e3039-07ee-459d-bd4f-bf7bad58d503", "target_ref": "x-misp-object--9f601c7c-affa-4785-afc2-07685120de1d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c796c860-0ff7-4f42-b7f3-606f7c0d2c52", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--83763372-bfd9-44aa-aef3-8d6a920e5a19", "target_ref": "x-misp-object--f5219ac5-1d9f-44f0-8bf8-99d584556215" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b3c1ac8e-eb64-44dc-a142-b607119cb652", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ae3f4f6d-16c6-4318-b5f7-3a6c402a4a2c", "target_ref": "x-misp-object--ed048d52-bf53-4d0a-9478-efca6df1480c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--59570721-ec7d-4f0a-8d61-40e57c244144", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--041cac35-8f8a-4d5d-8c22-26d97e5cd563", "target_ref": "x-misp-object--ce1ec435-a136-4044-b63d-e54d61f51cc0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cb81ea9d-aa52-45a6-9e68-79d77e312ca6", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b6f8a3fd-f37a-4e40-8387-00794b62d42a", "target_ref": "x-misp-object--da743998-d540-4881-84fc-a6a575f5db2e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--646a5770-639e-492b-a162-37a4cc63e764", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--da8034b7-1e05-4bde-b6f3-50cb76cc4265", "target_ref": "x-misp-object--4449d6fd-d5c4-4293-8428-63cb879251a7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62a2b314-57c6-4700-8b90-dc8eb7d36e65", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fe376ddc-500e-4ea3-8c7e-167ec34ee510", "target_ref": "x-misp-object--4d31d75b-99ce-4d4b-a809-d8d388cd62ba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc6f6953-4954-406f-be8b-04848128cfef", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aee0911f-f964-403c-a401-916850604e44", "target_ref": "x-misp-object--2fe8ce5e-b959-4d89-a2be-c0b3fcba2c8b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dcd51a42-ea1a-49fc-9d4c-9422c9e4c183", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d36921ed-1ed3-4be6-a86c-cecd0f8c20ce", "target_ref": "x-misp-object--4503ece2-4b78-46d2-9eea-01163efdb49a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5cdbad6-d8ad-4e6e-9718-d3f49e06589d", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2309d986-99cb-47bf-b20d-d68ecef7b21a", "target_ref": "x-misp-object--162a8c04-99b5-4545-9711-75dee6b7a5fa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c2a15279-4c21-4586-a01d-19d9c42d928e", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f48ba5ba-6b66-4b53-bb02-44c685a0e83d", "target_ref": "x-misp-object--397bc61c-fafc-4997-b517-4c6c32db23fb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--168d938a-66f3-4a69-af93-69e188544526", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d36b9aa9-8f5e-4981-a5d4-a8f05b1ecc84", "target_ref": "x-misp-object--3d521726-abcb-4392-a9b8-11d0e3884bb3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--30d40be6-f7e1-43e6-86bb-a6054c67537d", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--22e4556d-5608-4560-bf28-36060ff2edc0", "target_ref": "x-misp-object--5a15eeb3-361a-413e-b051-91b58cb68103" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef47078d-d3eb-4097-9b69-7a5f50550f88", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f11e6631-7709-404e-b900-572959618c82", "target_ref": "x-misp-object--8f1a827e-b18b-4d8e-9134-6058145c404a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5d9e6ec-282d-4ecc-9fdc-5eebde26f9e8", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--94b3ec54-66ff-4928-8aa3-8d71e60d7294", "target_ref": "x-misp-object--3a5352db-c166-4258-b701-3e74d5b2efac" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--44c89e55-c707-4e28-92d8-62cc1094042f", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--00320e5d-b65b-4de3-8ee1-d79494067bc3", "target_ref": "x-misp-object--af04a185-715a-430b-9c62-200310c56a29" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da0d2eeb-14b0-49d9-ae8b-0962da053cfc", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--497d2ef0-1192-4ab6-a18b-7b7e385ced1a", "target_ref": "x-misp-object--8b8ad180-8552-4e8d-812b-da9f253ee1b9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46f7640a-b970-49b4-85d1-7cf5dc70fd01", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b8ba81c9-1297-4551-ae6c-2b6d946febb7", "target_ref": "x-misp-object--11995272-e3a2-4760-a818-37805cc4f8e3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc3e6c80-a5ee-403e-8e3c-cc8217fd0124", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d8183a96-7140-4e57-9c94-d6201404b3c9", "target_ref": "x-misp-object--a7abb420-7ad9-4c65-96fc-68532346ec83" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1defed61-070a-4c05-a73e-3a825ba35d43", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c3538fa1-ab37-41a0-a386-067259736edb", "target_ref": "x-misp-object--5a32cea7-20aa-4eb0-bca9-2940c5942b16" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--208a9b3f-1ab3-4299-ae6f-6051db079835", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2dd98880-5edb-4b1a-9bfa-b4266acdfe73", "target_ref": "x-misp-object--c9c438ef-21b3-4629-b4a9-001374c76844" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2927d184-7316-4fd2-b7c0-7c740854aa97", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0717db5b-0c11-43a4-89d2-850a05d2dc1f", "target_ref": "x-misp-object--8b7c3477-583e-48b1-98eb-1759a8c1f43e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--415ea551-096a-44ac-aca6-4ca24833c0a4", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4d524d85-ab4a-4b09-aa3c-ee0950ca9b0c", "target_ref": "x-misp-object--d64ce314-3e09-4ed3-9469-50de2887db7a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f9b1266f-f66a-477f-8b29-7122779e91bd", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--23dc2bb0-649a-4e7e-916f-ca57f3d41232", "target_ref": "x-misp-object--fffa31cc-b7da-4435-8da4-4217eae9da3a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1df865b2-a105-4d25-8a96-208f8ea2005e", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eee91a25-6f52-41dd-9fb9-9cfd82b106be", "target_ref": "x-misp-object--8f64c7ff-e13b-4ff7-86ec-140e2e9c10d3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b46ed9d1-2871-4165-aa5f-54d9802a0bb9", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ca547016-95aa-46e4-8bf5-1230c0ec95ac", "target_ref": "x-misp-object--6165d746-908d-4b45-970a-cff224beb318" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--782e57cc-3b06-40f9-9121-c27b42012ee3", "created": "2019-12-11T09:18:09.000Z", "modified": "2019-12-11T09:18:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e4a70633-da70-44d0-966b-fba6df61eaf4", "target_ref": "x-misp-object--822b9cb0-6e5d-44fe-8b7f-f19c63897c15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35f5d140-734f-4b28-b0df-29f0e1b0d6d1", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--107eec73-a024-4922-b0c4-afedf04ceaed", "target_ref": "x-misp-object--62b3af6d-e571-474e-b4ea-8902b569ce7e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--312cd6f6-fe8c-451b-8952-fbb75b687ba5", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c53ddfa1-a388-46de-980f-2046696f05b1", "target_ref": "x-misp-object--6d3ef398-bd13-4015-9058-e2eac116d851" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3ad5374b-a1d3-4e34-b0cd-29e5ba6d9913", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e5ac22fb-0656-49c4-a9b9-50958ef4f078", "target_ref": "x-misp-object--cfdac520-216e-4097-b168-f42f780b2386" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b38e1f91-8f9f-40d3-b75b-90f3ad199cb7", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8c714bd9-dc11-4c58-aa9a-ce8e7b35c10e", "target_ref": "x-misp-object--ef16804a-b4f8-4abe-92ee-8ccc6e30030a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--67b835e5-305c-495d-ac00-2215d7c4f091", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d9b51778-96b9-4bd7-bed6-a45935fa6e0c", "target_ref": "x-misp-object--944ef95e-0873-4427-8ba7-a07d8f180213" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--97aac47a-688d-48d3-92f0-8c9916554b69", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d90d7510-b18d-425a-b1cf-d801ea2c3728", "target_ref": "x-misp-object--c2d36373-d8f8-47f8-9a7a-96d0b308858c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e99a0fcf-10bb-4d5e-abf5-d1cfe2433b40", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6e373fa3-f338-4be8-9b0c-d217612f616c", "target_ref": "x-misp-object--830692b4-bd66-4352-ab65-39e17bf659a9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--362b40df-b5d7-43a6-8fc9-4f4f6de9e290", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fab8ae84-bdd5-4190-ab4e-56d8d18efd3a", "target_ref": "x-misp-object--564b429c-6277-495d-bb51-8360233835d8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ef8071a-3dbe-4abc-93f4-e0e632268860", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5234ca77-d73b-4679-9fb8-1cf66a877229", "target_ref": "x-misp-object--74c0b91c-8211-47db-b595-dd05b2dcf8af" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3887db2b-ba0d-4a57-9a71-aa2a649f2422", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e84612a5-d35b-408c-ae9f-896ac729316d", "target_ref": "x-misp-object--9846dd5e-b532-4be1-a46b-388972733ae6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--790d3824-cc3e-427a-8a99-aaa562990a6c", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3f22fe4d-0718-4842-973b-fb3836213ed1", "target_ref": "x-misp-object--a0f19881-bd26-4557-bb1a-434cb9beb1d9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee941098-c7c4-4cb5-b7eb-efd294a8cc76", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--970f7ff4-676b-461f-bb28-9c2a7729d453", "target_ref": "x-misp-object--b69436ac-21a2-413c-83b8-77e1314c6269" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--45c3d40b-ba79-41c4-ad98-214d6c1fcade", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--79091794-26ae-499c-aebe-2494a65a9c04", "target_ref": "x-misp-object--1ca35cdf-ad36-487b-9eb7-baadf951f44c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--abe5cc9c-823f-4c4b-80c3-ea4e1e61a6ec", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bad3e71f-dff3-413e-b388-694833e99291", "target_ref": "x-misp-object--29395e5f-bfbf-4bf0-a0d2-0282023748c9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--69c6018b-44be-4bd2-8239-096b5a121b7f", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b54c01e1-4d36-4567-998c-d4fc934e3ba3", "target_ref": "x-misp-object--1f653f28-d3cb-4254-91b3-e62ecaa7a324" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c14565d5-31f3-4ac3-8b77-4da6e4ff02f3", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bd742976-f97e-457d-88c0-51c6a8ff95dc", "target_ref": "x-misp-object--76841c9b-9b53-47cb-bb88-0ccebed9f734" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--126e3d42-8175-42ea-88c4-78aeb0e763eb", "created": "2019-12-11T09:18:10.000Z", "modified": "2019-12-11T09:18:10.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bfb789b0-2ceb-4a1d-9539-1e412e2024d2", "target_ref": "x-misp-object--7fbf0609-157b-4d8a-b7e9-1c14ec63a169" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c53ae32-a4a4-40b4-9ab6-00a8a1c1f090", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d9b8737c-a356-4ed8-8275-7cd7afae9b2b", "target_ref": "x-misp-object--4a1fb428-1395-4bcb-9d60-9698ae754c95" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--af1462ac-6720-464c-afd9-b165e66f0528", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2956e51c-200d-426f-8eb0-afde5b6d8200", "target_ref": "x-misp-object--1a3316e4-b260-45b1-bdf6-5db657f71d9e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c3ef3256-7b22-4ea5-887b-1358b9442444", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--858b9465-0a70-45c0-85fb-83633f3913a9", "target_ref": "x-misp-object--158928a5-e941-409a-9300-7fc5b2b59fb2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f85690a0-a6da-4c88-bb57-8942170b0928", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7433c594-7224-453e-8be3-480918097012", "target_ref": "x-misp-object--977810dc-56c7-47dc-aebe-e65b0c1bcdab" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25d9fc3b-00d2-491f-ada1-c12f65916af3", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--556e15c5-218b-452f-9df4-7ed5143cd879", "target_ref": "x-misp-object--d12ab561-6b0e-4aed-a73d-c9cabb8f54cc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--71a314cb-2418-48f8-9a5c-408904c90e3f", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6942c9ea-f904-406c-9a9f-2fe4e43a5c65", "target_ref": "x-misp-object--5fbfff3b-8a04-475d-8c33-7242bcfa7e1e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c7e21b5f-66d8-42bc-ae87-c4271d530557", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5225ceb8-f692-46d2-a37f-f4b1bff422fc", "target_ref": "x-misp-object--a4dd923d-e33a-4766-b505-14320eef16ca" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eebfc66c-ec1d-4837-9bb9-32509c9b13a0", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1f22cdc6-7815-428f-8db3-2f12ed08f365", "target_ref": "x-misp-object--da7ab84e-ac1f-4045-abd0-7e8a7a7c81bd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d89f6a7-44c3-430c-9c0a-7ba8840bb6cc", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9648d79c-e673-465c-acc0-5305dea0752a", "target_ref": "x-misp-object--e1dfae7d-d10d-4f84-9232-2a257263fd54" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2864b5ef-c7b9-4a72-8e9e-b61c680f7128", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2b0e1b4f-e4f0-4c50-a085-72f73fb42e33", "target_ref": "x-misp-object--a7841efc-7297-46b2-a0d7-de38e9dadc77" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f916646-efe5-4d89-b180-35158f3267da", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--97740513-6b6a-4d71-b58b-10247b79b46a", "target_ref": "x-misp-object--f374d92e-ae65-47b4-8c7b-80394675594d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--360097e1-b9cb-4e62-adfb-560c3d31758d", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9641df2c-64d9-4949-a376-93999f2c1ed6", "target_ref": "x-misp-object--cb668e55-75bf-4b47-bfde-31713c7aa475" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f81c2322-35f5-40ae-91bf-2c7573b5d0bc", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0647a406-ae28-4819-9bda-5305edb9da80", "target_ref": "x-misp-object--43e87703-8b04-49b7-bec8-700f4da208a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--545a9723-bf2d-4b8c-be97-6581debc94d3", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--89931ac3-de3d-4e51-b5e5-038fd15da894", "target_ref": "x-misp-object--1bd57d79-f05b-4dea-bbfa-b9a121fee8f4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e17037ae-b44d-463a-a1e5-574ffd8e8a22", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--44c7c2d3-f768-4143-84d0-4994eba100d2", "target_ref": "x-misp-object--fed8de15-950a-446c-b45a-be7ded28131f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--61ffcd1d-0409-42f8-88d6-353d3f358a56", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--424730a3-d4b8-4008-ab0f-86a7d157d85c", "target_ref": "x-misp-object--a226096d-61fb-428e-a5c1-e90cb67593c8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--455411d2-fb80-40d0-9ddf-9a23e000be4e", "created": "2019-12-11T09:18:11.000Z", "modified": "2019-12-11T09:18:11.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1f1a6d16-b82e-44a7-a80b-c4ecc8de3f68", "target_ref": "x-misp-object--271b2ddb-776a-4903-9371-201a5fc9d40a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--deec5c71-6672-4a9f-93eb-b42b597d6020", "created": "2019-12-11T09:18:12.000Z", "modified": "2019-12-11T09:18:12.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--901e56b2-8f8e-4f3c-b98e-812da51a8e8c", "target_ref": "x-misp-object--4978e001-da37-49e7-9401-22eadc89f2a3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72086be3-59ee-4309-a1b6-709107e3f5a0", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b941fbca-a22c-4ff4-929b-fd1cadfb7fbc", "target_ref": "x-misp-object--6730f7da-0e56-4dbc-a917-812a43136628" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42ec7459-e982-45ff-8467-097eef8277b0", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dd07c58c-55cb-4f10-83a1-1a06dc64a1f1", "target_ref": "x-misp-object--dc4db6ff-2801-43dd-9fb1-aafc185e8c78" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc60b760-e787-45fe-a8ad-c81b68169f77", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b16200d2-460e-4519-8dc3-e2b344f6cf18", "target_ref": "x-misp-object--baccedae-b49b-44ef-9a96-77c1f0d1c78b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c7aab81-635e-4cfe-8e00-eb7b2bd97fbc", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f067504e-ada5-43cd-85f3-77c40814646e", "target_ref": "x-misp-object--9da7c678-13b4-42a3-b1d7-224235a95a58" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6735d478-5b50-41d2-b4c6-946f1b1f2e63", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bf6795fd-f4ef-45cc-b33d-80a5e4d2b640", "target_ref": "x-misp-object--c918c925-f940-4b22-baf5-6a2dfb4ba597" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5293457-354e-479d-8ffc-4764723154ab", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--91ed5442-d4bf-4d87-a164-ab3d02136d0a", "target_ref": "x-misp-object--70d64ea2-0462-42af-9697-bea528a2cdf6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a1880071-67e2-4913-ba3c-e6e68e1bad54", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a11b9dd0-c1f3-4364-9eb8-6b05e0a2667f", "target_ref": "x-misp-object--0f57c64c-7bbe-4f6f-ac55-7afcd42c3f35" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aeb38624-aaa0-4fff-b6cf-03af5a998362", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2233994f-677c-444c-b9fa-e7ec29fccf78", "target_ref": "x-misp-object--46fc2e97-93c3-41bb-9f7d-c0471e92a5a2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--556e25f2-b322-4e61-9acc-37b411cb4c77", "created": "2019-12-11T09:18:13.000Z", "modified": "2019-12-11T09:18:13.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7594f724-065f-4791-9013-fbfc82dfe828", "target_ref": "x-misp-object--990d2868-e933-4aa0-ad3e-d7265cf10e15" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c3e2f64-a4ba-4a17-bbf9-1fd739b1a89e", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7f0f2aa4-dcea-4938-8c5d-6364da9925c7", "target_ref": "x-misp-object--8e2ea5f2-dd27-4c61-8a30-47ac5289d93e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90cc54ee-58e9-4fd1-aa4d-5398987f5fb6", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eb0466e5-b50d-43c0-aa69-2f1c6c79d905", "target_ref": "x-misp-object--ca373d32-0ba6-466e-98a6-15f24d0c8115" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fbad7241-fed7-4f49-b523-b0dd73ebb1af", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a7200b0c-fef7-4eb9-85b2-d618615c0809", "target_ref": "x-misp-object--bf842af9-f8e6-44a6-b7a6-3c24478cf079" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7e62091a-dd2d-4dd3-ac40-3400ec597432", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0f4bb689-990d-4905-907c-81a9351fb46b", "target_ref": "x-misp-object--dfa592e6-e771-4ee4-8eb4-1b6cfb89e77f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c1bf490-c39e-439b-b22a-bcb1cdb1d07a", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a0b2b74a-c8e1-4d94-8949-55503c2e4be1", "target_ref": "x-misp-object--d57d34e0-267d-4d69-8932-7c53e3159081" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--11fbaad2-3783-48aa-86b9-8bfe9247dad5", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4825fefb-afed-42d6-88ba-2076ad113636", "target_ref": "x-misp-object--b55fbd24-5612-487b-a91c-e8a8550bf3df" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3cd55efd-8266-4380-91b2-72451cbdfda8", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--478f79ba-3f6d-4afe-9dab-208919ecb65b", "target_ref": "x-misp-object--fdb38221-5885-4819-8fbe-6397bad847b2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e6d150f-1fc0-4378-91bd-168d2ca4b3c8", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c7dee2e-2977-492d-aa98-5d4fd62eb113", "target_ref": "x-misp-object--34a6994f-068e-46bf-8345-bbc4635d20d4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b31f217-277a-4233-a5c0-2fab7bdae942", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6c3a81d7-2298-4643-a114-979b560178b2", "target_ref": "x-misp-object--9122b627-febd-4ae8-a6a8-a26387e4188a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2eadd1fc-da9e-49bd-a53a-319b07d2c860", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6064c164-2955-46c7-9bab-3f2ba5ba4e17", "target_ref": "x-misp-object--a7233309-72f4-40b8-853f-a91d120f4f13" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e20650d-e048-4560-9063-e1eb40e742d3", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d608b556-1e42-4724-bf13-92d382cc0875", "target_ref": "x-misp-object--d2be4787-cb80-4529-9bf8-fcf3efddbb63" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68781c6a-5cfb-47e6-b0b4-8bb2b338b87a", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cfad1838-ec2d-4706-9c29-1add7cd262e8", "target_ref": "x-misp-object--9db29e33-08e0-465c-94dc-14bf1d1beba4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--132aaa04-5b0e-4fb9-93cb-6cd8bad93478", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d11dabb0-13db-42a7-8e45-d46b5be2d46b", "target_ref": "x-misp-object--39a6b77b-e8a9-4859-9f38-ad5511b67c19" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--977fa307-c279-4086-aec4-2b798c48a512", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5316380b-6882-4fa7-bd9b-7feb1585ed6e", "target_ref": "x-misp-object--855976ee-8343-475c-89f5-09fcd75d0354" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6e44e35b-b085-48ae-8db0-953bee6027dc", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9a4cc9c2-bd16-4336-a8f4-0b63238ce8c8", "target_ref": "x-misp-object--c94d77cd-e9e0-4db8-b96f-f2aff531545c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a7990df-bacd-4d95-add8-baf991788d71", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e8c3711d-2475-4e1e-9bd5-8dfb243d6513", "target_ref": "x-misp-object--d1da2898-a85e-47b1-a1cf-088854edef72" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fda47260-01af-4310-a935-190ddc7890b2", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--843f03fd-f8f0-46e3-afc6-48283b2c67c1", "target_ref": "x-misp-object--aba95b98-4ece-4333-a3d7-ba5d458d2502" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce7a22fe-7336-4b7d-8424-aadd9169f3df", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--af6e9894-f165-457c-b788-04d7249d1994", "target_ref": "x-misp-object--7ba25183-ea7a-48a7-b08f-384f93f21ee4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f77c3435-9f32-4443-a477-482046e2b11b", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6f33a2fe-f083-4989-bae7-70dcea2414de", "target_ref": "x-misp-object--e8fae15e-e914-4136-b3f0-1d718f31713b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--77b75bed-0160-4676-943f-fe01a935f72b", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--57c4c25e-09d4-4be9-bd08-f90fe51f8ed8", "target_ref": "x-misp-object--c4096a02-42a6-470c-afa8-7e398c9440b1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--55ff7c98-3951-4919-bb5c-28f5035773fc", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1e23920-9593-42e0-a5af-ebf55ba78815", "target_ref": "x-misp-object--9fc57478-7b97-4f3f-bb63-7ef94c4b4217" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9cb0558-22bd-4e9e-b4d3-8be0da8ff9ad", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8bdf4abd-0227-4932-81a2-3e4852d27812", "target_ref": "x-misp-object--5540ba5e-d7d3-49c6-b9cc-e12710b055ff" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c7d4f76-c414-4f7b-be35-d40bdfe12967", "created": "2019-12-11T09:18:14.000Z", "modified": "2019-12-11T09:18:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0d3626c4-d758-46c4-b1f4-f3ffb75548a5", "target_ref": "x-misp-object--ad748a67-b407-48c8-b20e-13d19eca50f7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9cfcb9f-7a82-45ef-86cc-0a1d14d05ae9", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d7f97683-565b-42a0-97d3-bdb65e2fbd93", "target_ref": "x-misp-object--1f667321-a70c-4b3c-92f3-4d1cd1683aca" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e617e66e-7b01-46b3-80fb-06c7aaf5f94e", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--32f451eb-9169-4c12-a78e-e55862a94f17", "target_ref": "x-misp-object--ea9d219d-6734-4c30-9739-4fd946062bf9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f9a0b61-abdc-4c5a-92f6-373aeddfcab1", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8111e71b-c902-4992-a2bd-f5a9614cdbbc", "target_ref": "x-misp-object--04d5b57d-03a9-453f-b7a6-2f16a70b721a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f4d2fbd6-494b-472f-a8fb-fce738fb7bdd", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fa6205a7-6a6e-4801-89e7-8f25ba199a68", "target_ref": "x-misp-object--6ad6afec-cb00-419d-a3e4-a1b88248047c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--00340609-b71b-46f3-9aec-b45c0f4f633b", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2fc50d7f-d453-4546-a345-d4bed46eee2f", "target_ref": "x-misp-object--749f12c9-3e05-463d-9c48-5476c87c8a36" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d72f70ca-1b4b-4adf-8406-920b19a567d2", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--58af372b-6894-4460-9af9-6a6494e62084", "target_ref": "x-misp-object--fa5519fa-76cd-4283-be2e-cf479c538281" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7cbbae8-5024-41ad-a673-c8f1a9d3bccf", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d1910cab-795c-4542-95fb-09893adc810f", "target_ref": "x-misp-object--39f75481-6d10-4b0c-81c2-27d908d8d24e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8fe5ccb-8035-42b4-a062-7130f8e8f644", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2dd3a782-5257-4c38-916a-9a98c9b58666", "target_ref": "x-misp-object--ee72a41f-34bc-43d4-93b4-6e7513bd3162" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9aeaaa88-bbdc-4bda-aa0e-9c098cd7af2a", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--62d23ea3-e22a-4cf4-9217-0e679882cc83", "target_ref": "x-misp-object--eca2a236-4a01-4a6a-914e-e95542c236c2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bcfaaf60-b723-4379-a9fb-020d7466b30a", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--553f485e-b4d6-4cd9-a92f-f8f1f089fbcd", "target_ref": "x-misp-object--af0a31eb-cf9d-442d-aae5-a1b510d0154e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5fef3ece-e5fe-4d2b-92de-3116cdf47166", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--12f133d3-37da-434d-b28f-f13998690487", "target_ref": "x-misp-object--d6981862-91dc-42bd-afe4-78e54660f67c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b9081538-e3d5-463a-8b0d-94717816eaad", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8d4d08fa-89fa-4a93-ae47-e6c385a9692a", "target_ref": "x-misp-object--121ff0cb-3515-41f2-a7f0-517f4734cb74" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--80e0dcc4-a9de-4628-9021-16f4d5989ee8", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dc27e937-a3fc-426a-8b8f-c2b01362dfb6", "target_ref": "x-misp-object--3aa13296-74d0-448f-946e-4d8dfea79884" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b43002d1-3b8f-483f-8530-d45ff091cdfa", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8be3bbf6-0270-4d09-8f15-278921cb1395", "target_ref": "x-misp-object--9ed15da6-ed0b-407b-b586-a94afc851003" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--68637231-d2b8-4b4f-a35e-8fbb4c2a2673", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--891011ce-df32-48cb-8d94-65d3fc5f8682", "target_ref": "x-misp-object--c5d5ae0f-a526-4531-9348-a609323990d3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6940509-f183-4443-8654-016036c4d2b4", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e65cdafa-8fda-4c15-b765-517ea37e400c", "target_ref": "x-misp-object--dd269146-131f-4691-8c24-a2ae13fff493" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72c2d9c4-676d-4e0b-bf1b-256b65661fc3", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e00c6822-899d-4ec6-85ae-67a45dc2e857", "target_ref": "x-misp-object--eeb4ab97-a3f9-4995-be2a-ae76257f32e7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1f04432-28e4-4d45-a862-d8d698cdbeba", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--75925d56-de1c-4741-8536-dd11890d8059", "target_ref": "x-misp-object--5bfa528d-17cb-48c0-842a-d6eaa50ddd6c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--271d0c39-6332-41cf-b38d-b7da28b5bf11", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ad7fdb40-e118-407a-9787-47f0c12ca2f9", "target_ref": "x-misp-object--238e6584-fd2a-4ad0-8b8a-267df462773f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad399030-1055-47b2-88a2-377d0718f375", "created": "2019-12-11T09:18:15.000Z", "modified": "2019-12-11T09:18:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--902ed478-e91f-489e-806f-1ef9bdca36b6", "target_ref": "x-misp-object--6aa52ea5-c087-4ee5-82c3-7cfab18678ec" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4446dd1a-749b-4126-9dda-61c6363de091", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--598b04ce-e5da-40e7-9864-faafb34ec389", "target_ref": "x-misp-object--c0d2a4c0-2180-4ade-a8a5-75fc536af3e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef50f8d8-0b45-4fd8-a026-023051831be0", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6415e0f5-6146-43e0-bfb7-06ef088beccc", "target_ref": "x-misp-object--bec9b077-26d5-42fc-93e2-25690c9bb1a5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e2ff436-c9c6-4910-92ea-d052e2025529", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f5fefe2e-5fc5-4a89-bb76-5a64c5775300", "target_ref": "x-misp-object--6642411c-81db-4e86-a094-aaa8caa8c6eb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5ce36b6b-c862-4fcb-bc95-fed1d4e417cf", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--95d32e3e-18d8-49ce-b395-25c9bd0e4d63", "target_ref": "x-misp-object--9b6e178e-5b5e-4b18-800c-6de5e925710f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b9a2eb37-8b0f-436e-8214-fd5cd834b82c", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aaab1a77-85aa-497f-b600-f08170e3dd11", "target_ref": "x-misp-object--06013ee4-86be-4174-a724-c99d5ef046c7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a111e13-4e02-4022-81bb-3fa2af324c0d", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6fadbbba-7434-4127-9bb8-937caf40dbe8", "target_ref": "x-misp-object--e875e51d-6da6-42c4-b9ee-6a7717def8e1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9289ba33-63e4-4977-841c-4a6dba72ecf3", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3fe4d794-f60c-4345-8996-2d65560e411e", "target_ref": "x-misp-object--4ee103d5-0790-48b1-9407-e91e67854c3a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8db428db-aa54-4181-a50f-17a97e67448c", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ecc40381-0188-4695-a7e1-1f8752dfdb9e", "target_ref": "x-misp-object--f2ed2385-8cb0-4b23-9c45-6c5a682a2efb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7ee5019-464e-485b-bfa2-82a3562fb1ef", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a4c4e3fa-fb63-4889-bdcc-743ed7a11eb8", "target_ref": "x-misp-object--232966f6-d638-4faa-b81a-66e273133adc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a80d275c-6aa7-463b-ad77-1c038840e4f0", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d2ff7c1d-b222-45da-84c2-110cd100ebfa", "target_ref": "x-misp-object--8e781d79-b7cd-4978-8515-394ca1f48d91" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a59eb624-0766-485b-8148-5fe0c8cd386d", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0de6bc75-19c8-4f53-b103-bd92fc36f4f0", "target_ref": "x-misp-object--e0454c25-d52b-48f0-911b-72f128304322" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dc6692f8-cfb2-4208-878c-2d670c8a488a", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1214d8ae-4a94-44e3-b79f-d2e7afc0818b", "target_ref": "x-misp-object--4effd1bb-52d8-4f35-b34b-c78d591ce23c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0b1616b1-0911-45d6-913f-9314f229bb16", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d73fa50-2098-4266-bc83-0a9addca5070", "target_ref": "x-misp-object--c23e5d0a-9014-4fe9-a86e-d1d53fde3bdb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f94ecffb-9572-4d3f-9f6f-060e87c3eeb8", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--08636a98-7447-4e50-9578-93efa2fef7c3", "target_ref": "x-misp-object--991a8a37-e9d6-418c-8f99-fa5cf626362a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72c7412f-0908-4406-9ea9-8fc0788f8fb3", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f29547a7-5ec8-4bd2-873c-9c46e578c585", "target_ref": "x-misp-object--501a98f6-aaf0-4d27-8dc8-7d02d7cf0584" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7930fb54-f5a9-4287-8e7c-088f4811b0c3", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0dca173a-8b40-47e3-8a33-dead4e124096", "target_ref": "x-misp-object--8b00d70c-2614-4efc-b5a0-a69f87d4cf0d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea8b0923-c431-4533-a6e5-ce28ad73affc", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0852caf7-8875-45eb-a91b-33d2334b172d", "target_ref": "x-misp-object--d4fdae16-e9e7-4111-ada2-171b8da4e5c8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6dcc56cb-d88a-4985-aec6-c9490c17eafe", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3cdd59f8-6d0e-413e-b96b-4ac44e6ce56c", "target_ref": "x-misp-object--2ffce14c-5ef9-4e63-ad94-9d81c43da9b0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d337bf39-183a-4c99-8426-a10acbbb9e50", "created": "2019-12-11T09:18:16.000Z", "modified": "2019-12-11T09:18:16.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--480a2886-8b70-448e-a467-91972d8ee88d", "target_ref": "x-misp-object--630d727b-ebb7-422a-9e2c-7f7d651462cf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f5da04a-1589-4f9f-9833-1cd513b324ca", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8fe13168-7f35-46b0-8673-334a93b1c445", "target_ref": "x-misp-object--7eccc0ad-3bc9-4f27-bf29-42c689fa8b13" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--514bcdc5-77ef-43d3-ba58-c04ba4f4226c", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--693eb4a6-6c91-4f3d-8a41-39b4a388b08c", "target_ref": "x-misp-object--217bde46-aa3d-4969-a68a-36d0385f7301" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c738f43d-28df-4b22-a6a1-7e688f79293e", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--61fb8e5f-2103-4a55-afb2-db120c501d56", "target_ref": "x-misp-object--a4d0a189-bce0-447a-bb3c-57f45d66d69b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c7b67622-b720-41d4-97b1-3d886540be81", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d9cb84e-117e-46f3-84f0-5508358b9dec", "target_ref": "x-misp-object--610de0c0-a0c3-44ae-8bea-75a8d691a50e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3014a4d-8ede-48e5-a7c8-a3e628a668c5", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--15c09bb1-2f0f-4e13-9722-d2eda392d772", "target_ref": "x-misp-object--7f0a542d-75ec-4857-8d9c-2c2feac75c60" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78659d1e-b56c-47ba-9566-d3e012a1528f", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--de874556-ef37-403a-9d10-fa16f100b3ef", "target_ref": "x-misp-object--fef9c7a3-2181-484b-bc36-6f4352cb265b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--949e5393-2fbe-47be-80f7-b24e9c8b4750", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b90c13cf-564f-496a-99d7-29c19e842eb7", "target_ref": "x-misp-object--fee9a30f-77d8-4e7f-a9ad-aba3bc0767ab" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c99c5d7f-797f-4e8b-b29c-0f434bc66939", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--df08daec-a00a-43b4-8601-d515dc2651b0", "target_ref": "x-misp-object--07d36978-be41-47ab-8996-78330168c467" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a01c647f-6052-4628-8d83-dc151c281deb", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e7608a9e-eaea-4cad-ab79-18e62041c6e0", "target_ref": "x-misp-object--faad4461-56e8-4856-b5a8-a9655b7a27fd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--70d1281e-2ce3-40b5-957a-664f0a82b59d", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--963635bb-375a-4bfb-acf5-d01d25647a85", "target_ref": "x-misp-object--b393d054-939f-4cf1-94da-8a49e472be24" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dfafdb0e-c0e2-435d-8935-302bdba01d2a", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c1f29f2b-4ded-4ed9-9459-f32dbd82721e", "target_ref": "x-misp-object--3f631738-ec40-48db-b60a-7b51df7fb5f6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--549b99b1-ecec-474e-b147-ad580622e43a", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--08d27827-1254-404c-b30b-73b3be143ede", "target_ref": "x-misp-object--a4bec410-e2dd-4406-b859-6179ed1201ec" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--895148dd-04bd-4489-8417-24abc32c48b3", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--63a3faa1-d34c-4f73-9aff-9baca3137eae", "target_ref": "x-misp-object--39e9da1a-04ea-4f8a-92b4-83c2b28af2a0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b849a2f1-3db9-4cc1-8d2e-12035dc5d0cb", "created": "2019-12-11T09:18:17.000Z", "modified": "2019-12-11T09:18:17.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--97d056b4-77a1-4ba4-a9db-bae0cf629aba", "target_ref": "x-misp-object--0e895b28-8b79-415b-9795-85c278ae5448" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33d6f904-0ae4-482b-921b-6d41b15c0014", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--09dda9cd-6cf1-4605-95e5-a025d9038f02", "target_ref": "x-misp-object--8005aad4-bb1c-47dd-8cf6-5e31eb8e85d4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b94bff75-681a-447d-b982-2f3f719605c3", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3e18aef9-9f41-4f5c-84c1-1a9e45d094fc", "target_ref": "x-misp-object--763b5eb5-7aa6-4e5e-ad34-51aa053692cd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4d35668-103c-4e1f-96ed-4644b57db513", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ef35229e-e31a-460d-a92a-2e68594da9da", "target_ref": "x-misp-object--87dee87d-1be6-475d-9a87-f8872a53a501" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9219457e-4a22-4282-826e-7010840b0af5", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e8030f48-91fd-4f6b-b8ea-cecc32f6a78b", "target_ref": "x-misp-object--deb59489-ba40-43d4-b4ab-164d41931d90" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90b19303-a18a-46fb-9219-41aff21a19e6", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c84edebc-c688-408e-ad95-7a021be439cf", "target_ref": "x-misp-object--548bb10a-e236-4d27-aed2-fa6137c005ae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0a10f3e-a451-4d77-9815-3e274d0a6739", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c6bdd2f7-846b-4054-98c8-b022f346923c", "target_ref": "x-misp-object--400ea43c-ccc4-4e2a-91d3-0f1785b2f42b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6a8fcccb-b9b9-485a-ae3a-1540ae08ed6b", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--18828ed6-01af-4af3-ab4d-fca690d96af3", "target_ref": "x-misp-object--2ecf2c6f-1090-4fda-804c-514e7dbe4943" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46bedda6-f64e-42ad-b7d7-2751b6a34bc5", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2778deb9-c215-475b-b26c-1658a49e0c97", "target_ref": "x-misp-object--c37dc55e-4889-4204-abee-1e8e26c434ec" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a72294bf-1d95-410c-909a-28a74b4bf85f", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--769adf14-6a7f-47dc-b97d-3a7d94fee27b", "target_ref": "x-misp-object--f7bec7d6-bdbb-4134-bc6b-913adb67abf3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--574fec6e-6de1-4b0c-9cae-cc1460d9e4ab", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cea3da5e-0781-4762-a3b8-4c500d2f5eb2", "target_ref": "x-misp-object--6ea26dff-4241-4783-9fa6-acde12bd3821" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--09b761c1-c060-4914-ac03-8d63db61133a", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a1c17f8-2f91-4529-b7b0-f5fd54c0d7c1", "target_ref": "x-misp-object--29ea3c62-b290-46de-8d0d-fc15e8b101ee" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--70942a42-b7b4-414f-b017-b7a05b16b8a9", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0b6a4da5-0bba-48f3-868e-9a13e381aeb6", "target_ref": "x-misp-object--b279bb8d-cd93-45ad-ab71-bd1ab6f73374" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46319189-074f-4770-8b0b-f2ef03607453", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f0b4b63b-d2dc-498d-82c4-2336a319e7da", "target_ref": "x-misp-object--8c9ae71a-d8cb-4fa9-9db5-27afe3787bd0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--996e0fde-572e-441a-bb80-ea2380ed1512", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--13d97b4c-5ebf-4c4e-b053-23a65c88d670", "target_ref": "x-misp-object--afc87775-b270-46ca-a6b3-420a46e49a13" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac6a90f9-b0e6-4e1d-b415-3f2fc425fe70", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--834d3a9f-32d7-4e85-91d2-c5127dd44a80", "target_ref": "x-misp-object--d7e2184f-3d98-4617-bebb-a7d5b6f02cc8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f6ad3ac6-b89b-46c2-bf0e-1e775e20e4e3", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1cae09e5-ff7a-4a82-9577-fe163db614ce", "target_ref": "x-misp-object--59739339-aa52-4345-81f3-48eab8bb78bf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--395556d5-eb5c-407e-a005-227565e4fc2f", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--808620ce-1aa5-4f04-86af-a9bf134b7623", "target_ref": "x-misp-object--5db01ac1-ff59-4b8b-bb39-c0a3d26d50fd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d5963008-aae4-4108-bbea-3918597b0539", "created": "2019-12-11T09:18:18.000Z", "modified": "2019-12-11T09:18:18.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--220ab859-2e0a-4cd8-b7a5-533400015a1c", "target_ref": "x-misp-object--49e6be60-5f03-4f64-8477-7dae8f91abc1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--896a7355-631e-4197-99ca-18e022ebf96c", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--de3c5515-69bb-4285-9c4f-fb3ee777ce49", "target_ref": "x-misp-object--984595e7-dce1-45b9-a410-2294d6fb28f2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c767c7f7-64fc-428f-98cb-47d231f73b72", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d51dcfe9-d081-4a2c-bf88-b984c5cb4a0d", "target_ref": "x-misp-object--25fb5c72-5de0-425b-81d2-4879e920744e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--53feadb7-c0a2-4f3f-9194-0f7a7934af75", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ce35ad64-3e90-4857-bfa8-7d574eeb63ee", "target_ref": "x-misp-object--7b9b54ed-c035-476c-8474-6b5239f424ae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fab3d8db-c7e6-4d8e-acb4-f94e7f4692e5", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a372a0f0-51f2-4b79-86b3-d5b6611b0530", "target_ref": "x-misp-object--4f37be4f-53b9-444e-93e6-32a31d8cecdd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6151e7de-45e0-44ef-87e8-364162e8172a", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d63422bf-765c-4422-bae3-e05722b7f50b", "target_ref": "x-misp-object--5b62e69d-b12c-45ef-a7bd-92a71dc212e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b1bbc393-c636-4310-9196-79d558757028", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0a9c29f7-5eb4-4f37-9857-a94edd3484a9", "target_ref": "x-misp-object--9724179c-5715-42c7-bfd9-4375d2987e24" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea02760f-3bb7-476a-b43b-23768b30a6f5", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0dc9e074-7188-49a7-8cf1-61c271067d0d", "target_ref": "x-misp-object--44d573b8-8c3b-4f81-b359-b44706171679" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--51be222c-0593-469c-8566-31709888cbd3", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec57281d-a52e-4ec3-9864-88ecf7d077ba", "target_ref": "x-misp-object--ee086507-5a2b-4b5f-af7f-67efcc717313" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7428d7d3-ba1c-4ed4-b422-a84f5c1145bf", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--60f91c41-4fa6-495e-859a-d5728619dd96", "target_ref": "x-misp-object--439fe388-297c-4b78-82d2-4228f0918a54" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fba5e7a8-cf1d-41bb-8195-673542df12bd", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9dc9c877-a7a9-41c8-8896-95614059c37a", "target_ref": "x-misp-object--ff2fc6cb-0daf-4349-bd62-b213f05340f4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b83bf72-35a0-4f16-9624-373c8f4ab2d7", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6b00327e-4ddf-4dec-a46a-7833c829ef78", "target_ref": "x-misp-object--725442e5-1e94-45f4-b174-26c11c4375be" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a11d17ae-6c14-4afe-8781-47b3f60d91fa", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8f60f10f-0bb2-4abe-96c7-870315a567d5", "target_ref": "x-misp-object--66262593-7c34-491b-bd63-bae2c5717a2e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c79f666c-c351-4565-8b14-450fa93b38f5", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4a596c88-c2da-4708-bc04-8137ec167945", "target_ref": "x-misp-object--81b66735-8b1b-4ba7-9930-47afc63d8a2b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d054ffd2-7ffd-45ce-907d-61c35f45383a", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--25fc58fc-4486-4519-8f8a-b37ef6ab6431", "target_ref": "x-misp-object--9824f125-6779-4a9a-bd60-063532f4ed5d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b18ef465-93ff-4892-8d34-ce6f1f6fbfa9", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bd63552b-3ce3-46f6-978c-5b6b15ea5b0f", "target_ref": "x-misp-object--3df48e75-a739-4211-9407-6311765cdaa9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce191167-279a-47fd-bc7c-68e4b09cf733", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a4b3cf43-3ee3-4127-9013-8ff15a37ef5a", "target_ref": "x-misp-object--1e4f61f4-b717-486e-8313-76ca42f9d871" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ab2178d-3907-44b3-9944-dff3f869c59a", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--41837ce0-6fc9-4bf3-bbd7-b5db13b56d8a", "target_ref": "x-misp-object--a480ec19-a2fc-4c23-a2ba-d901c3e46209" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5ff657c3-460a-4a6d-bbb3-a051d18ed7b8", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2a34cf03-2091-4bd1-bfc6-b0c4f096701c", "target_ref": "x-misp-object--045a999a-05af-4f68-97b3-c67877b7306f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42ff60e5-25e1-47bc-ba3d-e16dff321d33", "created": "2019-12-11T09:18:19.000Z", "modified": "2019-12-11T09:18:19.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eb9212b0-60a3-40d9-b087-27ab8db99dd6", "target_ref": "x-misp-object--de7e7abe-cf70-41bf-b039-e3e9e9118bef" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a9b842e-7a2f-43a5-8cb3-2ed70be46c24", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c4a5d335-d05a-4f1b-927b-f07d48ceeade", "target_ref": "x-misp-object--ffd6cead-93b2-4611-b25b-a918732de14e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--10834e8a-0378-4695-a2f9-aea5cea40529", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--387fd63b-aefa-4afd-853c-caf75eacdb7d", "target_ref": "x-misp-object--a518f4a8-4592-4a87-a370-8bf4338440a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1fabac84-0bac-4341-b810-0a842195cb45", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bf1d74a7-6453-41df-b8c0-c8036ca30e3b", "target_ref": "x-misp-object--e24f718d-46ce-48de-a1d5-5b59fa3fcb50" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8456fe96-4fde-4a3d-adee-066878d7060c", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9bd53e5-f96d-4b52-a85b-d008fb299c67", "target_ref": "x-misp-object--ed42186f-425b-4534-9e72-6d8667bc2763" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60b9ca66-6d3d-4747-b53f-4df69df37a84", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6057798b-3af5-424e-9be6-1f63bdbee336", "target_ref": "x-misp-object--82c95c8e-9acd-4d94-84bf-a2732dbbd804" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c225d0c3-7029-40fc-bd9c-e1a18140e49e", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c307c82e-5ee9-40b4-a57a-bc100bc9d5dd", "target_ref": "x-misp-object--d1ae46d6-dff2-42eb-a2eb-3caf259da849" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cdcf9ab6-d15f-4cdf-8632-403ab35cd9fb", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9d27efc7-ae77-4a63-8946-2b5f139d9ceb", "target_ref": "x-misp-object--24d1e65b-5461-4b43-8cda-af45bff380a7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8e4ed1f9-e142-4414-b58f-ebd44a96be95", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--35446faf-0ddb-4f87-854b-385260b95671", "target_ref": "x-misp-object--835f33ab-3f7a-4ce3-8abd-aab87b77e4bc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cdd811ef-5c83-4ee9-babd-4aa2effb19b4", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--91f2a406-203d-4994-9682-e7108f0df365", "target_ref": "x-misp-object--8a91dc91-0540-4679-b542-4a6626806420" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9a0bffe2-ac84-46ad-98b3-db3d381536ed", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5b141a34-9277-4a85-beac-d7493563108f", "target_ref": "x-misp-object--3e844dc3-b609-47db-9acc-099b34ce7d02" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13eaef3f-31b5-417c-bab2-6ce1416bbfa7", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--047dc7a9-043d-4f84-8cdf-ab188f1bb32d", "target_ref": "x-misp-object--1199ba69-0bf0-46ef-b935-a55651b947ed" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--409974a6-2873-4876-9b15-19cd90c6a934", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e5c22d2f-bf18-47e1-b9f1-e649da622ba6", "target_ref": "x-misp-object--994fbf8a-51e0-46e6-acdd-8ce215181e20" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--92ca3009-6d35-4922-8d8c-7bb8bb847d4e", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bc463676-fa0d-4152-a4ac-f9568ad30f21", "target_ref": "x-misp-object--9b02493c-909c-47f1-adea-240736dc4ed6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26319504-591d-4aaa-837e-d659c969ee40", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e0309f0b-5aea-46c3-b31c-85409e2f1575", "target_ref": "x-misp-object--9347bd73-b4ab-4e99-83f0-a9b892bd2cd3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb12e3cb-200f-4eec-abf9-8408fda3562d", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1f459a8-8d2d-445f-8ae4-be737e996cf6", "target_ref": "x-misp-object--631266d9-9ebc-4b97-b95a-9042ce7b37e4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f57cc769-fc26-4447-80c1-2145fdc10828", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c80147c-14a8-4788-a975-fca23e47c4be", "target_ref": "x-misp-object--82717ca0-1aca-4e43-b093-95115091b83e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce52a117-1133-42e5-8eab-8a7f121d3c1e", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c2a8bed0-ecec-4727-aff3-9692b710ec87", "target_ref": "x-misp-object--0bd0a4e4-3dee-4363-855f-290fbcfb272b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d74a256-4e08-495b-9558-c0e0368da4b9", "created": "2019-12-11T09:18:20.000Z", "modified": "2019-12-11T09:18:20.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f72eda7d-b70f-4693-8822-0a78cfa8cc8e", "target_ref": "x-misp-object--463ae21e-bbde-444e-89d3-99479d75ae8e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6caf32c7-fbcf-4396-a357-50751e190914", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1e15b2c6-4e3e-43b6-91db-741c882e5f57", "target_ref": "x-misp-object--290a99ee-e5ed-44f3-b8de-a50139d24917" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--61da3fc9-fc06-41bf-9892-2c046a25d319", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eb99d484-d0eb-4eb3-97c7-8f2aff1583fb", "target_ref": "x-misp-object--6339d9ce-f18b-4cab-b0ba-90603d434da7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5e86e07b-99b2-430c-93e9-504fcfb31e1c", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b96abe4-4bab-4097-bdb3-ac8a298c6796", "target_ref": "x-misp-object--7bd1774b-123a-4795-a208-e214b34da6d7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c1a90b4-0b3a-432f-a5bb-8cd300502ef9", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--790e9ba9-414b-442e-a128-1d3a40dd80f4", "target_ref": "x-misp-object--f34ac31a-c93f-46a2-9bc1-c0bb0941f729" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f149f114-9cb3-47f8-9f8b-0c6e22be1b68", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0f18d2de-6860-448d-87ad-d7daeb9022eb", "target_ref": "x-misp-object--78e30eb5-6d68-493c-b7e9-01d872e9b47e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c1d6df15-f2f9-4147-9bb3-51c02a59b296", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0e905908-feb4-4bc9-9c9f-be6c013deabe", "target_ref": "x-misp-object--2bdc1369-156f-4352-b274-343e87e014fc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a2af207-2ef6-4e17-b7ec-98b1aab9fea4", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6620f764-ad31-496f-a9b1-1f5d3cba2720", "target_ref": "x-misp-object--e6afe7fd-4808-48f3-9e13-86d21eb5d043" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b0d63ca0-cc7d-4422-9b50-fc9370b3fe34", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2c25a987-39a8-4df4-a449-34c6e50aaa83", "target_ref": "x-misp-object--d0988bd5-e3fe-4b3d-86cc-4f487be10b9a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--385bd16f-fb87-4d0f-a00c-24efb5ff4629", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--31aab19d-f800-4ef6-8d32-74c6db0f8981", "target_ref": "x-misp-object--d65a4876-fa23-4956-9b83-993ca4626952" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--abb72b1e-70f5-4659-8a3e-33e9f5b43fed", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1f9dc79f-f7b3-46ce-a6cb-31984ae06835", "target_ref": "x-misp-object--33a5510d-f8d9-4e09-ac75-a43c9fa9c815" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c801514-b326-4d09-813b-2069dff52c2a", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--af2c0ba7-1d20-40b1-8df4-ba840f095ec5", "target_ref": "x-misp-object--0f05b691-83cd-427e-b4f1-d023a58e914b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8fe4e70d-593c-4e96-a928-84bd33015677", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e4037054-8a55-4fdc-8e7c-6c8ee7055455", "target_ref": "x-misp-object--8d164152-93e4-491d-8174-71ce50247de7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--513f4971-252f-474d-a3f6-9b56c119aaad", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e1fdbd81-ae8d-40a8-8a37-aa3da6836d41", "target_ref": "x-misp-object--d8d6cc05-a655-4af7-9dae-3486ca8047f8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2109e20d-3e86-491c-b747-e5a831ac8cb0", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9d6f735a-20a6-43bd-bd48-cc666ccf0bc3", "target_ref": "x-misp-object--16861013-0e17-4c80-9221-24cc9b73b85b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--deaf2319-3b56-4438-9b7c-a81ba17dff70", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f72b5eb-27e6-441d-ab60-7fd97834c781", "target_ref": "x-misp-object--b3a698f4-af39-4d2a-b5f1-0826edb603f1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3fd81f17-34e4-4fde-95cd-3ca990b8af59", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dc226cf9-3901-4edc-90f9-9de75bd2d00f", "target_ref": "x-misp-object--93d35eb5-e307-4820-a47a-a57aa72cfe2c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--60f5ac23-e7ad-4087-87b7-6e8beaee7ab4", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2cabe989-3926-4b82-a18e-ee6350cfb8b1", "target_ref": "x-misp-object--2b338a76-e93c-4865-86ce-579be4f77db0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--afae66b2-2df3-4acf-84a8-83dc5359bc34", "created": "2019-12-11T09:18:21.000Z", "modified": "2019-12-11T09:18:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--96a29e4d-f0b4-46a6-b1fc-7149ae1ad279", "target_ref": "x-misp-object--31c7787b-9094-44df-b7ca-87a0e7021c77" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--80c15233-6f98-44f4-a572-a0c077981acc", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--49eb8d09-d848-4ff0-8816-a3d7326ebccf", "target_ref": "x-misp-object--062efe17-65a7-4b2f-b136-d58822c364f1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8cf007e1-e36b-47ce-844b-e943e611cf36", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--db7298fa-263b-498f-960f-1b194cfe4de5", "target_ref": "x-misp-object--e2c7bb3e-63e8-4dee-bbd8-b7d6dc6e2e02" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a8e77be-969d-41d4-93b7-14c02911f479", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1e073b10-f5b2-4b40-b03d-2ac3c346c623", "target_ref": "x-misp-object--78957d62-12a5-4e50-95bb-1bfc7d52c0a3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2d0bf6ed-1c9d-4fe5-bac0-58ed0a5e0fa8", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7b06cd6d-1b04-4eb1-a5b3-5ac16957a74b", "target_ref": "x-misp-object--225b9831-90f0-4a1d-b648-39c64b06e224" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4e11b560-f2e6-4cab-b8df-7fdd6c17a730", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4291cde9-27ef-450d-92ba-2744f8c947b6", "target_ref": "x-misp-object--c144293b-4b7f-4679-904f-b7434c4d9c8a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bc7083de-1285-42d0-9f4a-d699d365196c", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--42f53055-e221-4cf7-b437-044ce5ca2211", "target_ref": "x-misp-object--178b2283-f003-4655-adb2-b3eb8bfb8661" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d2bc16a2-8d12-485c-bdd3-5f559d685aa6", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e077c8e1-eee3-490d-a8e6-650a84d6da8d", "target_ref": "x-misp-object--3da85cd7-1e21-4793-afa9-f535e305f09d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6f8567c3-5ea1-4fe4-ab03-47763d83de67", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--096051f1-52d6-40ff-9a26-27cc4cbd5340", "target_ref": "x-misp-object--eaf1bd61-312a-450d-a6ba-98a75c96cc4b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9592d9c-c6c1-4049-8fab-4319975d00ec", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e75a5ddc-399f-4cef-b8ef-3ba62b37f3fc", "target_ref": "x-misp-object--691f5fc6-1432-4104-b2ab-91845bef1c80" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ea21367b-6590-4406-85e0-24b5d6362c33", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6a5297e6-1764-4b15-833a-dcf2da04d712", "target_ref": "x-misp-object--9c8c3b07-a837-487a-84d4-2bc1dc29af73" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--29abfbb5-9aac-4ef4-8ac1-1c52aff6d3e5", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0e099433-6b3b-4670-aee9-8b7df2e13945", "target_ref": "x-misp-object--95dcd0fc-b65c-4d8d-810c-254cb5b8a74f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--636f4876-4f39-4443-9bc8-6e2c08111f50", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7bc9e536-46da-4612-85ef-3ae475a779e5", "target_ref": "x-misp-object--164e873a-a433-47c5-b72a-871a36a0277a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b886f21-d287-455c-838a-4d9fcfa96c33", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a4efc00e-8725-46d8-8eea-f816f13f8217", "target_ref": "x-misp-object--61f15f05-9676-4c7f-9d50-63725077ca79" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--112b583c-cb87-4943-8d9f-1d1702f24aaf", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5ac70318-589c-4c88-9b83-9e3c52632fee", "target_ref": "x-misp-object--cd1c5269-192d-46b2-8484-d5672a05cdd2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8ebb286-bbc7-4735-8df8-21c10b1ba3b4", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8e994ef7-443b-4711-a08b-5a654a62ca50", "target_ref": "x-misp-object--bd08d423-1190-4b66-9395-012fc9783231" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26e39c06-59d1-4fda-bdf5-6fddf5b5793d", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a6c70bd6-5746-4f7d-816e-13c91d9750c7", "target_ref": "x-misp-object--af5461e7-5cb9-4010-b77e-07e856f70881" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--180b0566-9d04-48d8-a6a6-1e505a62c2f0", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--963eab17-4976-4e37-a597-18564603f162", "target_ref": "x-misp-object--02d36b0e-fd99-4989-9d36-810644b59d5b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fba52054-bdc8-4d7b-8021-8a887898162a", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--986317b2-6bcb-4cbf-97a0-fa7112dd0685", "target_ref": "x-misp-object--7c1083ee-e7b6-482f-9879-13ec6ee3c5c7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--697aab26-8ac7-46a7-b169-8124a4e447a3", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f1cd008e-8200-480d-a5fb-8e173036480e", "target_ref": "x-misp-object--aaedd3d9-81ad-48d4-bb08-21118d6c5c92" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4010aef4-852b-49c1-a315-5145bf3cc63a", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b3c485b6-9b8a-4569-ba1a-8b9d6dda76b4", "target_ref": "x-misp-object--69b65471-2062-4ad8-8af4-58686651264c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bb0eeec2-7a00-42be-a885-5b20803652a2", "created": "2019-12-11T09:18:22.000Z", "modified": "2019-12-11T09:18:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ef8cca41-43ea-487a-a1ec-12b5fefd4e8f", "target_ref": "x-misp-object--039b1866-5082-48d1-ac4f-8458c388d040" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--810230cc-c616-4015-9479-27790384965b", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--226fe583-a514-41be-bd33-7866c1179721", "target_ref": "x-misp-object--0ffab07c-a846-47b1-aa43-521be8c2a596" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c50cd1a9-4611-420e-bc5f-39e428fc163f", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--50dec8fe-3cd0-4f41-a870-20a9b6db6128", "target_ref": "x-misp-object--3c4872eb-8452-4a07-b687-9c0f6e7a095c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--553ef682-01d8-46c1-89e6-f441dae22502", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c47ca59f-8107-44e0-bede-9da7ed3e3ddd", "target_ref": "x-misp-object--06b80fbd-8d89-4ff3-a9c4-97c0f4799814" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03692eb4-16cc-4a56-a1ae-6c1cf0cc8df5", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--793a3327-6441-4b54-a2d6-60235d929428", "target_ref": "x-misp-object--8485114a-e92b-40bc-a589-7c4820cce159" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--df95534c-e632-4c49-bc58-a34b53cebc0c", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5807ca57-bc74-4766-ba66-c3799022d537", "target_ref": "x-misp-object--5103ca8a-800c-49b0-9213-441f504a0ef9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--464a71d1-228a-4ab9-b704-708b363ac1f6", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4eaa3b4f-092f-47d3-82c1-737f44a09d84", "target_ref": "x-misp-object--fef1241e-6180-442e-a04f-37882c440f94" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28b011d9-787b-484e-8676-51d858b6ae41", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f19f7fe6-911c-4772-b318-3fc134181a04", "target_ref": "x-misp-object--d4381004-4cb5-4eb5-ace2-c1e4a08fbfb7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dcc3385d-66f7-4f70-9fcf-ebe12c32ecf3", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--01b59dd8-4bc6-4e51-9e74-355e39d0a682", "target_ref": "x-misp-object--4cef2bfa-e8af-4f8c-beea-1e92db05b867" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--568d41ef-8d6c-4161-9e03-426070a774d6", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dbf658d0-da2b-4e98-92c8-4fe1014d7849", "target_ref": "x-misp-object--1d589c18-3ec3-4138-8e6e-ca6f296f1847" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b534e9f4-e056-4ba3-84fb-5670b21b61ba", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--13b44bea-1d81-49ef-8063-f34bffa7bc4e", "target_ref": "x-misp-object--3af0974d-d8d7-458f-9b9a-4db4aa839f43" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0f2a51d-9873-4660-8dcd-2c717f48bda0", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1a53820f-5888-4777-9aee-8b8e0b61bed5", "target_ref": "x-misp-object--ada1ab8f-647a-4bd0-9b40-355d456990cb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5f2a7791-b944-48d4-9f2d-0444ad655599", "created": "2019-12-11T09:18:23.000Z", "modified": "2019-12-11T09:18:23.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1429c623-c7c9-494c-9515-6f69b26cc3af", "target_ref": "x-misp-object--b4d4de39-ecb9-429c-9ef6-a9db4f14947d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88a3bc30-3aaf-4f98-b4f6-a101b051d6a1", "created": "2019-12-11T09:18:24.000Z", "modified": "2019-12-11T09:18:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--45a7c66b-623c-4608-856c-f81e805d30f0", "target_ref": "x-misp-object--f1af9694-19f6-448e-99a8-4bbcbc9627b6" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }