{ "type": "bundle", "id": "bundle--5c7e29f1-3930-4e14-8f67-4b6f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-08T07:03:23.000Z", "modified": "2019-03-08T07:03:23.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5c7e29f1-3930-4e14-8f67-4b6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-08T07:03:23.000Z", "modified": "2019-03-08T07:03:23.000Z", "name": "OSINT - Operation Kabar Cobra", "context": "suspicious-activity", "object_refs": [ "observed-data--5c7e2abc-d3f8-4127-909f-4f0e950d210f", "url--5c7e2abc-d3f8-4127-909f-4f0e950d210f", "observed-data--5c7e2abc-5794-4d64-9b15-4f0e950d210f", "url--5c7e2abc-5794-4d64-9b15-4f0e950d210f", "indicator--5c7e7813-74e8-49d6-9c2c-45bd950d210f", "indicator--5c7e7813-0ca4-4610-b1ef-42f8950d210f", "indicator--5c7e7813-b568-49f9-9595-4241950d210f", "indicator--5c7e7813-ff70-49ee-9597-44fb950d210f", "indicator--5c7e7813-9b1c-42d8-ac77-4075950d210f", "indicator--5c7e7813-b42c-453c-b45f-434b950d210f", "indicator--5c7e7813-a3b0-44e3-88a8-4f9d950d210f", "indicator--5c7e7813-7418-4a22-9a6a-4bac950d210f", "indicator--5c7e7813-11dc-4e5a-ae98-4514950d210f", "indicator--5c7e7813-f9fc-49e4-8fea-467f950d210f", "indicator--5c7e7813-d40c-4bd1-9544-44cb950d210f", "indicator--5c7e7813-6f38-401a-8c56-4404950d210f", "indicator--5c7e7813-cf04-49f6-bc73-4eed950d210f", "indicator--5c7e7813-1c10-402d-89eb-42c3950d210f", "indicator--5c7e7813-2758-431d-8c04-4446950d210f", "indicator--5c7e7813-4c08-4857-8d6c-47ee950d210f", "indicator--5c7e7813-f028-4adb-8442-4631950d210f", "indicator--5c7e7813-b838-46b5-b0ca-4c91950d210f", "indicator--5c7e7813-b71c-46ce-9a40-41fa950d210f", "indicator--5c7e7813-568c-4419-9b72-45cf950d210f", "indicator--5c7e7813-3864-4e46-b858-4895950d210f", "indicator--5c7e7813-db10-40b6-ac51-455b950d210f", "indicator--5c7e7813-eca0-435a-ae2c-4453950d210f", "indicator--5c7e7813-2e50-44c6-a6ef-4679950d210f", "indicator--5c7e7813-1028-47e2-a423-42ee950d210f", "indicator--5c7e7813-a188-4133-8b14-40ec950d210f", "indicator--5c7e7813-74ac-4e42-b2c7-498c950d210f", "indicator--5c7e7814-c1d4-45f9-8011-46e3950d210f", "indicator--5c7e7814-ba78-477f-83f5-449f950d210f", "indicator--5c7e7814-8ec8-43de-b4f7-47f3950d210f", "indicator--5c7e7814-e0e0-42b8-bdbd-4b19950d210f", "indicator--5c7e7814-6a70-43ef-81a1-4164950d210f", "indicator--5c7e7814-c520-4de0-bf41-436e950d210f", "indicator--5c7e7814-df5c-4420-a125-4df3950d210f", "indicator--5c7e7814-f2f4-4575-8eb7-402e950d210f", "indicator--5c7e7814-1bfc-45b2-a0ac-4870950d210f", "indicator--5c7e7814-1d9c-461a-a836-43b9950d210f", "indicator--5c7e7814-cadc-4705-9650-4c70950d210f", "indicator--5c7e7814-ad7c-4f8f-bb85-4588950d210f", "indicator--5c7e7814-370c-4e7e-90ca-4635950d210f", "indicator--5c7e7814-115c-418c-9c0c-44bd950d210f", "indicator--5c7e7814-1384-4199-a9ba-43c3950d210f", "indicator--5c7e7814-3168-44c2-92a0-49ec950d210f", "indicator--5c7e7814-9d6c-4882-979d-49a6950d210f", "indicator--5c7e2b22-7908-4172-a737-49ad950d210f", "indicator--5c7e2b7b-c49c-4a49-90ee-4927950d210f", "indicator--5c7e2ba9-6c4c-4a31-8d9c-4d1a950d210f", "indicator--5c7e2bce-4910-48fe-aa4e-4927950d210f", "indicator--5c7e2c07-eba0-430f-b440-4931950d210f", "indicator--5c7e2e42-91e8-49ac-a360-c3e6950d210f", "indicator--5c7e2e6e-d32c-4334-b8b7-4f0e950d210f", "indicator--5c7e2e81-8b38-4f9a-ad23-4b59950d210f", "indicator--5c7e46be-947c-48d5-877b-f41b950d210f", "indicator--5c7e4700-9af0-44e7-a36c-f148950d210f", "indicator--5c7e4ad1-d824-4532-95f7-4e6b950d210f", "indicator--5c7e514e-efa8-491c-9c0a-43e3950d210f", "indicator--5c7e542e-485c-45ff-bcd6-f277950d210f", "indicator--5c7e5469-59fc-4c21-a5ce-4c36950d210f", "indicator--5c7e5477-a6dc-4af2-ad88-48b6950d210f", "indicator--5c7e5488-bb10-475f-9f11-40f0950d210f", "indicator--5c7e5498-80f0-4e8f-949e-43ab950d210f", "indicator--5c7e54ad-da34-42f0-b08f-466d950d210f", "indicator--5c7e54c3-8e14-4e41-a2dd-4c10950d210f", "indicator--5c7e54e0-1720-481b-929d-454d950d210f", "indicator--5c7e55b4-f100-4e76-bc1d-f26c950d210f", "indicator--5c7e55c5-54dc-4108-9d87-48be950d210f", "indicator--5c7e55da-5c2c-463a-b42c-f26c950d210f", "indicator--5c7e55f0-2de8-4f66-a93c-430b950d210f", "indicator--5c7e5605-4ad0-42ee-a555-4eb0950d210f", "indicator--5c7e5613-1488-48e3-8453-f2c7950d210f", "indicator--5c7e5621-2a28-4889-a03a-4928950d210f", "indicator--5c7e5633-89d8-49e7-bc35-c3ea950d210f", "indicator--5c7e565f-2878-40b3-8d84-492d950d210f", "indicator--5c7e566f-eff0-424d-a55a-409b950d210f", "indicator--5c7e567e-4720-4fbf-b524-4324950d210f", "indicator--5c7e56a0-c8cc-4d14-88b4-4ddc950d210f", "indicator--5c7e56c3-80c0-4f6a-9601-4caf950d210f", "indicator--5c7e56d5-01b8-4a68-8c44-43ab950d210f", "indicator--5c7e56eb-5344-47b1-aa41-f277950d210f", "indicator--5c7e56fd-99d4-4830-914d-4f38950d210f", "indicator--5c7e579b-edc0-47c2-88e4-424d950d210f", "indicator--5c7e582c-76a8-4a87-936b-46c9950d210f", "indicator--5c7e585e-b924-48a5-a659-490d950d210f", "indicator--5c7e5887-b2b4-4e72-988f-4c83950d210f", "indicator--5c7e63c1-19e8-4619-a253-4730950d210f", "indicator--5c7e6479-92b0-468e-a85c-47aa950d210f", "indicator--5c7e6497-2f04-471f-b48e-401b950d210f", "indicator--5c7e64c2-bc88-401b-bfc6-4504950d210f", "vulnerability--5c7e64dd-0470-4556-9dfa-41fc950d210f", "indicator--5c7e6523-60a0-4a28-adeb-47c4950d210f", "indicator--5c7e653a-edc4-4389-850b-4a91950d210f", "indicator--5c7e6556-1f7c-440e-ad46-43c2950d210f", "indicator--689ecef6-f10d-439a-a27a-95d1d4c95f99", "x-misp-object--63188ca3-d4a3-439d-9b01-b9ec4a029584", "indicator--8f9b8272-3ef4-4ed8-ac44-98a8bd9f8ac9", "x-misp-object--f1e4e0de-7aa4-4d61-bc50-d9850e25c9fd", "indicator--92b9f0a3-acd0-4e49-a789-d100f0e9a3f4", "x-misp-object--cdd4af57-0253-4178-9b16-26b9169ebaaf", "indicator--77fb245c-d880-4b58-a4a1-3c79e3429fd5", "x-misp-object--c5c06cde-e106-4432-a2d5-4d1f4c2d6af3", "indicator--00c34c0b-95aa-4d40-b8f6-462c2a9f4c73", "x-misp-object--2790778c-6796-474b-a65f-c47b1f092552", "indicator--c4234048-c767-46e0-b00b-23d614a98173", "x-misp-object--ef19ab7e-b5d8-412e-92bc-9122218f90e4", "indicator--7dbe5bfc-d541-4179-a365-3f274ec85c97", "x-misp-object--a13db91c-a587-4810-ae35-81ad538a42aa", "indicator--198efd3b-e179-4498-bab8-22187889eeb5", "x-misp-object--1a13e62a-1e04-4b73-af40-e077849ad7fa", "indicator--056a71eb-527f-47c6-bb7c-3e38f615ea86", "x-misp-object--dbef32c7-cd7d-4324-a1ac-22c6838b047e", "indicator--94710f77-734e-4779-a517-39e9ff83c5c3", "x-misp-object--43d64fc5-70dc-4429-8be4-f4d6401bac8f", "indicator--d21b3bc0-51d3-4d83-ab29-eab87f9d72f6", "x-misp-object--7bf89ab8-38dc-4396-9ed7-ab7767e19d08", "indicator--52839704-cde1-423b-b83b-85f3be6c94ff", "x-misp-object--4676a5ec-697d-41af-88f8-1edd0b391a93", "indicator--8aa148ae-97d2-47ff-83d9-7fb3a2d8a4bd", "x-misp-object--87dd8a5a-c52f-416e-885c-020efd23e62e", "indicator--171c1ddf-7a54-489d-9684-92c88617c956", "x-misp-object--5f3792ac-f82d-4592-88c3-ee892c828c41", "indicator--1a5e57b9-36fe-421d-a886-16026857b58f", "x-misp-object--04c722ce-cdee-4769-b6a8-b6f26eb83949", "indicator--b3177b4e-555f-4f20-9a65-a08e1d02f9fd", "x-misp-object--af4721d1-291a-46d2-8eb9-50fc1f8da0cb", "indicator--173a3d42-d718-41eb-ac2a-43d4e432bb46", "x-misp-object--cc17229b-13c4-40e8-887f-1d7cf5abd020", "indicator--ac2931c8-7efd-400e-a3da-9699601420cd", "x-misp-object--526e45f9-c018-4f26-b8ac-42a435da08c9", "indicator--3a427677-7b23-40b7-9d8f-190c766ef8fe", "x-misp-object--e12c9d7a-8312-437d-8b1a-c15e09ef37d6", "indicator--de5147bc-03f2-4d1a-a9c6-80bf8d449e96", "x-misp-object--ecb9a5f0-73c7-4556-a7e3-9e2f4ca35fb5", "indicator--163ddda1-900e-4bff-950b-0d5d1c2029c5", "x-misp-object--05fae74d-fd81-4262-9d67-eed24b685f5d", "indicator--52150aff-7237-412a-a493-1be95ce36e7f", "x-misp-object--2c88a906-411b-4819-a1c3-16907c03e3f9", "relationship--e2c0e432-070e-49d2-90fb-de3acfb2170c", "relationship--40472729-0521-4b27-93f8-b4472423bc45", "relationship--20a8248a-4eed-46d2-aaf8-d28660c1b300", "relationship--ec6465af-a8c3-4d23-bf29-ad97ee0fa822", "relationship--df6737b3-2989-49d9-90a7-6757ad6b58a9", "relationship--ac0a7513-cb22-4e87-8cc6-0551d479bdba", "relationship--52e3b650-e2ee-46ba-a0a8-7d04db0e2bff", "relationship--d43903ca-6745-462e-a30c-bcb764892f41", "relationship--4cce3746-e84f-47c6-a7ee-600d1e99381f", "relationship--5a0b9a0a-521b-4dbf-89a1-0b05cc57ab17", "relationship--b94b7d4c-4c78-4453-8be7-9c0b3ed2cfd4", "relationship--3d38542c-8fb3-495c-b8a5-e6081f2039f7", "relationship--c5b22dc9-340e-413c-b8ea-81cab5bb9b92", "relationship--78a8c78d-a60b-4080-9ef4-81a200a63b95", "relationship--e719f862-9e4f-4f11-931e-9dbe09e30b7b", "relationship--6604c767-0e80-4bd5-99fa-d4be79fbb03e", "relationship--3e6481cb-b540-4668-8c09-1612dc73693f", "relationship--81328212-9e74-4e24-afb0-e791b6cbd39e", "relationship--e7a1ab13-2131-4a69-8382-5568e2b987d9", "relationship--0e17038d-4637-4069-9359-cf8dbfaa1f40", "relationship--6079c9b3-b02d-461b-8973-b6adeb0bdf32", "relationship--404503c7-2906-45a6-a46e-566a49ce0928", "relationship--39489cbc-7082-495c-899a-d8301946ce39" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "workflow:todo=\"add-context\"", "workflow:todo=\"add-missing-misp-galaxy-cluster-values\"", "workflow:todo=\"create-missing-misp-galaxy\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c7e2abc-d3f8-4127-909f-4f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:52:28.000Z", "modified": "2019-03-05T07:52:28.000Z", "first_observed": "2019-03-05T07:52:28Z", "last_observed": "2019-03-05T07:52:28Z", "number_observed": 1, "object_refs": [ "url--5c7e2abc-d3f8-4127-909f-4f0e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c7e2abc-d3f8-4127-909f-4f0e950d210f", "value": "https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?menu_dist=2&curPage=1&seq=28102" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c7e2abc-5794-4d64-9b15-4f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:52:28.000Z", "modified": "2019-03-05T07:52:28.000Z", "first_observed": "2019-03-05T07:52:28Z", "last_observed": "2019-03-05T07:52:28Z", "number_observed": 1, "object_refs": [ "url--5c7e2abc-5794-4d64-9b15-4f0e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c7e2abc-5794-4d64-9b15-4f0e950d210f", "value": "http://download.ahnlab.com/kr/site/library/%5bAnalysis_Report%5dOperation_Kabar_Cobra.pdf" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-74e8-49d6-9c2c-45bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.224.138.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-0ca4-4610-b1ef-42f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'navem-rnail.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-b568-49f9-9595-4241950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'navem-rnail.hol.es/est/down/msofficeupdate64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-ff70-49ee-9597-44fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'myaccounnts-goggle.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-9b1c-42d8-ac77-4075950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'bmail-or-kr.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-b42c-453c-b45f-434b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'aiyac-updaite.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-a3b0-44e3-88a8-4f9d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'rnyacount-jpadmin.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-7418-4a22-9a6a-4bac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'aiyac-updaite.hol.es/est/down/alyacmonitor64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-11dc-4e5a-ae98-4514950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'aiyac-updaite.hol.es/est/down/msofficeupdate64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-f9fc-49e4-8fea-467f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'rnyacount-jpadmin.hol.es/est/down/msofficeupdate64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-d40c-4bd1-9544-44cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'rnyacount-jpadmin.hol.es/est/down/fw.a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-6f38-401a-8c56-4404950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'ms-performance.hol.es/mysite/down/msperformancecheck.b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-cf04-49f6-bc73-4eed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'ms-performance.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-1c10-402d-89eb-42c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'ms-performance.hol.es/mysite/down/msperformancecheck64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-2758-431d-8c04-4446950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'suppcrt-seourity.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-4c08-4857-8d6c-47ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'ahnniab.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-f028-4adb-8442-4631950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'ahnniab.esy.es/w/down/alyacmonitor.a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-b838-46b5-b0ca-4c91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'ahnniab.esy.es/w/down/tvEngine.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-b71c-46ce-9a40-41fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'daum-safety-team.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-568c-4419-9b72-45cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'myacccounts-goggle.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-3864-4e46-b858-4895950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'myacccount-goggle.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-db10-40b6-ac51-455b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'nav-mail.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-eca0-435a-ae2c-4453950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'mail-support.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-2e50-44c6-a6ef-4679950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'my-homework.890m.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-1028-47e2-a423-42ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'my-homework.890m.com/gnu/download/tvEngine.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-a188-4133-8b14-40ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[url:value = 'my-homework.890m.com/gnu/download/list.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7813-74ac-4e42-b2c7-498c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:27.000Z", "modified": "2019-03-05T13:22:27.000Z", "pattern": "[domain-name:value = 'nid-mail.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-c1d4-45f9-8011-46e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/gnu//download/tmp.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-ba78-477f-83f5-449f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/gnu//download/notepad64.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-8ec8-43de-b4f7-47f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/x64/wall.cab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-e0e0-42b8-bdbd-4b19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'nid-mail.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-6a70-43ef-81a1-4164950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/private32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-c520-4de0-bf41-436e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/private64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-df5c-4420-a125-4df3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/secu32_init']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-f2f4-4575-8eb7-402e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[url:value = 'nid-mail.esy.es/bbs/data/tmp/logger/secu64_init']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-1bfc-45b2-a0ac-4870950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'nid-mail.pe.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-1d9c-461a-a836-43b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'newsea36-chol.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-cadc-4705-9650-4c70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'acount-qooqle.pe.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-ad7c-4f8f-bb85-4588950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'myprofileacc.pe.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-370c-4e7e-90ca-4635950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'customer-center.esy.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-115c-418c-9c0c-44bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'need-nver.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-1384-4199-a9ba-43c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'daum-settting.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-3168-44c2-92a0-49ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'nid-never.pe.hu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e7814-9d6c-4882-979d-49a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T13:22:28.000Z", "modified": "2019-03-05T13:22:28.000Z", "pattern": "[domain-name:value = 'nid-naver.hol.es']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2b22-7908-4172-a737-49ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:54:10.000Z", "modified": "2019-03-05T07:54:10.000Z", "pattern": "[file:hashes.MD5 = '0eb739c8faf77dae0546ff447ad06038' AND file:name = '2019 \uc0ac\uc5c5\uacc4\ud68d\uc11c.hwp{\uacf5\ubc31}.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T07:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2b7b-c49c-4a49-90ee-4927950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:55:39.000Z", "modified": "2019-03-05T07:55:39.000Z", "pattern": "[file:hashes.MD5 = '9c3396aa94083916227201bf1396a2ca' AND file:name = '\ubbf8\ub514\uc5b4\uad8c\ub825\uc774\ub3d9\u2465-\ub137\ud50c\ub809\uc2a4, \uc720\ud29c\ube0c.hwp{\uacf5\ubc31}.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T07:55:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2ba9-6c4c-4a31-8d9c-4d1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:56:25.000Z", "modified": "2019-03-05T07:56:25.000Z", "pattern": "[file:hashes.MD5 = '20301fdd013c836039b8cfe0d100a1d7' AND file:name = '\uc911\uad6d-\uc5f0\uad6c\uc790\ub8cc.hwp{\uacf5\ubc31}.scr' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T07:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2bce-4910-48fe-aa4e-4927950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:57:02.000Z", "modified": "2019-03-05T07:57:02.000Z", "pattern": "[file:hashes.MD5 = 'dc1196876d9a59ab477ebc62d07a255e' AND file:name = 'AR.xls{\uacf5\ubc31}.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T07:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2c07-eba0-430f-b440-4931950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T07:57:59.000Z", "modified": "2019-03-05T07:57:59.000Z", "pattern": "[file:hashes.MD5 = 'cd705902ea42d0de2a8456b055c3bb87' AND file:name = '{\ubbf8\uc0c1}.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T07:57:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2e42-91e8-49ac-a360-c3e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T08:07:30.000Z", "modified": "2019-03-05T08:07:30.000Z", "pattern": "[file:name = 'Freedom.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T08:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2e6e-d32c-4334-b8b7-4f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T08:08:14.000Z", "modified": "2019-03-05T08:08:14.000Z", "pattern": "[file:name = 'AhnLabMon.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T08:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e2e81-8b38-4f9a-ad23-4b59950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T08:08:33.000Z", "modified": "2019-03-05T08:08:33.000Z", "pattern": "[file:name = 'AlyacMonitor.db' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T08:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e46be-947c-48d5-877b-f41b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T09:51:58.000Z", "modified": "2019-03-05T09:51:58.000Z", "pattern": "[file:name = 'Cobra.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T09:51:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e4700-9af0-44e7-a36c-f148950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T09:53:04.000Z", "modified": "2019-03-05T09:53:04.000Z", "pattern": "[file:name = 'secu32_init.inf' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T09:53:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e4ad1-d824-4532-95f7-4e6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:09:21.000Z", "modified": "2019-03-05T10:09:21.000Z", "pattern": "[file:name = 'private32.db' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:09:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e514e-efa8-491c-9c0a-43e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:37:02.000Z", "modified": "2019-03-05T10:37:02.000Z", "pattern": "[file:hashes.MD5 = '242c31d0ce2109fdface788663e90f49' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e542e-485c-45ff-bcd6-f277950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:49:18.000Z", "modified": "2019-03-05T10:49:18.000Z", "pattern": "[file:hashes.MD5 = '6106449779d453be4ae28d89f207e921' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:49:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5469-59fc-4c21-a5ce-4c36950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:50:17.000Z", "modified": "2019-03-05T10:50:17.000Z", "pattern": "[file:hashes.MD5 = '66b73fba4e47b3184edd75b0ce9cf928' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:50:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5477-a6dc-4af2-ad88-48b6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:50:31.000Z", "modified": "2019-03-05T10:50:31.000Z", "pattern": "[file:hashes.MD5 = '1dfe826f71c20ff04987a9160c177e46' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:50:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5488-bb10-475f-9f11-40f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:50:48.000Z", "modified": "2019-03-05T10:50:48.000Z", "pattern": "[file:hashes.MD5 = 'b994bd755e034d2218f8a3f70e91a165' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:50:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5498-80f0-4e8f-949e-43ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:51:04.000Z", "modified": "2019-03-05T10:51:04.000Z", "pattern": "[file:hashes.MD5 = '1a082a388a285e7fc4541124794f3910' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:51:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e54ad-da34-42f0-b08f-466d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:51:25.000Z", "modified": "2019-03-05T10:51:25.000Z", "pattern": "[file:hashes.MD5 = '71ec829db01818d305552ec4ebb1c258' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:51:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e54c3-8e14-4e41-a2dd-4c10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:51:47.000Z", "modified": "2019-03-05T10:51:47.000Z", "pattern": "[file:hashes.MD5 = '2fdf23367c604511d019a6914c50bc0b' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:51:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e54e0-1720-481b-929d-454d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:52:16.000Z", "modified": "2019-03-05T10:52:16.000Z", "pattern": "[file:hashes.MD5 = '566cc6129dc887629a7131821c7547e5' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:52:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e55b4-f100-4e76-bc1d-f26c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:55:48.000Z", "modified": "2019-03-05T10:55:48.000Z", "pattern": "[file:hashes.MD5 = '9d685308d3125e14287ecb7fbe5fcd37' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:55:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e55c5-54dc-4108-9d87-48be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:56:05.000Z", "modified": "2019-03-05T10:56:05.000Z", "pattern": "[file:name = 'core.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:56:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e55da-5c2c-463a-b42c-f26c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:56:26.000Z", "modified": "2019-03-05T10:56:26.000Z", "pattern": "[file:name = 'tvengine.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e55f0-2de8-4f66-a93c-430b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:56:48.000Z", "modified": "2019-03-05T10:56:48.000Z", "pattern": "[file:name = 'ariaK.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5605-4ad0-42ee-a555-4eb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:57:09.000Z", "modified": "2019-03-05T10:57:09.000Z", "pattern": "[file:hashes.MD5 = 'bb42e6649d927899c816cc04c2bffc06' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:57:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5613-1488-48e3-8453-f2c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:57:23.000Z", "modified": "2019-03-05T10:57:23.000Z", "pattern": "[file:hashes.MD5 = '95410a32a76aecb099af53255bb90737' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:57:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5621-2a28-4889-a03a-4928950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:57:37.000Z", "modified": "2019-03-05T10:57:37.000Z", "pattern": "[file:hashes.MD5 = '0a50827a4897a43a882c8d3c691d943d' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:57:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5633-89d8-49e7-bc35-c3ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:57:55.000Z", "modified": "2019-03-05T10:57:55.000Z", "pattern": "[file:name = 'IECheck.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:57:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e565f-2878-40b3-8d84-492d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:58:39.000Z", "modified": "2019-03-05T10:58:39.000Z", "pattern": "[file:hashes.MD5 = '874c0ec36be15fe3403f3abad6ecea75' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:58:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e566f-eff0-424d-a55a-409b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:58:55.000Z", "modified": "2019-03-05T10:58:55.000Z", "pattern": "[file:hashes.MD5 = '4de21c3af64b3b605446278de92dfff4' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:58:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e567e-4720-4fbf-b524-4324950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:59:10.000Z", "modified": "2019-03-05T10:59:10.000Z", "pattern": "[file:hashes.MD5 = 'a45ba001c3abee03bda49c6816d9a17c' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:59:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e56a0-c8cc-4d14-88b4-4ddc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T10:59:44.000Z", "modified": "2019-03-05T10:59:44.000Z", "pattern": "[file:name = '45D3.tmp' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T10:59:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e56c3-80c0-4f6a-9601-4caf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:00:19.000Z", "modified": "2019-03-05T11:00:19.000Z", "pattern": "[file:hashes.MD5 = '02dae3046d1669a55785ba935b0e3f0b' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:00:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e56d5-01b8-4a68-8c44-43ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:00:37.000Z", "modified": "2019-03-05T11:00:37.000Z", "pattern": "[file:hashes.MD5 = 'ba89337af43f0b07a35cc892ac95112a' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:00:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e56eb-5344-47b1-aa41-f277950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:00:59.000Z", "modified": "2019-03-05T11:00:59.000Z", "pattern": "[file:hashes.MD5 = '74c3011b6980bea23d119822d979a364' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:00:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e56fd-99d4-4830-914d-4f38950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:01:17.000Z", "modified": "2019-03-05T11:01:17.000Z", "pattern": "[file:name = 'MsMpQhp.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:01:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e579b-edc0-47c2-88e4-424d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:03:55.000Z", "modified": "2019-03-05T11:03:55.000Z", "description": "TeamViewer ", "pattern": "[file:hashes.MD5 = 'ab73b1395938c48d62b7eeb5c9f3409d' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:03:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e582c-76a8-4a87-936b-46c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:06:20.000Z", "modified": "2019-03-05T11:06:20.000Z", "description": "TeamViewer", "pattern": "[file:hashes.MD5 = 'b02f3881321f0912b2ae3f27498c448f' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e585e-b924-48a5-a659-490d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:07:10.000Z", "modified": "2019-03-05T11:07:10.000Z", "description": "TeamViewer", "pattern": "[file:hashes.MD5 = '11fc4829c2fff9fb240acbd71c60fc67' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:07:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e5887-b2b4-4e72-988f-4c83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:07:51.000Z", "modified": "2019-03-05T11:07:51.000Z", "pattern": "[file:hashes.MD5 = '54783422cfd7029a26a3f3f5e9087d8a' AND file:name = '2014 \ud55c\uc6b81,2 \ud638\uae30\uc124\uacc4\ubcc0\uacbd\uc0ac\ud56d.hwp' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e63c1-19e8-4619-a253-4730950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:55:45.000Z", "modified": "2019-03-05T11:55:45.000Z", "pattern": "[file:hashes.MD5 = '8332be776617364c16868c1ad6b4efe7' AND file:name = '2018 \uc885\uc804\uc5b8.hwp' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:55:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e6479-92b0-468e-a85c-47aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:58:49.000Z", "modified": "2019-03-05T11:58:49.000Z", "pattern": "[file:hashes.MD5 = 'f22db1e3ea74af791e34ad5aa0297664' AND file:name = 'fontchk.jse' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:58:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e6497-2f04-471f-b48e-401b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T11:59:19.000Z", "modified": "2019-03-05T11:59:19.000Z", "pattern": "[file:hashes.MD5 = '48d9e625ea3efbcbef3963c8714544a7' AND file:name = '2\uc6d41\uc8fc\ucc28\uad6d\uc81c\uc548\ubcf4\uad70\uc0ac\uc815\uc138.hwp' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T11:59:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e64c2-bc88-401b-bfc6-4504950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T12:00:52.000Z", "modified": "2019-03-05T12:00:52.000Z", "pattern": "[file:hashes.MD5 = 'b49bbc11ed000211a5af7eb35f596886' AND file:name = 'IE \ucde8\uc57d\uc810' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T12:00:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5c7e64dd-0470-4556-9dfa-41fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T12:00:29.000Z", "modified": "2019-03-05T12:00:29.000Z", "name": "CVE-2018-8174", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2018-8174" } ], "x_misp_state": "Published" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e6523-60a0-4a28-adeb-47c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T12:01:39.000Z", "modified": "2019-03-05T12:01:39.000Z", "pattern": "[file:hashes.MD5 = 'aea8d3002132094a58d5189a8e886cf8' AND file:name = '2016\ub144\uc81c46\ucc28\uc6d0\ub0b4\ub300\ucc45\ud68c\uc758\ubaa8\ub450\ubc1c\uc5b8.hwp' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T12:01:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e653a-edc4-4389-850b-4a91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T12:02:02.000Z", "modified": "2019-03-05T12:02:02.000Z", "pattern": "[file:hashes.MD5 = '08523230e221246bb59cde7c3e8363c7' AND file:name = '0x0ED6D109-0xED81000.mem.pe.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T12:02:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c7e6556-1f7c-440e-ad46-43c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-05T12:02:30.000Z", "modified": "2019-03-05T12:02:30.000Z", "pattern": "[file:hashes.MD5 = '2f26f3a883aeca9a11769664fc7d4750' AND file:name = 'hwpkor.dll' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-05T12:02:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--689ecef6-f10d-439a-a27a-95d1d4c95f99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:24.000Z", "modified": "2019-03-07T22:56:24.000Z", "pattern": "[file:hashes.MD5 = '874c0ec36be15fe3403f3abad6ecea75' AND file:hashes.SHA1 = '17b4e8bf763a6e5c4f04f5c98eb780894140e7b1' AND file:hashes.SHA256 = '520056eedfaf9d3445ecf8d7aefa0b93d7c35f9a8a2a5da0999530280a9a6438']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--63188ca3-d4a3-439d-9b01-b9ec4a029584", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:25.000Z", "modified": "2019-03-07T22:56:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:18", "category": "Other", "uuid": "ea02193f-258f-4063-808b-da8045437f52" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/520056eedfaf9d3445ecf8d7aefa0b93d7c35f9a8a2a5da0999530280a9a6438/analysis/1551830898/", "category": "Payload delivery", "uuid": "af3bb3c4-5117-41f6-a400-b1331dba4474" }, { "type": "text", "object_relation": "detection-ratio", "value": "6/68", "category": "Payload delivery", "uuid": "d9947682-2fc1-432f-b192-14b4895af3f8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f9b8272-3ef4-4ed8-ac44-98a8bd9f8ac9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:25.000Z", "modified": "2019-03-07T22:56:25.000Z", "pattern": "[file:hashes.MD5 = 'cd705902ea42d0de2a8456b055c3bb87' AND file:hashes.SHA1 = 'd945db08bacd1c2e06ad29c207c7da34edacf965' AND file:hashes.SHA256 = '04b28c594e96703ed11481847aab936e5ba06280ce947a436e0b64752c86bd14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f1e4e0de-7aa4-4d61-bc50-d9850e25c9fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:25.000Z", "modified": "2019-03-07T22:56:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:17", "category": "Other", "uuid": "3679c946-dbf4-446f-845d-278dfbdc0724" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/04b28c594e96703ed11481847aab936e5ba06280ce947a436e0b64752c86bd14/analysis/1551830897/", "category": "Payload delivery", "uuid": "7f45ee46-b0ed-4656-b7a0-b09313f1b51f" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/66", "category": "Payload delivery", "uuid": "9f9a329a-139f-41bf-a10a-27db6d9e7df6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92b9f0a3-acd0-4e49-a789-d100f0e9a3f4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:25.000Z", "modified": "2019-03-07T22:56:25.000Z", "pattern": "[file:hashes.MD5 = 'ba89337af43f0b07a35cc892ac95112a' AND file:hashes.SHA1 = 'f8834840c73a944394c26b3b71b9627a2a0c385a' AND file:hashes.SHA256 = 'cd152e2c4796dd4cf82e2824ad6ca6e64ef42ab2ca79cf3417354d6b2e999fb9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cdd4af57-0253-4178-9b16-26b9169ebaaf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:25.000Z", "modified": "2019-03-07T22:56:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 04:40:29", "category": "Other", "uuid": "46129aee-9ce2-40e5-8cdd-9855bf6268e6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cd152e2c4796dd4cf82e2824ad6ca6e64ef42ab2ca79cf3417354d6b2e999fb9/analysis/1551847229/", "category": "Payload delivery", "uuid": "9cac1422-04e3-493a-aeac-18a155eabdc4" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/66", "category": "Payload delivery", "uuid": "a3052011-844c-43e6-9772-08d421387a65" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77fb245c-d880-4b58-a4a1-3c79e3429fd5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:25.000Z", "modified": "2019-03-07T22:56:25.000Z", "pattern": "[file:hashes.MD5 = '74c3011b6980bea23d119822d979a364' AND file:hashes.SHA1 = '447f08c1fd35a517004987dcbae264cf744a5721' AND file:hashes.SHA256 = 'c9507551a16afacdd8a5dda69c2b4b924cebe97c0ebaae955c6f446a7061f744']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c5c06cde-e106-4432-a2d5-4d1f4c2d6af3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:26", "category": "Other", "uuid": "4716d971-3868-4ca4-9a44-6b9017b6be31" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c9507551a16afacdd8a5dda69c2b4b924cebe97c0ebaae955c6f446a7061f744/analysis/1551830906/", "category": "Payload delivery", "uuid": "785c801a-5b42-4ec3-a5c8-4f117de68396" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/67", "category": "Payload delivery", "uuid": "f227a142-d12e-435d-a4a2-9013f27d8f9c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00c34c0b-95aa-4d40-b8f6-462c2a9f4c73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "pattern": "[file:hashes.MD5 = '71ec829db01818d305552ec4ebb1c258' AND file:hashes.SHA1 = 'd1a9dad0b7b1face9869216c863b743bc2b1e3a4' AND file:hashes.SHA256 = 'd9746224143010adada9989bf6b1014bb10e8165615e1ef6b58fd429cd2aa20a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2790778c-6796-474b-a65f-c47b1f092552", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-20 00:37:01", "category": "Other", "uuid": "70fb6240-1fd0-4be8-b94f-ea3f7ae2f14e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d9746224143010adada9989bf6b1014bb10e8165615e1ef6b58fd429cd2aa20a/analysis/1550623021/", "category": "Payload delivery", "uuid": "738fd47a-6aa7-487e-bdbe-24f82b3dafb5" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/67", "category": "Payload delivery", "uuid": "aa9fdbe7-b77c-4b57-b90d-b5003630f724" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4234048-c767-46e0-b00b-23d614a98173", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "pattern": "[file:hashes.MD5 = '0eb739c8faf77dae0546ff447ad06038' AND file:hashes.SHA1 = '12262afd366b6d123508ef79d5cfc49251f5e368' AND file:hashes.SHA256 = '9505ee1c9b92390e6f1404648686c524681874e6986bdf6236ca7e0ca5c2693a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef19ab7e-b5d8-412e-92bc-9122218f90e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:22", "category": "Other", "uuid": "d8b0fa1f-c414-4d70-8ff6-a6b37e927e78" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9505ee1c9b92390e6f1404648686c524681874e6986bdf6236ca7e0ca5c2693a/analysis/1551830902/", "category": "Payload delivery", "uuid": "3cb88750-c8d6-49dd-a9e9-9e4f5631836b" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/67", "category": "Payload delivery", "uuid": "cd3b7425-7563-4cd3-86a4-ddc0666c7852" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7dbe5bfc-d541-4179-a365-3f274ec85c97", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "pattern": "[file:hashes.MD5 = 'aea8d3002132094a58d5189a8e886cf8' AND file:hashes.SHA1 = 'c6b6f203225d102fe8173500dd74ab9b3c4b4a13' AND file:hashes.SHA256 = '8dc6e8eccaaa9ebe77b60ab364e7a56ba81bb00664485d3090b58286df0ca37c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a13db91c-a587-4810-ae35-81ad538a42aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-03 05:10:17", "category": "Other", "uuid": "49179a2f-4b82-4bd0-a84a-b4541c23e2bc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8dc6e8eccaaa9ebe77b60ab364e7a56ba81bb00664485d3090b58286df0ca37c/analysis/1551589817/", "category": "Payload delivery", "uuid": "9692eb2e-5956-4c0a-9fa4-54fe57ba02ca" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/52", "category": "Payload delivery", "uuid": "8cddcab6-c166-4b67-936f-a23f10ba57ef" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--198efd3b-e179-4498-bab8-22187889eeb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "pattern": "[file:hashes.MD5 = '9c3396aa94083916227201bf1396a2ca' AND file:hashes.SHA1 = '02133960eeb5dbf136e37d1b1b317306eae85036' AND file:hashes.SHA256 = 'c6c332ae1ccb580ac621d3cf667ce9c017be41f8ad04a94c0c0ea37c4789dd14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1a13e62a-1e04-4b73-af40-e077849ad7fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-20 00:41:42", "category": "Other", "uuid": "c40a38b6-590e-4041-8d4a-b3a970a97ae0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c6c332ae1ccb580ac621d3cf667ce9c017be41f8ad04a94c0c0ea37c4789dd14/analysis/1550623302/", "category": "Payload delivery", "uuid": "fbbeda9f-8f2a-4afb-9aca-5cda517239f7" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/64", "category": "Payload delivery", "uuid": "2aee7374-ecdc-4da4-8929-0a19b36404a7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--056a71eb-527f-47c6-bb7c-3e38f615ea86", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "pattern": "[file:hashes.MD5 = '11fc4829c2fff9fb240acbd71c60fc67' AND file:hashes.SHA1 = '63282c2399bde7558163421d624f1d5c0f08010e' AND file:hashes.SHA256 = '5d91abb9519b260dfef8328fce1db4ec19db79bbe59c1f512d15f32b35db04be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dbef32c7-cd7d-4324-a1ac-22c6838b047e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:26.000Z", "modified": "2019-03-07T22:56:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:20", "category": "Other", "uuid": "853c5d4a-614a-4f32-a19a-814f37fed061" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5d91abb9519b260dfef8328fce1db4ec19db79bbe59c1f512d15f32b35db04be/analysis/1551830900/", "category": "Payload delivery", "uuid": "6cb2a159-9bf4-43b2-8662-39d27983aa64" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/70", "category": "Payload delivery", "uuid": "450ceaee-6c75-4748-8c80-106523eab7bb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94710f77-734e-4779-a517-39e9ff83c5c3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "pattern": "[file:hashes.MD5 = '54783422cfd7029a26a3f3f5e9087d8a' AND file:hashes.SHA1 = '5d379e533acef24ada64dbaf275650093ec790e7' AND file:hashes.SHA256 = 'ba08b13577eef393db69a20d9b881bfd18e86ec37690c25cc2931a7b26dbdc6f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--43d64fc5-70dc-4429-8be4-f4d6401bac8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-01 03:41:39", "category": "Other", "uuid": "b78fd9bb-41b4-4387-999c-90b9f90758bc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ba08b13577eef393db69a20d9b881bfd18e86ec37690c25cc2931a7b26dbdc6f/analysis/1551411699/", "category": "Payload delivery", "uuid": "e30c95bd-5e0b-4e47-bd51-b98558b96b24" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/55", "category": "Payload delivery", "uuid": "86e4ed6f-0324-495f-808b-a16ccb2bd67a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d21b3bc0-51d3-4d83-ab29-eab87f9d72f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "pattern": "[file:hashes.MD5 = '66b73fba4e47b3184edd75b0ce9cf928' AND file:hashes.SHA1 = '340b6b0370730a8344bc880c786a4e10fcd961a7' AND file:hashes.SHA256 = 'd62bf83fb5a7b148f326908051b149b77663149d47426ce749e944f7abf5d304']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7bf89ab8-38dc-4396-9ed7-ab7767e19d08", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-20 00:35:43", "category": "Other", "uuid": "b4939e5b-d9f5-41cb-821e-0f8c57185ec2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d62bf83fb5a7b148f326908051b149b77663149d47426ce749e944f7abf5d304/analysis/1550622943/", "category": "Payload delivery", "uuid": "477fd8aa-292f-458e-ba07-99f738ca71e7" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Payload delivery", "uuid": "ae59882b-bc1d-406e-a45c-0cc44b6ca447" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52839704-cde1-423b-b83b-85f3be6c94ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "pattern": "[file:hashes.MD5 = '9d685308d3125e14287ecb7fbe5fcd37' AND file:hashes.SHA1 = 'c6dfbb9ff21830fa48e2a4e831908345cab572ca' AND file:hashes.SHA256 = '71841a1b5ee1b383a9282bf513723b7f1713a0e1ee501db38d64c2db9ba08ec4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4676a5ec-697d-41af-88f8-1edd0b391a93", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-26 07:12:06", "category": "Other", "uuid": "c84855e8-06c6-4876-a86c-3308f8c77c45" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/71841a1b5ee1b383a9282bf513723b7f1713a0e1ee501db38d64c2db9ba08ec4/analysis/1551165126/", "category": "Payload delivery", "uuid": "4b79e362-ee21-4581-b1b5-717d3e8a4c0c" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/67", "category": "Payload delivery", "uuid": "835395bd-c2d5-49ee-84aa-049b4b5ca6aa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8aa148ae-97d2-47ff-83d9-7fb3a2d8a4bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "pattern": "[file:hashes.MD5 = '20301fdd013c836039b8cfe0d100a1d7' AND file:hashes.SHA1 = 'e8e787b2ab734d07146b48d9bf5263a0e476fb0c' AND file:hashes.SHA256 = '84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--87dd8a5a-c52f-416e-885c-020efd23e62e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-28 01:30:52", "category": "Other", "uuid": "4f3c774b-504c-433a-8aae-7a5573942f44" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90/analysis/1551317452/", "category": "Payload delivery", "uuid": "a63daba5-11a3-4a7f-a1d2-0b6aa7d1adf6" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/61", "category": "Payload delivery", "uuid": "94bc79ec-82a0-4d84-bd3c-aa37b85e599a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--171c1ddf-7a54-489d-9684-92c88617c956", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "pattern": "[file:hashes.MD5 = 'b02f3881321f0912b2ae3f27498c448f' AND file:hashes.SHA1 = 'de7212b695000dd10d3694de5a1d94348cbe464b' AND file:hashes.SHA256 = '57224737bfc4514aa90e9ff88626ac112e8c9f80ed54616865a4cc5d7d08f36c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5f3792ac-f82d-4592-88c3-ee892c828c41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:27.000Z", "modified": "2019-03-07T22:56:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:19", "category": "Other", "uuid": "cecc8a3e-4370-4f1d-9b6d-e23907cbfa9f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/57224737bfc4514aa90e9ff88626ac112e8c9f80ed54616865a4cc5d7d08f36c/analysis/1551830899/", "category": "Payload delivery", "uuid": "20cf6e1e-2727-4858-8f9d-91d3b475fd00" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/71", "category": "Payload delivery", "uuid": "36c47e15-4958-4078-9661-f8148ab5f515" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a5e57b9-36fe-421d-a886-16026857b58f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:28.000Z", "modified": "2019-03-07T22:56:28.000Z", "pattern": "[file:hashes.MD5 = '1dfe826f71c20ff04987a9160c177e46' AND file:hashes.SHA1 = '592f882c54bb0038d976d6c88d58757aca10e307' AND file:hashes.SHA256 = '493aadefcf45642c34b4d84a84a41da9ac173b52c3217f62b3e25ece6379bd94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--04c722ce-cdee-4769-b6a8-b6f26eb83949", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:28.000Z", "modified": "2019-03-07T22:56:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-01 01:36:06", "category": "Other", "uuid": "51432af3-3f7c-4772-8140-4afe2967de9d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/493aadefcf45642c34b4d84a84a41da9ac173b52c3217f62b3e25ece6379bd94/analysis/1551404166/", "category": "Payload delivery", "uuid": "877b148a-23e7-4d9c-9f85-ed60d2859a22" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/65", "category": "Payload delivery", "uuid": "30b25e71-827d-4470-bd67-714a74a6f96c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3177b4e-555f-4f20-9a65-a08e1d02f9fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "pattern": "[file:hashes.MD5 = '6106449779d453be4ae28d89f207e921' AND file:hashes.SHA1 = 'f0e5685c433ddba3a5d7b223cc738d8a7501c977' AND file:hashes.SHA256 = '55e69e1337af0d93b5a3742d999bf805177c404e7e60e48f303509592ecd0e29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af4721d1-291a-46d2-8eb9-50fc1f8da0cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-20 00:34:57", "category": "Other", "uuid": "b4808b84-09c1-4221-88a4-bf3ecfd2bbb0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/55e69e1337af0d93b5a3742d999bf805177c404e7e60e48f303509592ecd0e29/analysis/1550622897/", "category": "Payload delivery", "uuid": "d3bfa2d1-5f35-423d-8267-67fcd772da76" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/68", "category": "Payload delivery", "uuid": "351d3c6c-d9f5-47b8-94b2-e958bd45045e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--173a3d42-d718-41eb-ac2a-43d4e432bb46", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "pattern": "[file:hashes.MD5 = '242c31d0ce2109fdface788663e90f49' AND file:hashes.SHA1 = '59c089f8e781f6686dc49776805697f9ad044c15' AND file:hashes.SHA256 = '12ee511259f7f03e8472efa8baf3e250b64f8da65fe71212cedfdac887f503f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cc17229b-13c4-40e8-887f-1d7cf5abd020", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-01 01:38:24", "category": "Other", "uuid": "cb4ba500-dfcf-45c0-9b5e-61eb18065266" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/12ee511259f7f03e8472efa8baf3e250b64f8da65fe71212cedfdac887f503f4/analysis/1551404304/", "category": "Payload delivery", "uuid": "407af7e6-9b19-4f7a-b680-eb49744683cd" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/62", "category": "Payload delivery", "uuid": "1a50ab2e-1721-4573-a56b-c3a2c4d70095" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac2931c8-7efd-400e-a3da-9699601420cd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "pattern": "[file:hashes.MD5 = 'f22db1e3ea74af791e34ad5aa0297664' AND file:hashes.SHA1 = '16cb3fa3793a57ef54c44b11f94e9b5ba32753bb' AND file:hashes.SHA256 = '95f1a84103f789d1ae749a3f8a384a29b39d6766e8a13d450b6553c39aba4fd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--526e45f9-c018-4f26-b8ac-42a435da08c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-08 04:38:52", "category": "Other", "uuid": "111443ae-f660-41eb-b7e2-b9b8b1d70c46" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/95f1a84103f789d1ae749a3f8a384a29b39d6766e8a13d450b6553c39aba4fd7/analysis/1549600732/", "category": "Payload delivery", "uuid": "e627347d-3d78-47ee-b1fc-c0186cfc4405" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/56", "category": "Payload delivery", "uuid": "1b008812-a0dd-420d-9899-58001cb8625c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a427677-7b23-40b7-9d8f-190c766ef8fe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:29.000Z", "modified": "2019-03-07T22:56:29.000Z", "pattern": "[file:hashes.MD5 = '4de21c3af64b3b605446278de92dfff4' AND file:hashes.SHA1 = '8180c24445b162ce3338ee2ce77053acc08cda88' AND file:hashes.SHA256 = '74d6b81565aeb95ee9df37ef7738d10baa9866261fb894d9ee9d67fc7c66badc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e12c9d7a-8312-437d-8b1a-c15e09ef37d6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-27 01:25:09", "category": "Other", "uuid": "f4a0a65a-ee63-40be-bce0-1b438cca0c15" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/74d6b81565aeb95ee9df37ef7738d10baa9866261fb894d9ee9d67fc7c66badc/analysis/1551230709/", "category": "Payload delivery", "uuid": "0bbebf58-9abf-437c-9279-1e177cb8b20b" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Payload delivery", "uuid": "4d80ad46-5ec8-4662-9430-1d7c8844a77b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de5147bc-03f2-4d1a-a9c6-80bf8d449e96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "pattern": "[file:hashes.MD5 = '8332be776617364c16868c1ad6b4efe7' AND file:hashes.SHA1 = '618500453c5488e4a2fe43d5647f46eefe01bd56' AND file:hashes.SHA256 = '5f2ac8672e19310bd532c47d209272bd75075696dea6ffcc47d1d37f18aff141']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ecb9a5f0-73c7-4556-a7e3-9e2f4ca35fb5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-06 04:53:05", "category": "Other", "uuid": "482d6546-9884-4c44-93de-b53a5ec26091" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f2ac8672e19310bd532c47d209272bd75075696dea6ffcc47d1d37f18aff141/analysis/1549428785/", "category": "Payload delivery", "uuid": "e68b44fc-6486-4cf1-9634-53c635ca2425" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/57", "category": "Payload delivery", "uuid": "cbf3f3c6-224a-477b-9532-b8f774a6d8e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--163ddda1-900e-4bff-950b-0d5d1c2029c5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "pattern": "[file:hashes.MD5 = 'ab73b1395938c48d62b7eeb5c9f3409d' AND file:hashes.SHA1 = 'ac5ae9d2cee05c08759ca970399bb8bb54fb99cf' AND file:hashes.SHA256 = '3f30875674917b92584600a47f93a2724f11383fb03efd1ae8c2700dde97f6ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--05fae74d-fd81-4262-9d67-eed24b685f5d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-06 00:08:17", "category": "Other", "uuid": "f84ffdb9-7b31-48e8-9157-b1e89ae14830" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3f30875674917b92584600a47f93a2724f11383fb03efd1ae8c2700dde97f6ac/analysis/1551830897/", "category": "Payload delivery", "uuid": "d517c3e4-660c-4fd8-8882-c613ac07783f" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/66", "category": "Payload delivery", "uuid": "c932aff6-e6ff-4a2a-81a1-d55e0617ae61" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--52150aff-7237-412a-a493-1be95ce36e7f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "pattern": "[file:hashes.MD5 = '48d9e625ea3efbcbef3963c8714544a7' AND file:hashes.SHA1 = 'ad6b7c7b61d662ab653c25fe850e2406f283c919' AND file:hashes.SHA256 = 'cd6a12cc693e98e4f47d2161e9fe99d04895472d964575c749bbdd460f0fefdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-07T22:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2c88a906-411b-4819-a1c3-16907c03e3f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-05 06:01:28", "category": "Other", "uuid": "7d5d0569-be68-4d21-9791-d4d58c9fc61e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cd6a12cc693e98e4f47d2161e9fe99d04895472d964575c749bbdd460f0fefdc/analysis/1551765688/", "category": "Payload delivery", "uuid": "27d8cffa-c7a4-402e-90d6-4e7dd32a5e6e" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/57", "category": "Payload delivery", "uuid": "f145872f-1e71-41af-a1ed-b2a828ca7e4f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2c0e432-070e-49d2-90fb-de3acfb2170c", "created": "2019-03-05T12:00:52.000Z", "modified": "2019-03-05T12:00:52.000Z", "relationship_type": "related-to", "source_ref": "indicator--5c7e64c2-bc88-401b-bfc6-4504950d210f", "target_ref": "vulnerability--5c7e64dd-0470-4556-9dfa-41fc950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--40472729-0521-4b27-93f8-b4472423bc45", "created": "2019-03-07T22:56:30.000Z", "modified": "2019-03-07T22:56:30.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--689ecef6-f10d-439a-a27a-95d1d4c95f99", "target_ref": "x-misp-object--63188ca3-d4a3-439d-9b01-b9ec4a029584" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--20a8248a-4eed-46d2-aaf8-d28660c1b300", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8f9b8272-3ef4-4ed8-ac44-98a8bd9f8ac9", "target_ref": "x-misp-object--f1e4e0de-7aa4-4d61-bc50-d9850e25c9fd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ec6465af-a8c3-4d23-bf29-ad97ee0fa822", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--92b9f0a3-acd0-4e49-a789-d100f0e9a3f4", "target_ref": "x-misp-object--cdd4af57-0253-4178-9b16-26b9169ebaaf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--df6737b3-2989-49d9-90a7-6757ad6b58a9", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--77fb245c-d880-4b58-a4a1-3c79e3429fd5", "target_ref": "x-misp-object--c5c06cde-e106-4432-a2d5-4d1f4c2d6af3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ac0a7513-cb22-4e87-8cc6-0551d479bdba", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--00c34c0b-95aa-4d40-b8f6-462c2a9f4c73", "target_ref": "x-misp-object--2790778c-6796-474b-a65f-c47b1f092552" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--52e3b650-e2ee-46ba-a0a8-7d04db0e2bff", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c4234048-c767-46e0-b00b-23d614a98173", "target_ref": "x-misp-object--ef19ab7e-b5d8-412e-92bc-9122218f90e4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d43903ca-6745-462e-a30c-bcb764892f41", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7dbe5bfc-d541-4179-a365-3f274ec85c97", "target_ref": "x-misp-object--a13db91c-a587-4810-ae35-81ad538a42aa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4cce3746-e84f-47c6-a7ee-600d1e99381f", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--198efd3b-e179-4498-bab8-22187889eeb5", "target_ref": "x-misp-object--1a13e62a-1e04-4b73-af40-e077849ad7fa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a0b9a0a-521b-4dbf-89a1-0b05cc57ab17", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--056a71eb-527f-47c6-bb7c-3e38f615ea86", "target_ref": "x-misp-object--dbef32c7-cd7d-4324-a1ac-22c6838b047e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b94b7d4c-4c78-4453-8be7-9c0b3ed2cfd4", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--94710f77-734e-4779-a517-39e9ff83c5c3", "target_ref": "x-misp-object--43d64fc5-70dc-4429-8be4-f4d6401bac8f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3d38542c-8fb3-495c-b8a5-e6081f2039f7", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d21b3bc0-51d3-4d83-ab29-eab87f9d72f6", "target_ref": "x-misp-object--7bf89ab8-38dc-4396-9ed7-ab7767e19d08" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c5b22dc9-340e-413c-b8ea-81cab5bb9b92", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--52839704-cde1-423b-b83b-85f3be6c94ff", "target_ref": "x-misp-object--4676a5ec-697d-41af-88f8-1edd0b391a93" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--78a8c78d-a60b-4080-9ef4-81a200a63b95", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8aa148ae-97d2-47ff-83d9-7fb3a2d8a4bd", "target_ref": "x-misp-object--87dd8a5a-c52f-416e-885c-020efd23e62e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e719f862-9e4f-4f11-931e-9dbe09e30b7b", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--171c1ddf-7a54-489d-9684-92c88617c956", "target_ref": "x-misp-object--5f3792ac-f82d-4592-88c3-ee892c828c41" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6604c767-0e80-4bd5-99fa-d4be79fbb03e", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1a5e57b9-36fe-421d-a886-16026857b58f", "target_ref": "x-misp-object--04c722ce-cdee-4769-b6a8-b6f26eb83949" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e6481cb-b540-4668-8c09-1612dc73693f", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b3177b4e-555f-4f20-9a65-a08e1d02f9fd", "target_ref": "x-misp-object--af4721d1-291a-46d2-8eb9-50fc1f8da0cb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--81328212-9e74-4e24-afb0-e791b6cbd39e", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--173a3d42-d718-41eb-ac2a-43d4e432bb46", "target_ref": "x-misp-object--cc17229b-13c4-40e8-887f-1d7cf5abd020" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e7a1ab13-2131-4a69-8382-5568e2b987d9", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ac2931c8-7efd-400e-a3da-9699601420cd", "target_ref": "x-misp-object--526e45f9-c018-4f26-b8ac-42a435da08c9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e17038d-4637-4069-9359-cf8dbfaa1f40", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3a427677-7b23-40b7-9d8f-190c766ef8fe", "target_ref": "x-misp-object--e12c9d7a-8312-437d-8b1a-c15e09ef37d6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6079c9b3-b02d-461b-8973-b6adeb0bdf32", "created": "2019-03-07T22:56:31.000Z", "modified": "2019-03-07T22:56:31.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--de5147bc-03f2-4d1a-a9c6-80bf8d449e96", "target_ref": "x-misp-object--ecb9a5f0-73c7-4556-a7e3-9e2f4ca35fb5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--404503c7-2906-45a6-a46e-566a49ce0928", "created": "2019-03-07T22:56:32.000Z", "modified": "2019-03-07T22:56:32.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--163ddda1-900e-4bff-950b-0d5d1c2029c5", "target_ref": "x-misp-object--05fae74d-fd81-4262-9d67-eed24b685f5d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--39489cbc-7082-495c-899a-d8301946ce39", "created": "2019-03-07T22:56:32.000Z", "modified": "2019-03-07T22:56:32.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--52150aff-7237-412a-a493-1be95ce36e7f", "target_ref": "x-misp-object--2c88a906-411b-4819-a1c3-16907c03e3f9" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }