{ "type": "bundle", "id": "bundle--5a6f379d-3854-4457-949e-41bb950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-30T03:00:38.000Z", "modified": "2018-01-30T03:00:38.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a6f379d-3854-4457-949e-41bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-30T03:00:38.000Z", "modified": "2018-01-30T03:00:38.000Z", "name": "OSINT - VERMIN: Quasar RAT and Custom Malware Used In Ukraine", "published": "2018-02-16T08:53:02Z", "object_refs": [ "indicator--5a6f37fa-a5bc-4e02-bb58-480d950d210f", "indicator--5a6f37fb-b69c-44bd-b2a8-459e950d210f", "indicator--5a6f37fb-850c-456a-8e95-48f2950d210f", "indicator--5a6f37fc-4254-4ad5-ae0c-4f19950d210f", "indicator--5a6f37fc-1188-4b79-a9bb-4ea7950d210f", "indicator--5a6f37fc-134c-483d-a237-4c94950d210f", "indicator--5a6f37fd-dc10-41aa-96f5-4b90950d210f", "indicator--5a6f37fd-7798-4a86-928c-43f1950d210f", "indicator--5a6f37fe-86f0-422b-83c9-45bc950d210f", "indicator--5a6f37fe-f424-4a48-8738-4e6d950d210f", "indicator--5a6f37fe-4e0c-4156-8a1e-40f2950d210f", "indicator--5a6f37ff-251c-453c-81d3-4b8e950d210f", "indicator--5a6f37ff-c250-44f4-ba76-4b3e950d210f", "indicator--5a6f3800-55e0-491f-be92-44c2950d210f", "indicator--5a6f3800-160c-40bc-9935-4fa7950d210f", "indicator--5a6f3801-1808-4faa-8944-4c44950d210f", "indicator--5a6f3801-ff04-4575-9453-431a950d210f", "indicator--5a6f3801-9620-47c0-97ab-411d950d210f", "indicator--5a6f3802-4480-4847-b42f-4db6950d210f", "indicator--5a6f3812-2fdc-4a17-8a08-445f950d210f", "indicator--5a6f3812-6f6c-4a88-b041-4546950d210f", "indicator--5a6f3812-4308-4f43-8701-47e1950d210f", "indicator--5a6f3813-9fa0-4953-b93d-445b950d210f", "indicator--5a6f3813-ee04-44a9-b7fc-4018950d210f", "indicator--5a6f3814-df80-4caa-abf1-4772950d210f", "indicator--5a6f3814-89e4-427b-b691-4d1a950d210f", "indicator--5a6f3815-05ac-490c-b0b8-4875950d210f", "indicator--5a6f3815-b354-43fe-8fc6-4ce5950d210f", "indicator--5a6f3816-8268-467f-92f9-4757950d210f", "indicator--5a6f3816-b928-47f0-95f1-419f950d210f", "indicator--5a6f3816-49a4-4aaf-8ac6-48dc950d210f", "indicator--5a6f3817-a538-4354-8845-4083950d210f", "observed-data--5a6f3881-b480-46d9-a301-4260950d210f", "file--5a6f3881-b480-46d9-a301-4260950d210f", "artifact--5a6f3881-b480-46d9-a301-4260950d210f", "indicator--5a6f38ad-93e4-4b0b-a2c1-47f2950d210f", "indicator--5a6f38ad-41bc-4a25-b32c-45d8950d210f", "indicator--5a6f38ae-5850-40a7-ad87-4475950d210f", "indicator--5a6f38ae-df40-45f5-8499-47d8950d210f", "indicator--5a6f38af-536c-4de4-a1a4-4ac6950d210f", "indicator--5a6f38af-c7ac-4c40-b997-4624950d210f", "indicator--5a6f38af-d484-423b-b7c2-4daa950d210f", "indicator--5a6f38b0-42b0-4be2-aa6e-41e9950d210f", "indicator--5a6f38b0-c490-4fa9-bbe4-44d2950d210f", "indicator--5a6f38b1-ad80-43e8-8a27-4220950d210f", "indicator--5a6f38b2-4a14-40ba-a8d3-43c5950d210f", "indicator--5a6f38b2-0d58-42bc-9edd-46a0950d210f", "indicator--5a6f38b3-accc-46fa-9698-4a48950d210f", "indicator--5a6f38b3-4bc0-4722-8c76-4696950d210f", "indicator--5a6f38b3-eadc-4c21-8240-49c6950d210f", "indicator--5a6f38b4-0c54-44d2-8233-4fbb950d210f", "indicator--5a6f38b4-dcf0-46e0-8098-425f950d210f", "indicator--5a6f38b5-fcf4-4a40-8f34-4e9c950d210f", "indicator--5a6f38b5-e0a8-4166-a7c5-4e35950d210f", "indicator--5a6f38b5-7450-4dbb-af03-4382950d210f", "indicator--5a6f38b6-5254-45b8-bf1b-485d950d210f", "indicator--5a6f38b6-bcdc-4774-bf0d-47c5950d210f", "indicator--5a6f38b7-9f5c-4800-b676-4f92950d210f", "indicator--5a6f38b7-6004-461b-b0fd-4a99950d210f", "indicator--5a6f38b7-b0b0-41e8-867b-470c950d210f", "indicator--5a6f38b8-4604-426a-9216-4db1950d210f", "indicator--5a6f3abd-6410-4428-a09e-4816950d210f", "x-misp-attribute--5a6f3acb-08d4-4861-ae24-43aa950d210f", "observed-data--5a6f3aef-7370-4493-b1ac-4d14950d210f", "url--5a6f3aef-7370-4493-b1ac-4d14950d210f", "indicator--1d9be292-dba6-4626-bdcc-c3cc94cd6427", "x-misp-object--2fe8fec4-eb73-4466-aaff-81baf3f665e8", "indicator--464c0d84-bec5-4624-9226-e83fb79abe65", "x-misp-object--39e7fa59-4876-4433-a546-5ad01dd89d95", "indicator--b9b273dc-465f-4c74-aaf5-c47c4db6ff49", "x-misp-object--7e00522f-7a22-4c38-954c-065f327ae27a", "indicator--03348905-4bbd-4f58-8370-bef8f3a2b7ef", "x-misp-object--908e2c6d-188d-4434-a5f4-e3bf349ff63d", "indicator--0870e838-42ad-470c-a177-d10678e2b685", "x-misp-object--b9407d74-26b8-4e0c-98c9-9d8e75bd96d1", "indicator--baa647b0-1c09-413a-af07-54da786df266", "x-misp-object--6e9a6b22-ccd0-44f4-a7a4-d5c54062e0a5", "indicator--18e8d7ce-a4c8-4f0c-841b-81d4f8cacd1e", "x-misp-object--31b81fca-2950-49d9-b6a2-8ab7b732abf7", "indicator--68e51b07-074d-4889-af2f-0b008a94d048", "x-misp-object--6d24fb20-9e41-440f-8860-992698e1567e", "indicator--0824551a-554e-4119-8e73-938369593536", "x-misp-object--ae2fb6e2-eb53-4135-80aa-c99f699f00d1", "indicator--e183b4ca-ca78-403e-bcb3-d1d29c449eef", "x-misp-object--bf5aaef8-82a3-4e2e-941e-b8c4ffe63414", "indicator--db392010-acf6-4a58-8b99-41ce01c4df3a", "x-misp-object--eec3e342-608c-4964-ae3b-00800c520b8c", "indicator--2d1f5a63-e7b2-4a40-82b2-1b5b504fdeed", "x-misp-object--31ca081a-a527-41f1-a3b3-64001f2951b3", "indicator--bea6a180-0d2b-417c-a99a-4da282536b95", "x-misp-object--8649e8ec-168b-4e02-90b0-3e712cf43bad", "indicator--e85ea249-c648-4fd8-a113-69e50469ebd8", "x-misp-object--8007182f-0cf9-43e4-8744-f382785a66f9", "indicator--64cedeaa-9cfe-4fc6-b3c8-932c9749389c", "x-misp-object--6a90b9ce-29c1-4eb4-b2cb-0e6d9837371a", "indicator--a5ed311b-5e4e-47dd-b6bd-bc811f076f86", "x-misp-object--16899616-c8db-4453-95c7-8e762de660cc", "indicator--fcb27540-c9f1-4750-bfc5-7993b0831741", "x-misp-object--edab7b9b-2c87-47e1-befa-565a3d7c8439", "indicator--b9dd7e05-878a-4429-b680-cf431464a73d", "x-misp-object--c9d2ab7b-0b4c-4e35-a869-99ae3d39410f", "indicator--e26a37d6-f07e-4e6c-af03-f108a1105b25", "x-misp-object--56c1bb1a-f157-4e3b-9dcf-c01a873a722e", "indicator--ede96584-eb72-49a7-9f26-64b016ce5f46", "x-misp-object--994c08ac-acee-400e-bb69-14c42237c1cd", "indicator--d6a26376-374d-4a00-942b-2839e120aa73", "x-misp-object--c34845a5-7c9c-4065-9748-5b13e173b87c", "indicator--2f999597-3850-4594-b271-e8fe0ab5d6e5", "x-misp-object--5d559431-716b-47d2-83df-05fd3810e321", "indicator--588a8a84-a6e4-4f1e-a3b5-f721724a4049", "x-misp-object--79d44c23-7f8f-4c10-958a-c5b4543aa7f9", "indicator--a138407f-4844-4813-be9b-ccbba36de11e", "x-misp-object--76d75400-8a3c-42f2-86c3-a4da8e92c1d1", "indicator--ad32df7d-9acc-4252-b689-4a669a8823fd", "x-misp-object--87098385-cbf7-4885-bcde-f5845d185baf", "indicator--c01c77b8-0ea5-478e-86c5-27cbc6ae2464", "x-misp-object--a22fcdc0-cc48-4364-8cef-6a6928c30423", "indicator--3939e98d-0f06-43f4-a3ee-414d8497bc73", "x-misp-object--80198a2a-38cc-46c2-88d5-42b55674df2b", "indicator--bdaa5408-83ca-4245-8b77-920a710339fc", "x-misp-object--82728331-7584-4cf4-b953-8e966abd4a37", "relationship--dcf37455-fd52-439d-a749-8c1661e0238c", "relationship--0c3361cb-50df-4382-b8da-6e39908e5bd5", "relationship--7902b043-d8d3-42f4-a63b-1370279ba500", "relationship--1e7d0d6b-e3ca-48a7-88b2-dc616a0b8ec5", "relationship--54156156-5dc1-40a2-83a7-91f682f2ed51", "relationship--6c919a10-d537-4552-a184-1d35b6916950", "relationship--2618fee6-6215-4db7-b6a8-8583583dff5c", "relationship--43312da3-b47b-4260-ad18-4bf2f730c023", "relationship--aed13f48-68bf-4940-8b47-a04e490adeb1", "relationship--2c885dc0-d66a-42d6-9735-4a85d660c35e", "relationship--4a178638-a28f-4810-8d24-a59b621354c2", "relationship--1c2641f2-d0d6-46cc-91ee-81f8d832e4e7", "relationship--c6c31294-9d77-49ce-a205-291090cb9bcf", "relationship--c9aeea14-035c-4fd6-ad82-c661a0fe5aaf", "relationship--f941994a-d438-4850-a844-da8f0af1c663", "relationship--8257ef80-ae0c-4050-978b-ff8d37f39f1a", "relationship--d59be621-cba6-48d2-9c2a-e482b3708e5c", "relationship--d9247181-f2fe-49ac-822d-c006cfeba80c", "relationship--96b509ea-b0d4-4a5c-973c-01b856e0a7ab", "relationship--f5573525-c0aa-4d73-8abf-5c65096ceb4e", "relationship--b67c7a3c-b2b2-487e-adc9-b0e8c17cfffe", "relationship--3253e59b-6973-468f-abe8-df1c64920ffb", "relationship--56e0a82e-a52a-4200-89b3-c84fcbff0d20", "relationship--eecf656c-990c-46f3-98e5-047feafbf88f", "relationship--665ae2ec-15ec-4fbd-8ca7-bd564cf99d35", "relationship--7eae0a0e-8859-40be-b3b8-3f091ee77795", "relationship--7b787093-ad89-4a05-bccc-adf8bfbc030d", "relationship--3a824f2e-60f1-4778-9cf7-3ae543d6d286" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:rat=\"Quasar RAT\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fa-a5bc-4e02-bb58-480d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:26.000Z", "modified": "2018-01-29T15:04:26.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fb-b69c-44bd-b2a8-459e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:27.000Z", "modified": "2018-01-29T15:04:27.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '154ef5037e5de49a6e3c48ea7221a02a5df33c34420a586cbff6a46dc5026a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fb-850c-456a-8e95-48f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:27.000Z", "modified": "2018-01-29T15:04:27.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fc-4254-4ad5-ae0c-4f19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:28.000Z", "modified": "2018-01-29T15:04:28.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '250cf8b44fc3ae86b467dd3a1c261a6c3d1645a8a21addfe7f2e2241ff8b79fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fc-1188-4b79-a9bb-4ea7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:28.000Z", "modified": "2018-01-29T15:04:28.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fc-134c-483d-a237-4c94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:28.000Z", "modified": "2018-01-29T15:04:28.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '92295b38daa4e44b9d257e56c5b271bbbf6a620312dc58e48e56473427170aa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fd-dc10-41aa-96f5-4b90950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:29.000Z", "modified": "2018-01-29T15:04:29.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '9ea00514c4ae9519a8938924b02826cfafeb75fc70f16c422aeadb8317a146c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fd-7798-4a86-928c-43f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:29.000Z", "modified": "2018-01-29T15:04:29.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = 'a3c84c5f8d981653a2a391d29f32c8127fba8f0ab7da8815330a228205c99ba6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fe-86f0-422b-83c9-45bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:30.000Z", "modified": "2018-01-29T15:04:30.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '7b08b0d4d68ebf5238eaa8a40f815b83de372e345eb22cc3d50a4bb1869db78e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fe-f424-4a48-8738-4e6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:30.000Z", "modified": "2018-01-29T15:04:30.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = 'f75861216f5716b0227733e6a093776f693361626efebe37618935b9c6e1bdfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37fe-4e0c-4156-8a1e-40f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:30.000Z", "modified": "2018-01-29T15:04:30.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '51b0bb172c6e5eaa8e333fbf2451ae27094991b6330025374b9082ae8cd879cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37ff-251c-453c-81d3-4b8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:31.000Z", "modified": "2018-01-29T15:04:31.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '46ae101a8dc8bf434d2c599aaabfb72a0843d21e2150a6c745c0c4a771c09da3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f37ff-c250-44f4-ba76-4b3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:31.000Z", "modified": "2018-01-29T15:04:31.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '488db27f3d619b3067d95515a356997ea8e840c65daa2799bdd473dce93362f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3800-55e0-491f-be92-44c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:32.000Z", "modified": "2018-01-29T15:04:32.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '5a05d2171e6aeb5edd9d39c7f46cd3bf0e2ee3ee803431a58a9945a56ce935f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3800-160c-40bc-9935-4fa7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:32.000Z", "modified": "2018-01-29T15:04:32.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '6f4e20e421451c3d8490067f8424d7efbcc5edeb82f80bb5562c76d4adfb0181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3801-1808-4faa-8944-4c44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:33.000Z", "modified": "2018-01-29T15:04:33.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '9a81cffe79057d8d307910143efd1455f956f2de2c7cc8fb07a7c17000913d59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3801-ff04-4575-9453-431a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:33.000Z", "modified": "2018-01-29T15:04:33.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = 'c84afdd28fa0923a09f6dd3af1e3821cdb07862b2796fa004cd3229bc6129cbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3801-9620-47c0-97ab-411d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:33.000Z", "modified": "2018-01-29T15:04:33.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = '6cf63ae829984a47aca93f8a1261afe5a06930f04fab6f86f6f7f9631fde59ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3802-4480-4847-b42f-4db6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:34.000Z", "modified": "2018-01-29T15:04:34.000Z", "description": "Quasar", "pattern": "[file:hashes.SHA256 = 'aa982fe7d28bbf55865047b16334efbe3fcb6bae06e5ed9cab544f1c8d307317']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3812-2fdc-4a17-8a08-445f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:50.000Z", "modified": "2018-01-29T15:04:50.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3812-6f6c-4a88-b041-4546950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:50.000Z", "modified": "2018-01-29T15:04:50.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '677edb1a0a86c8bd0df150f2d9c5c3bc1d20d255b6f7944c4adcff3c45df4851']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3812-4308-4f43-8701-47e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:50.000Z", "modified": "2018-01-29T15:04:50.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3813-9fa0-4953-b93d-445b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:51.000Z", "modified": "2018-01-29T15:04:51.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = 'e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3813-ee04-44a9-b7fc-4018950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:51.000Z", "modified": "2018-01-29T15:04:51.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = 'eb48a31f8f81635d24f343a09247284149884bd713d3bc1c0b9c936bca8bafd7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3814-df80-4caa-abf1-4772950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:52.000Z", "modified": "2018-01-29T15:04:52.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '15c52b01d2b9294e2dd4d9711cde99e10f11cd188e0d1e4fa9db78f9805626c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3814-89e4-427b-b691-4d1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:52.000Z", "modified": "2018-01-29T15:04:52.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '31a1419d9121f55859ecf2d01f07da38bd37bb11d0ed9544a35d5d69472c358e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3815-05ac-490c-b0b8-4875950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:53.000Z", "modified": "2018-01-29T15:04:53.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '5586fb423aff39a02cddf5e456a83a8301afe9ed78ecbc8de2cd852bc0cd498f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3815-b354-43fe-8fc6-4ce5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:53.000Z", "modified": "2018-01-29T15:04:53.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '5ee12dd028f5f8c2c0eb76f28c2ce273423998b36f3fc20c9e291f39825601f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3816-8268-467f-92f9-4757950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:54.000Z", "modified": "2018-01-29T15:04:54.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = '98073a58101dda103ea03bbd4b3554491d227f52ec01c245c3782e63c0fdbc07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3816-b928-47f0-95f1-419f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:54.000Z", "modified": "2018-01-29T15:04:54.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = 'c5647603337a4e9bfbb2259c0aec7fa9868c87ded2ab74e9d233bdb2a3bb163e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3816-49a4-4aaf-8ac6-48dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:54.000Z", "modified": "2018-01-29T15:04:54.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = 'eb46b8978619a72f4b0d3ea8961dde527f8e27e89701ccd6e5643c33b103d901']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3817-a538-4354-8845-4083950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:04:55.000Z", "modified": "2018-01-29T15:04:55.000Z", "description": "VERMIN", "pattern": "[file:hashes.SHA256 = 'abd05a20b8aa21d58ee01a02ae804a0546fbf6811d71559423b6b5afdfbe7e64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:04:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a6f3881-b480-46d9-a301-4260950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:38.000Z", "modified": "2018-01-29T15:13:38.000Z", "first_observed": "2018-01-29T15:13:38Z", "last_observed": "2018-01-29T15:13:38Z", "number_observed": 1, "object_refs": [ "file--5a6f3881-b480-46d9-a301-4260950d210f", "artifact--5a6f3881-b480-46d9-a301-4260950d210f" ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"Support Tool\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5a6f3881-b480-46d9-a301-4260950d210f", "name": "decode.py", "content_ref": "artifact--5a6f3881-b480-46d9-a301-4260950d210f" }, { "type": "artifact", "spec_version": "2.1", "id": "artifact--5a6f3881-b480-46d9-a301-4260950d210f", "payload_bin": "IyEvdXNyL2xvY2FsL2Jpbi9weXRob24KCl9fYXV0aG9yX18gPSAiSnVhbiBDIENvcnRlcyIKX192ZXJzaW9uX18gPSAiMS4wIgpfX2VtYWlsX18gPSAiamNvcnRlc0BwYWxvYWx0b25ldHdvcmtzLmNvbSIKCmZyb20gcmFuZG9tIGltcG9ydCByYW5kaW50CmltcG9ydCB6bGliCmltcG9ydCBiaW5hc2NpaQppbXBvcnQgc3lzCmltcG9ydCBsb2dnaW5nCmltcG9ydCBoYXNobGliCmltcG9ydCBhcmdwYXJzZQppbXBvcnQgb3MKaW1wb3J0IHN0cnVjdApmcm9tIHRhYnVsYXRlIGltcG9ydCB0YWJ1bGF0ZQpmcm9tIENyeXB0byBpbXBvcnQgUmFuZG9tCmZyb20gQ3J5cHRvLkNpcGhlciBpbXBvcnQgQUVTCgpkZWYgcGFyc2VfYXJndW1lbnRzKCk6CiAgICAiIiJBcmd1bWVudCBQYXJzZXIiIiIKICAgIHBhcnNlciA9IGFyZ3BhcnNlLkFyZ3VtZW50UGFyc2VyKAogICAgICAgIHVzYWdlPSJEZWNyeXB0IHN0cmluZ3MgZm9yIFZlcm1pblJBVCIpCiAgICBwYXJzZXIuYWRkX2FyZ3VtZW50KAogICAgICAgICItdiIsCiAgICAgICAgIi0tdmVyYm9zaXR5IiwKICAgICAgICBhY3Rpb249InN0b3JlX3RydWUiLAogICAgICAgIGRlc3Q9InZ2ZXJib3NlIiwKICAgICAgICBoZWxwPSJQcmludCBkZWJ1Z2dpbmcgaW5mb3JtYXRpb24iKQogICAgcGFyc2VyLmFkZF9hcmd1bWVudCgKICAgICAgICAiLW8iLAogICAgICAgICItLW91dHB1dCIsCiAgICAgICAgZGVzdD0ib3V0cHV0X2ZpbGUiLAogICAgICAgIHR5cGU9c3RyLAogICAgICAgIGhlbHA9Ik91dHB1dCByZXN1bHRzIGZpbGUiKQogICAgcGFyc2VyLmFkZF9hcmd1bWVudCgKICAgICAgICAiaW5wdXQiLAogICAgICAgIHR5cGU9c3RyLAogICAgICAgIGFjdGlvbj0nc3RvcmUnLAogICAgICAgIGhlbHA9IklucHV0IGZpbGUgb2YgbmV3bGluZSBzZXBhcmF0ZWQgc3RyaW5ncyBvciBzaW5nbGUgc3RyaW5nIikKICAgIHBhcnNlci5hZGRfYXJndW1lbnQoCiAgICAgICAgIi1iIiwKICAgICAgICAiLS1ibG9iIiwKICAgICAgICBhY3Rpb249J3N0b3JlX3RydWUnLAogICAgICAgIGhlbHA9IlBhcmFtIHVzZSBmb3IgZGVjcnlwdGluZyBibG9icyBvZiBkYXRhIGluc3RlYWQgb2Ygc3RyaW5ncy4gQmxvYiBpcyBhdXRvc2F2ZSB0byAnYmxvYi5vdXQnIikKICAgIHJldHVybiBwYXJzZXIKCmRlZiB3cml0ZV9vdXQob3V0cHV0X2xpc3QsIGhlYWRlcnMsIG91dHB1dF9maWxlPUZhbHNlKToKICAgICIiIgogICAgUHJldHR5IG91dHB1dHMgbGlzdAogICAgOnBhcmFtIG91dHB1dF9saXN0OiBMaXN0IHRvIG91dHB1dAogICAgIiIiCiAgICBwcmludCB0YWJ1bGF0ZShvdXRwdXRfbGlzdCwgaGVhZGVycywgdGFibGVmbXQ9InNpbXBsZSIpCiAgICBwcmludCAiIgogICAgaWYgb3V0cHV0X2ZpbGU6CiAgICAgICAgd2l0aCBvcGVuKG91dHB1dF9maWxlLCAiYWIiKSBhcyBmaWxlOgogICAgICAgICAgICBmaWxlLndyaXRlKHRhYnVsYXRlKG91dHB1dF9saXN0LCBoZWFkZXJzLCB0YWJsZWZtdD0ic2ltcGxlIikpCiAgICAgICAgICAgIGZpbGUud3JpdGUoIlxuXG4iKQoKZGVmIGdlbmVyYXRlQXJyYXkoKToKICAgIGFieXRlID0gYnl0ZWFycmF5KDYpCiAgICBmb3IgaSBpbiByYW5nZSgwLDYpOgogICAgICAgYWJ5dGVbaV0gPSByYW5kaW50KDAsIDB4N0ZGRkZGRkYpICUgNwoKICAgIHJldHVybiBhYnl0ZTsKCmRlZiBwYXJzZUVuY3J5cHRlU3RyKGVuY3J5cHRTdHIpOgogICAgdHJ5OgogICAgICAgIGRlY29kZWQgPSBlbmNyeXB0U3RyLmRlY29kZSgnYmFzZTY0JykKICAgICAgICBoYXJkY29kZWRfY3JjMzIgPSBkZWNvZGVkWy00Ol0KICAgICAgICBwYXJzZWRFbmNyeXB0ZWQgPSBkZWNvZGVkWzE2Oi00XQogICAgICAgIGl2ID0gZGVjb2RlZFs6MTZdCiAgICAgICAgcmV0dXJuIGhhcmRjb2RlZF9jcmMzMixwYXJzZWRFbmNyeXB0ZWQsaXYKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBwcmludCBlCgpkZWYgYnJ1dGVGb3JjZUNSQzMyVmFsdWUodmFsdWVjcmMzMik6CiAgICB3aGlsZSAoVHJ1ZSk6CiAgICAgICAgYXJyeSA9IGdlbmVyYXRlQXJyYXkoKQogICAgICAgIGNyYzMyID0gYmluYXNjaWkuY3JjMzIoYXJyeSkKICAgICAgICBjcmMzMiA9IGNyYzMyICUgKDEgPDwgMzIpCiAgICAgICAgaWYgY3JjMzIgPT0gdmFsdWVjcmMzMjoKICAgICAgICAgICAgcmV0dXJuKGFycnkpCgpkZWYgZGVjcnlwdFN0cihzdHIsa2V5LGl2KToKICAgIGFlcyA9IEFFUy5uZXcoa2V5LCBBRVMuTU9ERV9DQkMsIGl2KQogICAgYmxvYiA9IGFlcy5kZWNyeXB0KHN0cikKICAgIHJldHVybiBibG9iCgpkZWYgcGFyc2VQbGFpblRleHQoc3RyKToKICAgIGNoYXIgPSAiIgogICAgZm9yIGkgaW4gc3RyOgogICAgICAgIGlmIDB4MjAgPD0gb3JkKGkpIDw9IDB4MTI3OgogICAgICAgICAgICBjaGFyICs9IGkKICAgICAgICBlbHNlOgogICAgICAgICAgICBjb250aW51ZQogICAgcmV0dXJuIGNoYXIKCmRlZiBwYXJzZVVuaWNkZShzdHIpOgogICAgdHJ5OgogICAgICAgIHVuaSA9ICIiCiAgICAgICAgZm9yIGkgaW4gcmFuZ2UoMCxsZW4oc3RyKS8yKToKICAgICAgICAgICAgdW5pICs9IHN0cltpXQogICAgICAgIHJldHVybiB1bmkuZGVjb2RlKCd1dGYxNicpCiAgICBleGNlcHQgRXhjZXB0aW9uIGFzIGU6CiAgICAgICAgcHJpbnQgZQoKZGVmIG1haW4oKToKICAgICIiIk1haW4gTWV0aG9kIiIiCiAgICBhcmdzID0gcGFyc2VfYXJndW1lbnRzKCkucGFyc2VfYXJncygpCiAgICBzdHJzID0gW10KCiAgICBpZiBhcmdzLnZ2ZXJib3NlOgogICAgICAgIGxvZ2dpbmcuYmFzaWNDb25maWcoCiAgICAgICAgICAgIGxldmVsPWxvZ2dpbmcuREVCVUcsCiAgICAgICAgICAgIGZvcm1hdD0nICUoYXNjdGltZSlzIC0gJShsZXZlbG5hbWUpcyAtICUobWVzc2FnZSlzJykKCiAgICBpZiBhcmdzLmJsb2IgYW5kIG9zLnBhdGguZXhpc3RzKGFyZ3MuaW5wdXQpICE9IFRydWU6CiAgICAgICAgYiA9IGFyZ3MuaW5wdXQKICAgICAgICBjcmMzMkhhcmRjb2RlLCBlbmNyeXB0ZWRTdHIsIGl2ID0gcGFyc2VFbmNyeXB0ZVN0cihiKQogICAgICAgIGNyYzMySGFyZGNvZGUgPSBieXRlYXJyYXkoY3JjMzJIYXJkY29kZSkKICAgICAgICBjcmMzMkhhcmRjb2RlID0gc3RydWN0LnVucGFjaygnPEknLCBjcmMzMkhhcmRjb2RlKVswXQogICAgICAgIGJydXRlQXJyYXkgPSBicnV0ZUZvcmNlQ1JDMzJWYWx1ZShjcmMzMkhhcmRjb2RlKQogICAgICAgIG0gPSBoYXNobGliLm1kNSgpCiAgICAgICAgbS51cGRhdGUoYnJ1dGVBcnJheSkKICAgICAgICBrZXkgPSBtLmRpZ2VzdCgpCiAgICAgICAgcGxhaW4gPSBkZWNyeXB0U3RyKGVuY3J5cHRlZFN0ciwga2V5LCBpdikKICAgICAgICB3aXRoIG9wZW4oJ2Jsb2Iub3V0JywgIndiIikgYXMgZmlsZToKICAgICAgICAgICAgZmlsZS53cml0ZShwbGFpbikKCgogICAgaWYgb3MucGF0aC5leGlzdHMoYXJncy5pbnB1dCkgIT0gVHJ1ZToKICAgICAgICBzdHJzLmFwcGVuZChhcmdzLmlucHV0KQoKICAgIGVsc2U6CiAgICAgICAgd2l0aCBvcGVuKGFyZ3MuaW5wdXQsICJyYiIpIGFzIG9wZW5fZmlsZToKICAgICAgICAgICAgZm9yIGxpbmUgaW4gb3Blbl9maWxlOgogICAgICAgICAgICAgICAgaGFzaCA9IGxpbmUucnN0cmlwKCkKICAgICAgICAgICAgICAgIHN0cnMuYXBwZW5kKGhhc2gpCgogICAgZm9yIHMgaW4gc3RyczoKCiAgICAgICAgY3JjMzJIYXJkY29kZSxlbmNyeXB0ZWRTdHIsaXYgPSBwYXJzZUVuY3J5cHRlU3RyKHMpCiAgICAgICAgY3JjMzJIYXJkY29kZSA9IGJ5dGVhcnJheShjcmMzMkhhcmRjb2RlKQogICAgICAgIGNyYzMySGFyZGNvZGUgPSBzdHJ1Y3QudW5wYWNrKCc8SScsIGNyYzMySGFyZGNvZGUpWzBdCiAgICAgICAgYnJ1dGVBcnJheSA9IGJydXRlRm9yY2VDUkMzMlZhbHVlKGNyYzMySGFyZGNvZGUpCiAgICAgICAgbSA9IGhhc2hsaWIubWQ1KCkKICAgICAgICBtLnVwZGF0ZShicnV0ZUFycmF5KQogICAgICAgIGtleSA9IG0uZGlnZXN0KCkKICAgICAgICBwbGFpbiA9IGRlY3J5cHRTdHIoZW5jcnlwdGVkU3RyLGtleSxpdikKICAgICAgICBwYXJzZXN0ciA9IHBhcnNlUGxhaW5UZXh0KHBsYWluKQogICAgICAgIHVuaXN0ciA9IHBhcnNlVW5pY2RlKHBsYWluKQogICAgICAgIGhlYWRlcnMgPSBbIkFTQ0lJIiwiVU5JQ09ERSJdCiAgICAgICAgb3V0cHV0bGlzdCA9IFtbcGFyc2VzdHIsdW5pc3RyXV0KICAgICAgICB3cml0ZV9vdXQob3V0cHV0bGlzdCwgaGVhZGVycywgYXJncy5vdXRwdXRfZmlsZSkKCmlmIF9fbmFtZV9fID09ICdfX21haW5fXyc6CiAgICBtYWluKCkK" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38ad-93e4-4b0b-a2c1-47f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:38.000Z", "modified": "2018-01-29T15:13:38.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'akamaicdn.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38ad-41bc-4a25-b32c-45d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:39.000Z", "modified": "2018-01-29T15:13:39.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'cdnakamai.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38ae-5850-40a7-ad87-4475950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:39.000Z", "modified": "2018-01-29T15:13:39.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.akamaicdn.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38ae-df40-45f5-8499-47d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:39.000Z", "modified": "2018-01-29T15:13:39.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.akamainet066.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38af-536c-4de4-a1a4-4ac6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:40.000Z", "modified": "2018-01-29T15:13:40.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.akamainet023.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38af-c7ac-4c40-b997-4624950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:40.000Z", "modified": "2018-01-29T15:13:40.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.akamainet021.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38af-d484-423b-b7c2-4daa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:41.000Z", "modified": "2018-01-29T15:13:41.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'akamainet023.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b0-42b0-4be2-aa6e-41e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:41.000Z", "modified": "2018-01-29T15:13:41.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'akamainet022.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b0-c490-4fa9-bbe4-44d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:41.000Z", "modified": "2018-01-29T15:13:41.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'akamainet021.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b1-ad80-43e8-8a27-4220950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:42.000Z", "modified": "2018-01-29T15:13:42.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.akamainet022.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b2-4a14-40ba-a8d3-43c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:42.000Z", "modified": "2018-01-29T15:13:42.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'akamainet066.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b2-0d58-42bc-9edd-46a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:43.000Z", "modified": "2018-01-29T15:13:43.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'akamainet024.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b3-accc-46fa-9698-4a48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:43.000Z", "modified": "2018-01-29T15:13:43.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.cdnakamai.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b3-4bc0-4722-8c76-4696950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:44.000Z", "modified": "2018-01-29T15:13:44.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'notifymail.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b3-eadc-4c21-8240-49c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:44.000Z", "modified": "2018-01-29T15:13:44.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.notifymail.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b4-0c54-44d2-8233-4fbb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:45.000Z", "modified": "2018-01-29T15:13:45.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'mailukr.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b4-dcf0-46e0-8098-425f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:45.000Z", "modified": "2018-01-29T15:13:45.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'tech-adobe.dyndns.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b5-fcf4-4a40-8f34-4e9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:45.000Z", "modified": "2018-01-29T15:13:45.000Z", "description": "C2 Addresses", "pattern": "[domain-name:value = 'www.mailukr.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b5-e0a8-4166-a7c5-4e35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:46.000Z", "modified": "2018-01-29T15:13:46.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.158.153.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b5-7450-4dbb-af03-4382950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:46.000Z", "modified": "2018-01-29T15:13:46.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.158.47.228']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b6-5254-45b8-bf1b-485d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:47.000Z", "modified": "2018-01-29T15:13:47.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.78.105.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b6-bcdc-4774-bf0d-47c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:47.000Z", "modified": "2018-01-29T15:13:47.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.158.46.251']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b7-9f5c-4800-b676-4f92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:48.000Z", "modified": "2018-01-29T15:13:48.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.227.75.189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b7-6004-461b-b0fd-4a99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:48.000Z", "modified": "2018-01-29T15:13:48.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.116.121.46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b7-b0b0-41e8-867b-470c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:48.000Z", "modified": "2018-01-29T15:13:48.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.125.46.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f38b8-4604-426a-9216-4db1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:49.000Z", "modified": "2018-01-29T15:13:49.000Z", "description": "C2 Addresses", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.200.53.181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a6f3abd-6410-4428-a09e-4816950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:16:13.000Z", "modified": "2018-01-29T15:16:13.000Z", "pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\AddIns\\\\settings.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:16:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a6f3acb-08d4-4861-ae24-43aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:16:27.000Z", "modified": "2018-01-29T15:16:27.000Z", "labels": [ "misp:type=\"pdb\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pdb", "x_misp_value": "Z:\\Projects\\Vermin\\TaskScheduler\\obj\\Release\\Licenser.pdb" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a6f3aef-7370-4493-b1ac-4d14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:17:03.000Z", "modified": "2018-01-29T15:17:03.000Z", "first_observed": "2018-01-29T15:17:03Z", "last_observed": "2018-01-29T15:17:03Z", "number_observed": 1, "object_refs": [ "url--5a6f3aef-7370-4493-b1ac-4d14950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a6f3aef-7370-4493-b1ac-4d14950d210f", "value": "https://twitter.com/blu3_team/status/917050823724732419" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d9be292-dba6-4626-bdcc-c3cc94cd6427", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:52.000Z", "modified": "2018-01-29T15:13:52.000Z", "pattern": "[file:hashes.MD5 = 'dc0ab74129a4be18d823b71a54b0cab0' AND file:hashes.SHA1 = '39525cbca591f2a10946ba62a56e4c3382cd4fc0' AND file:hashes.SHA256 = '4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2fe8fec4-eb73-4466-aaff-81baf3f665e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:51.000Z", "modified": "2018-01-29T15:13:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da/analysis/1496635005/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a2f-7ac0-4e75-b028-4c2402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/61", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a2f-c960-492b-9617-421702de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-06-05T03:56:45", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a30-2ab4-469b-83d6-4ae302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--464c0d84-bec5-4624-9226-e83fb79abe65", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:55.000Z", "modified": "2018-01-29T15:13:55.000Z", "pattern": "[file:hashes.MD5 = '46f09e5230dfced7939131d704bdb592' AND file:hashes.SHA1 = 'a40451a9485f465338d15c4985adc7c798f788d3' AND file:hashes.SHA256 = '5a05d2171e6aeb5edd9d39c7f46cd3bf0e2ee3ee803431a58a9945a56ce935f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--39e7fa59-4876-4433-a546-5ad01dd89d95", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:54.000Z", "modified": "2018-01-29T15:13:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5a05d2171e6aeb5edd9d39c7f46cd3bf0e2ee3ee803431a58a9945a56ce935f6/analysis/1486445762/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a32-d430-483f-b80a-49dc02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/56", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a32-721c-4893-bc16-46ee02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-02-07T05:36:02", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a33-f69c-40a1-aacc-4d7202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9b273dc-465f-4c74-aaf5-c47c4db6ff49", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:58.000Z", "modified": "2018-01-29T15:13:58.000Z", "pattern": "[file:hashes.MD5 = '3ddc543facdc43dc5b1bdfa110fcffa3' AND file:hashes.SHA1 = 'cc6ed0e81c5fbaa45e6e491637c6497cedec839c' AND file:hashes.SHA256 = 'a3c84c5f8d981653a2a391d29f32c8127fba8f0ab7da8815330a228205c99ba6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:13:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7e00522f-7a22-4c38-954c-065f327ae27a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:56.000Z", "modified": "2018-01-29T15:13:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a3c84c5f8d981653a2a391d29f32c8127fba8f0ab7da8815330a228205c99ba6/analysis/1517234967/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a34-11c8-40ec-9843-4d8202de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/65", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a35-5bc4-4a30-8017-436102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:09:27", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a35-7230-4f8c-b3a1-476d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--03348905-4bbd-4f58-8370-bef8f3a2b7ef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:01.000Z", "modified": "2018-01-29T15:14:01.000Z", "pattern": "[file:hashes.MD5 = '2b044a21687003c78ff8628c3a69b0a0' AND file:hashes.SHA1 = '3cba047ed980a7f25d341bfa05cbc14ec0c26e9c' AND file:hashes.SHA256 = '31a1419d9121f55859ecf2d01f07da38bd37bb11d0ed9544a35d5d69472c358e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--908e2c6d-188d-4434-a5f4-e3bf349ff63d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:13:59.000Z", "modified": "2018-01-29T15:13:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/31a1419d9121f55859ecf2d01f07da38bd37bb11d0ed9544a35d5d69472c358e/analysis/1517235863/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a37-6b38-48a2-94c0-4b5602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/65", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a37-5214-4611-af77-411602de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:24:23", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a38-cce8-4193-8483-4b3202de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0870e838-42ad-470c-a177-d10678e2b685", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:03.000Z", "modified": "2018-01-29T15:14:03.000Z", "pattern": "[file:hashes.MD5 = '07633a79d28bb8b4ef8a6283b881be0e' AND file:hashes.SHA1 = 'bdb5e0b6ca0aa03e0beca23b46a8420473091dff' AND file:hashes.SHA256 = '6cf63ae829984a47aca93f8a1261afe5a06930f04fab6f86f6f7f9631fde59ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b9407d74-26b8-4e0c-98c9-9d8e75bd96d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:01.000Z", "modified": "2018-01-29T15:14:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6cf63ae829984a47aca93f8a1261afe5a06930f04fab6f86f6f7f9631fde59ec/analysis/1517235215/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a39-2968-4717-b509-427602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/65", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a3a-7b74-4938-a75f-462902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:13:35", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a3b-fa00-4d41-bc3e-43f102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--baa647b0-1c09-413a-af07-54da786df266", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:06.000Z", "modified": "2018-01-29T15:14:06.000Z", "pattern": "[file:hashes.MD5 = '3293594b0eb0fada3c0c6f031a361050' AND file:hashes.SHA1 = '3a05b21c7b973cf293a5e07e181bf715a58e4785' AND file:hashes.SHA256 = '46ae101a8dc8bf434d2c599aaabfb72a0843d21e2150a6c745c0c4a771c09da3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6e9a6b22-ccd0-44f4-a7a4-d5c54062e0a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:05.000Z", "modified": "2018-01-29T15:14:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/46ae101a8dc8bf434d2c599aaabfb72a0843d21e2150a6c745c0c4a771c09da3/analysis/1517235034/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a3d-1224-4d6c-84bb-4f1702de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/64", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a3d-422c-4643-9363-410e02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:10:34", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a3d-2b90-49f8-8ab8-46ab02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18e8d7ce-a4c8-4f0c-841b-81d4f8cacd1e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:09.000Z", "modified": "2018-01-29T15:14:09.000Z", "pattern": "[file:hashes.MD5 = 'dca799ab332b1d6b599d909e17d2574c' AND file:hashes.SHA1 = 'a719e91031ed18bb70dd78684b012eb072efdb03' AND file:hashes.SHA256 = '0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--31b81fca-2950-49d9-b6a2-8ab7b732abf7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:07.000Z", "modified": "2018-01-29T15:14:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6/analysis/1517235108/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a3f-cce4-4151-8b67-483d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/66", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a40-07c0-4650-9833-44bb02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:11:48", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a40-8e64-437a-bd18-400802de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68e51b07-074d-4889-af2f-0b008a94d048", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:11.000Z", "modified": "2018-01-29T15:14:11.000Z", "pattern": "[file:hashes.MD5 = '9f88187d774cc9eaf89dc65479c4302d' AND file:hashes.SHA1 = '4c1e5e0bb72c78c4ce0d37aed939478aaa35a94f' AND file:hashes.SHA256 = '5ee12dd028f5f8c2c0eb76f28c2ce273423998b36f3fc20c9e291f39825601f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6d24fb20-9e41-440f-8860-992698e1567e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:10.000Z", "modified": "2018-01-29T15:14:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5ee12dd028f5f8c2c0eb76f28c2ce273423998b36f3fc20c9e291f39825601f9/analysis/1508335858/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a42-d814-4088-9ff0-455502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/66", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a42-0fb0-4203-aed1-453f02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-18T14:10:58", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a43-5f24-4dd0-b218-485702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0824551a-554e-4119-8e73-938369593536", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:14.000Z", "modified": "2018-01-29T15:14:14.000Z", "pattern": "[file:hashes.MD5 = '47161360b84388d1c254eb68ad3d6dfa' AND file:hashes.SHA1 = '4712af28168fd728a13efd520e0665ffd076b6fb' AND file:hashes.SHA256 = '9ea00514c4ae9519a8938924b02826cfafeb75fc70f16c422aeadb8317a146c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ae2fb6e2-eb53-4135-80aa-c99f699f00d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:13.000Z", "modified": "2018-01-29T15:14:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9ea00514c4ae9519a8938924b02826cfafeb75fc70f16c422aeadb8317a146c1/analysis/1517235115/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a45-1f00-45f3-810d-4bf602de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/64", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a45-323c-4e64-a563-464902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:11:55", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a46-c494-4eb0-9953-4a7c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e183b4ca-ca78-403e-bcb3-d1d29c449eef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:17.000Z", "modified": "2018-01-29T15:14:17.000Z", "pattern": "[file:hashes.MD5 = '752292c4d4ad51feb489ee1e06498c7f' AND file:hashes.SHA1 = 'a841ff1ee379269f00261337a043448d3d72e6fd' AND file:hashes.SHA256 = '9a81cffe79057d8d307910143efd1455f956f2de2c7cc8fb07a7c17000913d59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf5aaef8-82a3-4e2e-941e-b8c4ffe63414", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:15.000Z", "modified": "2018-01-29T15:14:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9a81cffe79057d8d307910143efd1455f956f2de2c7cc8fb07a7c17000913d59/analysis/1512695747/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a48-9b74-42cc-9ff3-46ab02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/67", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a48-b3b0-48f4-95ae-493e02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-08T01:15:47", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a48-66d0-4f45-aed6-49d902de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--db392010-acf6-4a58-8b99-41ce01c4df3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:20.000Z", "modified": "2018-01-29T15:14:20.000Z", "pattern": "[file:hashes.MD5 = 'c1b8a7f861a7555a14e1a68067469a20' AND file:hashes.SHA1 = 'b5f81c804e47b76c74c38df03a5cbe8a4fe69a9a' AND file:hashes.SHA256 = '5586fb423aff39a02cddf5e456a83a8301afe9ed78ecbc8de2cd852bc0cd498f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--eec3e342-608c-4964-ae3b-00800c520b8c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:18.000Z", "modified": "2018-01-29T15:14:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5586fb423aff39a02cddf5e456a83a8301afe9ed78ecbc8de2cd852bc0cd498f/analysis/1517177517/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a4a-6bb4-40e5-a89d-430102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/66", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a4b-7dd8-46d5-beac-456c02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-28T22:11:57", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a4b-ddb8-4a19-bdfc-4c6002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d1f5a63-e7b2-4a40-82b2-1b5b504fdeed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:23.000Z", "modified": "2018-01-29T15:14:23.000Z", "pattern": "[file:hashes.MD5 = '5feae6cb9915c6378c4bb68740557d0a' AND file:hashes.SHA1 = '10128ab8770fbdecd81b8894208a760a3c266d78' AND file:hashes.SHA256 = '98073a58101dda103ea03bbd4b3554491d227f52ec01c245c3782e63c0fdbc07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--31ca081a-a527-41f1-a3b3-64001f2951b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:22.000Z", "modified": "2018-01-29T15:14:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98073a58101dda103ea03bbd4b3554491d227f52ec01c245c3782e63c0fdbc07/analysis/1508198972/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a4e-560c-42bd-bbd6-4ce502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/66", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a4e-533c-4de0-b3cc-412102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-17T00:09:32", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a4f-d810-4bc4-a109-4f3d02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bea6a180-0d2b-417c-a99a-4da282536b95", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:26.000Z", "modified": "2018-01-29T15:14:26.000Z", "pattern": "[file:hashes.MD5 = '71afb620857627400a648f91e6865991' AND file:hashes.SHA1 = '025081a1df7eae50a8404c507409d54a5973a3a1' AND file:hashes.SHA256 = '92295b38daa4e44b9d257e56c5b271bbbf6a620312dc58e48e56473427170aa1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8649e8ec-168b-4e02-90b0-3e712cf43bad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:24.000Z", "modified": "2018-01-29T15:14:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/92295b38daa4e44b9d257e56c5b271bbbf6a620312dc58e48e56473427170aa1/analysis/1461326472/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a50-e3c0-4731-a4c6-4d7f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "15/56", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a51-9850-4f08-8694-47ee02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2016-04-22T12:01:12", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a51-df44-4aa2-bdb2-4d6e02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e85ea249-c648-4fd8-a113-69e50469ebd8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:29.000Z", "modified": "2018-01-29T15:14:29.000Z", "pattern": "[file:hashes.MD5 = 'c189875f8b2bebc9f5a2e2af2f34e647' AND file:hashes.SHA1 = 'c8f7a30f8fd70e8565ed65eadc5b671a5beafb97' AND file:hashes.SHA256 = '51b0bb172c6e5eaa8e333fbf2451ae27094991b6330025374b9082ae8cd879cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8007182f-0cf9-43e4-8744-f382785a66f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:27.000Z", "modified": "2018-01-29T15:14:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/51b0bb172c6e5eaa8e333fbf2451ae27094991b6330025374b9082ae8cd879cf/analysis/1449835304/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a53-6d4c-47aa-8c52-490c02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/54", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a53-a990-44eb-bbfd-42c502de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2015-12-11T12:01:44", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a54-f0fc-48f3-9043-433c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64cedeaa-9cfe-4fc6-b3c8-932c9749389c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:31.000Z", "modified": "2018-01-29T15:14:31.000Z", "pattern": "[file:hashes.MD5 = '242f0ab53ac5d194af091296517ec10a' AND file:hashes.SHA1 = '3f9e7e6ab64f1f0a105cd42438198a23c3c99de6' AND file:hashes.SHA256 = 'eb46b8978619a72f4b0d3ea8961dde527f8e27e89701ccd6e5643c33b103d901']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6a90b9ce-29c1-4eb4-b2cb-0e6d9837371a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:30.000Z", "modified": "2018-01-29T15:14:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eb46b8978619a72f4b0d3ea8961dde527f8e27e89701ccd6e5643c33b103d901/analysis/1487600035/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a56-89d4-46cf-b7d9-476b02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/59", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a56-200c-4dea-b55a-4a2a02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-02-20T14:13:55", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a57-b61c-467c-abfd-4cc002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5ed311b-5e4e-47dd-b6bd-bc811f076f86", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:35.000Z", "modified": "2018-01-29T15:14:35.000Z", "pattern": "[file:hashes.MD5 = 'd2c6e6b0fbe37685ddb865cf6b523d8c' AND file:hashes.SHA1 = '376d309c999d536c47b8f8f1cecb32e5c74c00ce' AND file:hashes.SHA256 = '154ef5037e5de49a6e3c48ea7221a02a5df33c34420a586cbff6a46dc5026a91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--16899616-c8db-4453-95c7-8e762de660cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:33.000Z", "modified": "2018-01-29T15:14:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/154ef5037e5de49a6e3c48ea7221a02a5df33c34420a586cbff6a46dc5026a91/analysis/1517234807/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a59-3cf8-4798-98fb-436d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/64", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a5a-1924-430a-8269-45ea02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:06:47", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a5a-a080-4342-8b6f-45b402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcb27540-c9f1-4750-bfc5-7993b0831741", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:38.000Z", "modified": "2018-01-29T15:14:38.000Z", "pattern": "[file:hashes.MD5 = '5b5060ebb405140f87a1bb65e06c9e29' AND file:hashes.SHA1 = '3ee410dd50fc64f39dff0c4ee8cc676f0f7d5a74' AND file:hashes.SHA256 = 'f75861216f5716b0227733e6a093776f693361626efebe37618935b9c6e1bdfd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--edab7b9b-2c87-47e1-befa-565a3d7c8439", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:36.000Z", "modified": "2018-01-29T15:14:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f75861216f5716b0227733e6a093776f693361626efebe37618935b9c6e1bdfd/analysis/1507776322/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a5c-9700-4a4b-a67c-437302de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/64", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a5d-4884-45da-b1a1-4f3602de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-12T02:45:22", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a5d-5c1c-4593-9b4e-4bb102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9dd7e05-878a-4429-b680-cf431464a73d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:40.000Z", "modified": "2018-01-29T15:14:40.000Z", "pattern": "[file:hashes.MD5 = '632d08020499a6b5ee4852ecadc79f2e' AND file:hashes.SHA1 = '0735541949585c310f4da1ff515dcc9878df19fb' AND file:hashes.SHA256 = 'c5647603337a4e9bfbb2259c0aec7fa9868c87ded2ab74e9d233bdb2a3bb163e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c9d2ab7b-0b4c-4e35-a869-99ae3d39410f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:39.000Z", "modified": "2018-01-29T15:14:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c5647603337a4e9bfbb2259c0aec7fa9868c87ded2ab74e9d233bdb2a3bb163e/analysis/1517235729/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a5f-341c-4ec8-8b96-43d402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/65", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a5f-a170-43b8-b559-439202de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:22:09", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a60-db80-4126-93ad-469602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e26a37d6-f07e-4e6c-af03-f108a1105b25", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:43.000Z", "modified": "2018-01-29T15:14:43.000Z", "pattern": "[file:hashes.MD5 = '80b3d1c12fb6aaedc59ce4323b0850fe' AND file:hashes.SHA1 = 'bfd7158e1c2f6ba525e24f85ed8ccf8ef40fd370' AND file:hashes.SHA256 = '7b08b0d4d68ebf5238eaa8a40f815b83de372e345eb22cc3d50a4bb1869db78e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--56c1bb1a-f157-4e3b-9dcf-c01a873a722e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:42.000Z", "modified": "2018-01-29T15:14:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7b08b0d4d68ebf5238eaa8a40f815b83de372e345eb22cc3d50a4bb1869db78e/analysis/1517235119/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a62-5ac0-4f37-99c8-43aa02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/64", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a62-b570-4c60-a951-4eed02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:11:59", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a63-0efc-49a1-a059-4e5002de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ede96584-eb72-49a7-9f26-64b016ce5f46", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:46.000Z", "modified": "2018-01-29T15:14:46.000Z", "pattern": "[file:hashes.MD5 = 'd6c9f0bd1c0c106b2caaddcdff2b5785' AND file:hashes.SHA1 = '8a5dd45162ff27573095b0048dbbdc86c01dc287' AND file:hashes.SHA256 = 'c84afdd28fa0923a09f6dd3af1e3821cdb07862b2796fa004cd3229bc6129cbe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--994c08ac-acee-400e-bb69-14c42237c1cd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:45.000Z", "modified": "2018-01-29T15:14:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c84afdd28fa0923a09f6dd3af1e3821cdb07862b2796fa004cd3229bc6129cbe/analysis/1517235128/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a65-d438-4514-9c70-4a2502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/61", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a65-4354-4382-bc4d-491002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:12:08", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a66-33b8-41cf-b498-41cb02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6a26376-374d-4a00-942b-2839e120aa73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:49.000Z", "modified": "2018-01-29T15:14:49.000Z", "pattern": "[file:hashes.MD5 = 'fdc16eb59377efecd5411fedd87fb9d2' AND file:hashes.SHA1 = '323160c88a254127d9adb2848ae044afff376a4d' AND file:hashes.SHA256 = '24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c34845a5-7c9c-4065-9748-5b13e173b87c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:47.000Z", "modified": "2018-01-29T15:14:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18/analysis/1517235112/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a68-2c3c-4239-ae18-4a3f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/64", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a68-4e64-4f55-aca0-44be02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:11:52", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a68-3a4c-40e7-9cca-4a1702de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f999597-3850-4594-b271-e8fe0ab5d6e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:52.000Z", "modified": "2018-01-29T15:14:52.000Z", "pattern": "[file:hashes.MD5 = '7e859fe3d7ae323c8103567a399e87dc' AND file:hashes.SHA1 = '70d97367a3dbd5d45482b6af8c78c58b64d3f3b3' AND file:hashes.SHA256 = '15c52b01d2b9294e2dd4d9711cde99e10f11cd188e0d1e4fa9db78f9805626c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5d559431-716b-47d2-83df-05fd3810e321", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:50.000Z", "modified": "2018-01-29T15:14:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/15c52b01d2b9294e2dd4d9711cde99e10f11cd188e0d1e4fa9db78f9805626c3/analysis/1517235860/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a6a-a8b0-45fe-8acd-4c8002de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/65", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a6b-32fc-4b62-b916-444d02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:24:20", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a6c-436c-4cbb-b319-4d9502de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--588a8a84-a6e4-4f1e-a3b5-f721724a4049", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:55.000Z", "modified": "2018-01-29T15:14:55.000Z", "pattern": "[file:hashes.MD5 = '0b85887358fb335ad0dd7ccbc2d64bb4' AND file:hashes.SHA1 = '27ac7a29e1fc43b0ac26759857da9cefbba83a21' AND file:hashes.SHA256 = '74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--79d44c23-7f8f-4c10-958a-c5b4543aa7f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:53.000Z", "modified": "2018-01-29T15:14:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d/analysis/1517235491/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a6d-90dc-48b0-a2e4-428c02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/66", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a6e-4af8-4c65-b91f-468102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:18:11", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a6e-2850-4d23-ad53-41d602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a138407f-4844-4813-be9b-ccbba36de11e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:58.000Z", "modified": "2018-01-29T15:14:58.000Z", "pattern": "[file:hashes.MD5 = '83d6588446dc3ab7ba38315ecc29fbb5' AND file:hashes.SHA1 = '0b933c3200ac070abe1abbbbf7aeaa262e055cdb' AND file:hashes.SHA256 = '250cf8b44fc3ae86b467dd3a1c261a6c3d1645a8a21addfe7f2e2241ff8b79fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:14:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--76d75400-8a3c-42f2-86c3-a4da8e92c1d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:56.000Z", "modified": "2018-01-29T15:14:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/250cf8b44fc3ae86b467dd3a1c261a6c3d1645a8a21addfe7f2e2241ff8b79fc/analysis/1517234870/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a70-359c-4436-b14e-4a1f02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/65", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a70-4c00-4bd3-a24a-4fa702de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:07:50", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a71-4c30-4f70-81c7-41c402de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad32df7d-9acc-4252-b689-4a669a8823fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:00.000Z", "modified": "2018-01-29T15:15:00.000Z", "pattern": "[file:hashes.MD5 = '8d8a84790c774adf4c677d2238999eb5' AND file:hashes.SHA1 = '03f08a46aedb3d27cdd5b34b277cb499c827c80a' AND file:hashes.SHA256 = '2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:15:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--87098385-cbf7-4885-bcde-f5845d185baf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:14:58.000Z", "modified": "2018-01-29T15:14:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef/analysis/1517235853/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a73-7dc8-49cc-b0b5-4e2102de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/66", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a73-4a6c-4480-b3bd-426302de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:24:13", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a73-0a98-4d0f-9530-4ef102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c01c77b8-0ea5-478e-86c5-27cbc6ae2464", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:03.000Z", "modified": "2018-01-29T15:15:03.000Z", "pattern": "[file:hashes.MD5 = '47cfac75d2158bf513bcd1ed5e3dd58c' AND file:hashes.SHA1 = '346fba4a345b0d2433487efef8eb20b3ae4c6148' AND file:hashes.SHA256 = 'e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:15:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a22fcdc0-cc48-4364-8cef-6a6928c30423", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:02.000Z", "modified": "2018-01-29T15:15:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7/analysis/1517235858/", "category": "External analysis", "comment": "VERMIN", "uuid": "5a6f3a76-c630-4978-9e53-42e802de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/66", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a76-2558-4e14-8a7e-445002de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-29T14:24:18", "category": "Other", "comment": "VERMIN", "uuid": "5a6f3a76-4fec-477e-b965-41f302de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3939e98d-0f06-43f4-a3ee-414d8497bc73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:06.000Z", "modified": "2018-01-29T15:15:06.000Z", "pattern": "[file:hashes.MD5 = '50b1f0391995a0ce5c2d937e880b93ee' AND file:hashes.SHA1 = '1fbe4989522d57919340b618f4ab37bcb08d1ca7' AND file:hashes.SHA256 = '6f4e20e421451c3d8490067f8424d7efbcc5edeb82f80bb5562c76d4adfb0181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:15:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--80198a2a-38cc-46c2-88d5-42b55674df2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:04.000Z", "modified": "2018-01-29T15:15:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f4e20e421451c3d8490067f8424d7efbcc5edeb82f80bb5562c76d4adfb0181/analysis/1478099523/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a78-7f64-4c36-b5c4-4bbc02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/57", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a79-c738-4cb3-a44e-4b0a02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2016-11-02T15:12:03", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a79-cee8-4c11-8eb7-476602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bdaa5408-83ca-4245-8b77-920a710339fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:09.000Z", "modified": "2018-01-29T15:15:09.000Z", "pattern": "[file:hashes.MD5 = '4373f3cf99a279ac0c3d442f2844a89f' AND file:hashes.SHA1 = 'b77c718b4c7f161edc7a69157f3c73c3d68733ef' AND file:hashes.SHA256 = 'aa982fe7d28bbf55865047b16334efbe3fcb6bae06e5ed9cab544f1c8d307317']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-29T15:15:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--82728331-7584-4cf4-b953-8e966abd4a37", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-29T15:15:07.000Z", "modified": "2018-01-29T15:15:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aa982fe7d28bbf55865047b16334efbe3fcb6bae06e5ed9cab544f1c8d307317/analysis/1446359135/", "category": "External analysis", "comment": "Quasar", "uuid": "5a6f3a7b-3df0-41dc-825d-468d02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/56", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a7c-b8ac-4e9b-ae31-486d02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2015-11-01T06:25:35", "category": "Other", "comment": "Quasar", "uuid": "5a6f3a7c-5b2c-4544-b042-4eac02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dcf37455-fd52-439d-a749-8c1661e0238c", "created": "2018-02-16T08:52:58.000Z", "modified": "2018-02-16T08:52:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d9be292-dba6-4626-bdcc-c3cc94cd6427", "target_ref": "x-misp-object--2fe8fec4-eb73-4466-aaff-81baf3f665e8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0c3361cb-50df-4382-b8da-6e39908e5bd5", "created": "2018-02-16T08:52:58.000Z", "modified": "2018-02-16T08:52:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--464c0d84-bec5-4624-9226-e83fb79abe65", "target_ref": "x-misp-object--39e7fa59-4876-4433-a546-5ad01dd89d95" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7902b043-d8d3-42f4-a63b-1370279ba500", "created": "2018-02-16T08:52:58.000Z", "modified": "2018-02-16T08:52:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b9b273dc-465f-4c74-aaf5-c47c4db6ff49", "target_ref": "x-misp-object--7e00522f-7a22-4c38-954c-065f327ae27a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e7d0d6b-e3ca-48a7-88b2-dc616a0b8ec5", "created": "2018-02-16T08:52:58.000Z", "modified": "2018-02-16T08:52:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--03348905-4bbd-4f58-8370-bef8f3a2b7ef", "target_ref": "x-misp-object--908e2c6d-188d-4434-a5f4-e3bf349ff63d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--54156156-5dc1-40a2-83a7-91f682f2ed51", "created": "2018-02-16T08:52:58.000Z", "modified": "2018-02-16T08:52:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0870e838-42ad-470c-a177-d10678e2b685", "target_ref": "x-misp-object--b9407d74-26b8-4e0c-98c9-9d8e75bd96d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6c919a10-d537-4552-a184-1d35b6916950", "created": "2018-02-16T08:52:58.000Z", "modified": "2018-02-16T08:52:58.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--baa647b0-1c09-413a-af07-54da786df266", "target_ref": "x-misp-object--6e9a6b22-ccd0-44f4-a7a4-d5c54062e0a5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2618fee6-6215-4db7-b6a8-8583583dff5c", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--18e8d7ce-a4c8-4f0c-841b-81d4f8cacd1e", "target_ref": "x-misp-object--31b81fca-2950-49d9-b6a2-8ab7b732abf7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--43312da3-b47b-4260-ad18-4bf2f730c023", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--68e51b07-074d-4889-af2f-0b008a94d048", "target_ref": "x-misp-object--6d24fb20-9e41-440f-8860-992698e1567e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aed13f48-68bf-4940-8b47-a04e490adeb1", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0824551a-554e-4119-8e73-938369593536", "target_ref": "x-misp-object--ae2fb6e2-eb53-4135-80aa-c99f699f00d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c885dc0-d66a-42d6-9735-4a85d660c35e", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e183b4ca-ca78-403e-bcb3-d1d29c449eef", "target_ref": "x-misp-object--bf5aaef8-82a3-4e2e-941e-b8c4ffe63414" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a178638-a28f-4810-8d24-a59b621354c2", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--db392010-acf6-4a58-8b99-41ce01c4df3a", "target_ref": "x-misp-object--eec3e342-608c-4964-ae3b-00800c520b8c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1c2641f2-d0d6-46cc-91ee-81f8d832e4e7", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2d1f5a63-e7b2-4a40-82b2-1b5b504fdeed", "target_ref": "x-misp-object--31ca081a-a527-41f1-a3b3-64001f2951b3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6c31294-9d77-49ce-a205-291090cb9bcf", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bea6a180-0d2b-417c-a99a-4da282536b95", "target_ref": "x-misp-object--8649e8ec-168b-4e02-90b0-3e712cf43bad" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9aeea14-035c-4fd6-ad82-c661a0fe5aaf", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e85ea249-c648-4fd8-a113-69e50469ebd8", "target_ref": "x-misp-object--8007182f-0cf9-43e4-8744-f382785a66f9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f941994a-d438-4850-a844-da8f0af1c663", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--64cedeaa-9cfe-4fc6-b3c8-932c9749389c", "target_ref": "x-misp-object--6a90b9ce-29c1-4eb4-b2cb-0e6d9837371a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8257ef80-ae0c-4050-978b-ff8d37f39f1a", "created": "2018-02-16T08:52:59.000Z", "modified": "2018-02-16T08:52:59.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a5ed311b-5e4e-47dd-b6bd-bc811f076f86", "target_ref": "x-misp-object--16899616-c8db-4453-95c7-8e762de660cc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d59be621-cba6-48d2-9c2a-e482b3708e5c", "created": "2018-02-16T08:53:00.000Z", "modified": "2018-02-16T08:53:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fcb27540-c9f1-4750-bfc5-7993b0831741", "target_ref": "x-misp-object--edab7b9b-2c87-47e1-befa-565a3d7c8439" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9247181-f2fe-49ac-822d-c006cfeba80c", "created": "2018-02-16T08:53:00.000Z", "modified": "2018-02-16T08:53:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b9dd7e05-878a-4429-b680-cf431464a73d", "target_ref": "x-misp-object--c9d2ab7b-0b4c-4e35-a869-99ae3d39410f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--96b509ea-b0d4-4a5c-973c-01b856e0a7ab", "created": "2018-02-16T08:53:00.000Z", "modified": "2018-02-16T08:53:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e26a37d6-f07e-4e6c-af03-f108a1105b25", "target_ref": "x-misp-object--56c1bb1a-f157-4e3b-9dcf-c01a873a722e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f5573525-c0aa-4d73-8abf-5c65096ceb4e", "created": "2018-02-16T08:53:00.000Z", "modified": "2018-02-16T08:53:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ede96584-eb72-49a7-9f26-64b016ce5f46", "target_ref": "x-misp-object--994c08ac-acee-400e-bb69-14c42237c1cd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b67c7a3c-b2b2-487e-adc9-b0e8c17cfffe", "created": "2018-02-16T08:53:00.000Z", "modified": "2018-02-16T08:53:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d6a26376-374d-4a00-942b-2839e120aa73", "target_ref": "x-misp-object--c34845a5-7c9c-4065-9748-5b13e173b87c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3253e59b-6973-468f-abe8-df1c64920ffb", "created": "2018-02-16T08:53:01.000Z", "modified": "2018-02-16T08:53:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2f999597-3850-4594-b271-e8fe0ab5d6e5", "target_ref": "x-misp-object--5d559431-716b-47d2-83df-05fd3810e321" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--56e0a82e-a52a-4200-89b3-c84fcbff0d20", "created": "2018-02-16T08:53:01.000Z", "modified": "2018-02-16T08:53:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--588a8a84-a6e4-4f1e-a3b5-f721724a4049", "target_ref": "x-misp-object--79d44c23-7f8f-4c10-958a-c5b4543aa7f9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eecf656c-990c-46f3-98e5-047feafbf88f", "created": "2018-02-16T08:53:01.000Z", "modified": "2018-02-16T08:53:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a138407f-4844-4813-be9b-ccbba36de11e", "target_ref": "x-misp-object--76d75400-8a3c-42f2-86c3-a4da8e92c1d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--665ae2ec-15ec-4fbd-8ca7-bd564cf99d35", "created": "2018-02-16T08:53:01.000Z", "modified": "2018-02-16T08:53:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ad32df7d-9acc-4252-b689-4a669a8823fd", "target_ref": "x-misp-object--87098385-cbf7-4885-bcde-f5845d185baf" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7eae0a0e-8859-40be-b3b8-3f091ee77795", "created": "2018-02-16T08:53:01.000Z", "modified": "2018-02-16T08:53:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c01c77b8-0ea5-478e-86c5-27cbc6ae2464", "target_ref": "x-misp-object--a22fcdc0-cc48-4364-8cef-6a6928c30423" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7b787093-ad89-4a05-bccc-adf8bfbc030d", "created": "2018-02-16T08:53:01.000Z", "modified": "2018-02-16T08:53:01.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3939e98d-0f06-43f4-a3ee-414d8497bc73", "target_ref": "x-misp-object--80198a2a-38cc-46c2-88d5-42b55674df2b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a824f2e-60f1-4778-9cf7-3ae543d6d286", "created": "2018-02-16T08:53:02.000Z", "modified": "2018-02-16T08:53:02.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bdaa5408-83ca-4245-8b77-920a710339fc", "target_ref": "x-misp-object--82728331-7584-4cf4-b953-8e966abd4a37" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }