{ "type": "bundle", "id": "bundle--5e7a18bc-abe8-4fc7-ab5f-4ae1950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:40:42.000Z", "modified": "2020-03-24T14:40:42.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5e7a18bc-abe8-4fc7-ab5f-4ae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:40:42.000Z", "modified": "2020-03-24T14:40:42.000Z", "name": "OSINT - Pivot from IP address (105.235.129.138) where the C2 was running", "published": "2020-03-24T14:40:54Z", "object_refs": [ "indicator--5e7a1968-b19c-41dd-b781-1930950d210f", "indicator--5e7a19d5-45b4-4bea-bf5b-46ca950d210f", "indicator--5e7a19d6-db94-4f91-82bf-490f950d210f", "indicator--5e7a19d6-ae7c-4818-b93d-43d8950d210f", "indicator--5e7a19d6-9eb0-4d30-89ed-4df2950d210f", "indicator--5e7a19d6-cb24-46b0-b1c7-47d3950d210f", "indicator--5e7a19d6-4c30-46e5-b66b-4555950d210f", "indicator--5e7a19d6-9cdc-4f5b-813a-41a8950d210f", "indicator--5e7a19d6-ccf8-4693-bdd8-4005950d210f", "indicator--5e7a19d6-5a70-4037-8f86-42e0950d210f", "indicator--5e7a19d6-8680-4702-84c5-4a82950d210f", "indicator--5e7a19d6-633c-441c-9fe9-4f14950d210f", "indicator--5e7a19d6-c98c-4a7a-9b89-4f0a950d210f", "indicator--5e7a19d6-429c-4715-bb1f-479e950d210f", "indicator--5e7a19d6-9928-4b34-8fd0-4769950d210f", "indicator--5e7a19d6-5950-44c9-8eca-4718950d210f", "indicator--5e7a19d6-21fc-4005-8088-4fc2950d210f", "indicator--5e7a19d6-66c4-4a2f-bfd2-4894950d210f", "indicator--5e7a19d6-8bcc-4f0f-bda9-4e54950d210f", "indicator--5e7a19d6-0770-4af0-97b4-466e950d210f", "indicator--f76a681a-8320-432a-971c-d6af19b497f8", "x-misp-object--432f1504-8445-4a8e-a7eb-883ba6b0b52e", "indicator--5d9c7cce-7ad2-4479-9ab0-8d1e0cafc544", "x-misp-object--25a1e4ec-1fef-4774-8c69-eff8d494e892", "indicator--204301ea-d686-4d16-9981-9bd004e4afb8", "x-misp-object--b5b7c881-daec-4fc8-a43b-83344548d6e4", "indicator--3d55c00e-a69f-4227-bf8c-7566418430b8", "x-misp-object--75899f14-fde0-470c-8a97-73d10c6228e5", "indicator--20d43fe6-f333-4e0a-b4e5-bed417807b67", "x-misp-object--1b7e0ae2-7040-4243-b455-426833f0610e", "indicator--8b47a154-fc00-4edf-b90a-d03cf5552b95", "x-misp-object--e13e2f5a-e8b3-4115-9d02-ef2c09335cba", "indicator--ec2159c6-1e9d-42eb-8d30-4c324682727f", "x-misp-object--0fb8dde5-db9d-4325-ab53-0e7404037f2f", "indicator--d348d543-7258-4136-9561-fdcb09094cf8", "x-misp-object--77435506-8369-4930-8582-b36ca661fd4e", "indicator--d99b5879-0d8e-4974-bdcd-7d07cda14e8f", "x-misp-object--e15b15b3-8717-4f39-8320-50589c8c41c0", "indicator--3db629ff-cb1a-4e1b-800d-7d569005b015", "x-misp-object--77febe5a-7f90-45b1-bb57-1d99f458fd78", "indicator--71633f2d-548f-4a5c-9d94-977cc1e9d480", "x-misp-object--15954897-e5fa-466a-a676-a421b2523bf2", "indicator--e573e735-58a3-45d0-9238-b5b61723b376", "x-misp-object--e5cec23a-f3eb-4505-9acb-c7384f488c9d", "indicator--b8fe9dc2-a017-44f3-8c66-4b75c18b2a7c", "x-misp-object--0c2996b2-a4d4-428f-833e-c9d476cd0084", "indicator--37b61c47-5345-472c-ad8a-7c42424eec35", "x-misp-object--19556fee-a174-4697-ba43-73fde89f550f", "indicator--bb5ff5a6-c9da-4e5d-8c82-8236abfb7b4e", "x-misp-object--361058b9-f2cc-485c-bbc9-43c08acfb535", "indicator--e1d45267-77c9-4a93-b863-269ae13a7ffa", "x-misp-object--3a343bcb-20bf-408c-b484-25366a9999c7", "indicator--61187cb2-d89c-4480-8d84-b2058c6fc2c8", "x-misp-object--67e97413-2f49-4d8a-8596-90b2ab38a09e", "indicator--1c206342-00ee-4a05-9851-d871a7fb36f9", "x-misp-object--6e46b743-a59f-44fc-8758-aac9654faf1a", "indicator--ce558851-5e8d-4e60-b5b1-ec8f05d36c21", "x-misp-object--4e863807-bb6e-4a10-9602-84f289931607", "relationship--4f68303d-84e6-4b59-9ba7-bc7bc3a17b1e", "relationship--1efae8a1-d93d-491f-b204-cccb7dc11aab", "relationship--4dc1eaed-173f-4480-b01a-986e7bc0ed3f", "relationship--f140879b-8f19-4311-8780-13c2b728f5e2", "relationship--c80f368c-9d24-4a26-aaf1-e3ed1357e178", "relationship--675df4fa-67e7-4f3c-820d-e680502b2928", "relationship--7164c7e9-dee4-41d8-9417-a19e87fc4ce9", "relationship--fd87e71c-5494-40ec-8636-29758502008a", "relationship--d0e77db7-9487-465f-9469-1270608b8bbc", "relationship--2900d897-a72c-4b49-b80b-df31b172bcd6", "relationship--ee78f23b-ff39-435d-80d8-0fc72b24bbf6", "relationship--82b6ef72-a215-42b0-916a-57c5b851002d", "relationship--f2418851-8f32-4fc3-9921-d3ecc46760c3", "relationship--3dc15333-e3a8-49e6-913f-c94987b6e3a3", "relationship--d2a2e4f7-4723-4455-9a74-25810c034724", "relationship--e4bda4e8-ba20-4a51-bc19-8ee1af8f194c", "relationship--4b693b1a-e3f8-4626-8201-ec71ba769677", "relationship--553d475c-0c43-41ca-ba00-3800d6fe0985", "relationship--d3be0ed7-57c0-4ca8-80ae-79dcd413dab1" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a1968-b19c-41dd-b781-1930950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:30:00.000Z", "modified": "2020-03-24T14:30:00.000Z", "description": "C2 seen in RevengeRAT", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '105.235.129.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:30:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d5-45b4-4bea-bf5b-46ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:49.000Z", "modified": "2020-03-24T14:31:49.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '44a072d0d5f531d245f1d4afdd698045']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-db94-4f91-82bf-490f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '491576d3fa9656a2e7dfb04853054d20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-ae7c-4818-b93d-43d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = 'dfb087fc27d6ae637dfe9dc5815f8d69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-9eb0-4d30-89ed-4df2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = 'e64bd29b1927aed005addefe3a67f4c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-cb24-46b0-b1c7-47d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '82ea81845bf0e7da6cde6ce688a27e93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-4c30-46e5-b66b-4555950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = 'c93e9d4ebc7cd210003ada07c7bf08b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-9cdc-4f5b-813a-41a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '725e847eca66f9fd882239a73ae066d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-ccf8-4693-bdd8-4005950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '53d4d4cc977362c09fd466bb676567c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-5a70-4037-8f86-42e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '38881d950eb4269b047ff95f2f5c1ba3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-8680-4702-84c5-4a82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '3bf3208b13b3fa71fed6e982ea97ba24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-633c-441c-9fe9-4f14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = 'd08e5af0738841307d920b0da3fea555']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-c98c-4a7a-9b89-4f0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '3ed826708dd257795420951450b3986c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-429c-4715-bb1f-479e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '4e713b040bd5fcf38533c4fbab817a0a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-9928-4b34-8fd0-4769950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '2c323b2676106a7d1952cb8a2765b307']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-5950-44c9-8eca-4718950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-21fc-4005-8088-4fc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '3019d4ae2c559ac4dbf531acfc3fa780']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-66c4-4a2f-bfd2-4894950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = 'fea3e01abc57cef587c2383d488fd98a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-8bcc-4f0f-bda9-4e54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = '34a485d7ab1c84b0f925e88b008b2c53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e7a19d6-0770-4af0-97b4-466e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:31:50.000Z", "modified": "2020-03-24T14:31:50.000Z", "description": "RiskIQ expansion", "pattern": "[file:hashes.MD5 = 'fbebccbe2a1665199b46dcb21634b71d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:31:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f76a681a-8320-432a-971c-d6af19b497f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:19.000Z", "modified": "2020-03-24T14:36:19.000Z", "pattern": "[file:hashes.MD5 = '53d4d4cc977362c09fd466bb676567c8' AND file:hashes.SHA1 = '721ca63682c4a34c86585f80eceead43f20e10f3' AND file:hashes.SHA256 = '5e94b03664c3674f3eab1e750ffde61d3d21d938ec0ce21f6f64bc9362aeb084']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--432f1504-8445-4a8e-a7eb-883ba6b0b52e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:20.000Z", "modified": "2020-03-24T14:36:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-24T11:50:00+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "5f231374-0e4a-4514-be39-783f8a1b4464" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5e94b03664c3674f3eab1e750ffde61d3d21d938ec0ce21f6f64bc9362aeb084/analysis/1585050600/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "89498e6d-c95c-4e50-b58c-e2d0cca2693a" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "d7592b9e-6331-45ce-beb8-8cc626a54caa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d9c7cce-7ad2-4479-9ab0-8d1e0cafc544", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:20.000Z", "modified": "2020-03-24T14:36:20.000Z", "pattern": "[file:hashes.MD5 = '38881d950eb4269b047ff95f2f5c1ba3' AND file:hashes.SHA1 = 'd3fb78a1ae45330b4b7231559b9c7aa81b19904c' AND file:hashes.SHA256 = '6432378da1a760f6eb9e3a02eda5433a91f3dc056948269c04a8cfae0c7831f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--25a1e4ec-1fef-4774-8c69-eff8d494e892", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:20.000Z", "modified": "2020-03-24T14:36:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-20T02:24:25+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "6e37e8c5-9059-4d5e-bbc3-0cc82ed3bbff" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6432378da1a760f6eb9e3a02eda5433a91f3dc056948269c04a8cfae0c7831f0/analysis/1584671065/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "a724a99b-4bd6-4c12-9e8a-b52b4d287fa4" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/72", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "e779adf9-1b7c-4cb4-8502-7336b868f2d4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--204301ea-d686-4d16-9981-9bd004e4afb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:20.000Z", "modified": "2020-03-24T14:36:20.000Z", "pattern": "[file:hashes.MD5 = '491576d3fa9656a2e7dfb04853054d20' AND file:hashes.SHA1 = '1ee3b37f196d0d94634fb89e4298ebbe014b3da1' AND file:hashes.SHA256 = '053aea685891f94d757153fea5829ab89fe2d09007c584bd4bac62c65ec801ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b5b7c881-daec-4fc8-a43b-83344548d6e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:20.000Z", "modified": "2020-03-24T14:36:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-20T02:16:41+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "745bd7e6-3eb9-4957-9607-06b572104230" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/053aea685891f94d757153fea5829ab89fe2d09007c584bd4bac62c65ec801ed/analysis/1584670601/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "95751986-8055-4a4e-801c-32aebe01deca" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "1cbd68b1-86bc-4435-90f5-c7e2032539c7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d55c00e-a69f-4227-bf8c-7566418430b8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:21.000Z", "modified": "2020-03-24T14:36:21.000Z", "pattern": "[file:hashes.MD5 = 'fea3e01abc57cef587c2383d488fd98a' AND file:hashes.SHA1 = '5ca083ae368e9848c7f5602f09dea1cac2d2c05d' AND file:hashes.SHA256 = 'be5d07b405aea2c17b26ecb4cea2ce64c6a996019768d5334d5e3ebf90818b52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--75899f14-fde0-470c-8a97-73d10c6228e5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:21.000Z", "modified": "2020-03-24T14:36:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-16T10:09:04+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "36e4c74d-c95f-4143-98ed-349fb82b09e2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/be5d07b405aea2c17b26ecb4cea2ce64c6a996019768d5334d5e3ebf90818b52/analysis/1584353344/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "df067739-59cd-49e0-a319-9e895e7e3126" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/63", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "538c3ff0-a3c5-415b-91b2-4a144decdf7f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20d43fe6-f333-4e0a-b4e5-bed417807b67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:21.000Z", "modified": "2020-03-24T14:36:21.000Z", "pattern": "[file:hashes.MD5 = '2c323b2676106a7d1952cb8a2765b307' AND file:hashes.SHA1 = '68314c818b251aa2034675cd2b62db14a392a3de' AND file:hashes.SHA256 = '6b322007395cfdf163596e62575c52f0123c5f4a8b49407f8d4364b44299d5d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b7e0ae2-7040-4243-b455-426833f0610e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:21.000Z", "modified": "2020-03-24T14:36:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T07:13:21+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "21ab625b-6023-433b-8272-fdc79cd8298d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b322007395cfdf163596e62575c52f0123c5f4a8b49407f8d4364b44299d5d1/analysis/1584602001/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "1392c9fd-c405-49c1-bf03-e29b05ca4874" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "cd124ee7-363e-4d68-bb19-826e9904898d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8b47a154-fc00-4edf-b90a-d03cf5552b95", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:21.000Z", "modified": "2020-03-24T14:36:21.000Z", "pattern": "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5' AND file:hashes.SHA1 = '2544b6f5ed98151d36d466d2377897703c85a12e' AND file:hashes.SHA256 = 'fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e13e2f5a-e8b3-4115-9d02-ef2c09335cba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:22.000Z", "modified": "2020-03-24T14:36:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-17T09:22:54+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "2e407895-02cf-4b56-8578-bb6b1fb3b623" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9/analysis/1584436974/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "51adb1f2-d3f3-4fd6-b02f-1dbb6961a9ef" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/72", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "b567561e-685a-4290-be4b-704c6179c4fd" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec2159c6-1e9d-42eb-8d30-4c324682727f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:22.000Z", "modified": "2020-03-24T14:36:22.000Z", "pattern": "[file:hashes.MD5 = 'fbebccbe2a1665199b46dcb21634b71d' AND file:hashes.SHA1 = 'bbb1d9b5468b16c8f27ae43fbf0f4ef3f7ddbff7' AND file:hashes.SHA256 = '846f37da180b23f1e5a314fcf9d3804ea398ce6eead594bcff614f1384160c57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0fb8dde5-db9d-4325-ab53-0e7404037f2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:22.000Z", "modified": "2020-03-24T14:36:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T06:13:08+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "fe997fa5-c948-4956-98cd-eb0093018b05" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/846f37da180b23f1e5a314fcf9d3804ea398ce6eead594bcff614f1384160c57/analysis/1584598388/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "4c98e2a0-64e3-4aa8-b3d9-b99a68c8d6c2" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/72", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "ba9b9f51-e769-433e-906d-1d453778e5e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d348d543-7258-4136-9561-fdcb09094cf8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:22.000Z", "modified": "2020-03-24T14:36:22.000Z", "pattern": "[file:hashes.MD5 = 'e64bd29b1927aed005addefe3a67f4c0' AND file:hashes.SHA1 = '83c0bd612bb435245cb6f76b0ba18c1d4450c9ef' AND file:hashes.SHA256 = '33e8487c8a72debf50a23376a9127cba419f9515fb053dd24d2c0ed302243318']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--77435506-8369-4930-8582-b36ca661fd4e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:22.000Z", "modified": "2020-03-24T14:36:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T02:57:26+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "773fd8e1-786e-4223-8547-ec28c332ff54" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/33e8487c8a72debf50a23376a9127cba419f9515fb053dd24d2c0ed302243318/analysis/1584586646/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "e8dffea3-5df3-410a-b59c-2e77155aeb64" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/72", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "e7aa7dac-d23f-49e1-92d9-6acd8ed7c04a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d99b5879-0d8e-4974-bdcd-7d07cda14e8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:22.000Z", "modified": "2020-03-24T14:36:22.000Z", "pattern": "[file:hashes.MD5 = 'dfb087fc27d6ae637dfe9dc5815f8d69' AND file:hashes.SHA1 = 'f04c5549d76d04869e1b0bf9955dfc3f00cab8ff' AND file:hashes.SHA256 = '69999d817290dc8211d359cd719de6b3c440f99b9ab84c34ce4ab405a1f5135e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e15b15b3-8717-4f39-8320-50589c8c41c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:23.000Z", "modified": "2020-03-24T14:36:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-20T02:00:30+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "10d6e461-b479-4b0a-8dd7-add503d19e24" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/69999d817290dc8211d359cd719de6b3c440f99b9ab84c34ce4ab405a1f5135e/analysis/1584669630/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "a7ce8ed8-f56c-4376-b1c1-83eee0b11383" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "fdf47deb-a49b-4af3-bcd9-fc69f254411f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3db629ff-cb1a-4e1b-800d-7d569005b015", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:23.000Z", "modified": "2020-03-24T14:36:23.000Z", "pattern": "[file:hashes.MD5 = 'd08e5af0738841307d920b0da3fea555' AND file:hashes.SHA1 = '044c07dc58da47445dcb1b7bcbe35896fcda6403' AND file:hashes.SHA256 = '7bf85eaa32be3f39c824168cbef850dfe17914b84078930ddc0fe6c1691ae29b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--77febe5a-7f90-45b1-bb57-1d99f458fd78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:23.000Z", "modified": "2020-03-24T14:36:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-21T18:00:18+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "67184b05-f8ca-4e1c-bd15-0a054e3933d6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7bf85eaa32be3f39c824168cbef850dfe17914b84078930ddc0fe6c1691ae29b/analysis/1584813618/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "b40be2fd-3ba1-416d-a95e-fb571d8982bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/59", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "5771d627-a23b-4abb-9698-e68c3fb6938c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71633f2d-548f-4a5c-9d94-977cc1e9d480", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:23.000Z", "modified": "2020-03-24T14:36:23.000Z", "pattern": "[file:hashes.MD5 = '3019d4ae2c559ac4dbf531acfc3fa780' AND file:hashes.SHA1 = '816394af6c74dfd85c493ed8e440679531ff3f40' AND file:hashes.SHA256 = 'ac01b105cd96549cb4360e3a919624c1fff57aa902cb897042ff8b8a19b20007']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--15954897-e5fa-466a-a676-a421b2523bf2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:23.000Z", "modified": "2020-03-24T14:36:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T11:41:15+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "a520da6f-3020-4c98-b9e6-f053eb84cb4b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ac01b105cd96549cb4360e3a919624c1fff57aa902cb897042ff8b8a19b20007/analysis/1584618075/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "6b332797-ea40-4337-8bde-696c7b046655" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/72", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "4128d7ae-ab72-422e-a107-f96eea3f5c26" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e573e735-58a3-45d0-9238-b5b61723b376", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:23.000Z", "modified": "2020-03-24T14:36:23.000Z", "pattern": "[file:hashes.MD5 = '82ea81845bf0e7da6cde6ce688a27e93' AND file:hashes.SHA1 = 'eab91506996ca7061e689d8197c8c70aae446a69' AND file:hashes.SHA256 = '06bf3044c702c820aca25ece35cf76d13df0d806d164df573a89f0b9d08132f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e5cec23a-f3eb-4505-9acb-c7384f488c9d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:24.000Z", "modified": "2020-03-24T14:36:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T03:15:13+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "03248e8c-ea25-4566-80dd-f03426f010e1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/06bf3044c702c820aca25ece35cf76d13df0d806d164df573a89f0b9d08132f1/analysis/1584587713/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "24c8a319-1dcc-4f4a-a930-ee04e90a8d47" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "c30c27f5-ba27-4ca9-abcb-56bc025a4a06" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8fe9dc2-a017-44f3-8c66-4b75c18b2a7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:24.000Z", "modified": "2020-03-24T14:36:24.000Z", "pattern": "[file:hashes.MD5 = '4e713b040bd5fcf38533c4fbab817a0a' AND file:hashes.SHA1 = 'd35eb5ca2ca01f2aaac9dc4357743fdca3682738' AND file:hashes.SHA256 = '44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0c2996b2-a4d4-428f-833e-c9d476cd0084", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:24.000Z", "modified": "2020-03-24T14:36:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-24T00:05:29+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "e7ac84b1-17c8-4a22-a72f-2c76aa531f56" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8/analysis/1585008329/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "54298460-16af-411e-90ae-762601c54e3d" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/59", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "ee1f6192-aba9-42c5-8fbb-d986260fc8c9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37b61c47-5345-472c-ad8a-7c42424eec35", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:24.000Z", "modified": "2020-03-24T14:36:24.000Z", "pattern": "[file:hashes.MD5 = '3ed826708dd257795420951450b3986c' AND file:hashes.SHA1 = 'b8a684cdb0c36b4a9c11964c014bad3dff0b2edf' AND file:hashes.SHA256 = '6ff34f66d54e8e349f9ec9b05a2d8ffb80aa46f1c7ee2cf51d296248d53cf89e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--19556fee-a174-4697-ba43-73fde89f550f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:24.000Z", "modified": "2020-03-24T14:36:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-18T11:29:12+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "8c9ab266-ff62-4bc7-b637-4008e6a655df" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6ff34f66d54e8e349f9ec9b05a2d8ffb80aa46f1c7ee2cf51d296248d53cf89e/analysis/1584530952/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "8af7f63d-1803-494d-81a1-040696c2d19e" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/72", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "a9e2d709-645d-440c-ae02-f70d149a7472" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb5ff5a6-c9da-4e5d-8c82-8236abfb7b4e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:24.000Z", "modified": "2020-03-24T14:36:24.000Z", "pattern": "[file:hashes.MD5 = '34a485d7ab1c84b0f925e88b008b2c53' AND file:hashes.SHA1 = 'a457431bb958e563c182ab2804301f66fbb9ca9c' AND file:hashes.SHA256 = '656053240832a63cdd1ae2cffcf2231a0f6ee7406091cedcb94116b594849dbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--361058b9-f2cc-485c-bbc9-43c08acfb535", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:25.000Z", "modified": "2020-03-24T14:36:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T04:01:50+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "0780afcf-eb32-427d-abc2-c02c8814499a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/656053240832a63cdd1ae2cffcf2231a0f6ee7406091cedcb94116b594849dbf/analysis/1584590510/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "d78a64e4-4c72-4413-9953-e15c791a3f06" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "1336d755-3294-402b-b66c-3c0d53aca083" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e1d45267-77c9-4a93-b863-269ae13a7ffa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:25.000Z", "modified": "2020-03-24T14:36:25.000Z", "pattern": "[file:hashes.MD5 = 'c93e9d4ebc7cd210003ada07c7bf08b6' AND file:hashes.SHA1 = 'd81738892dca1a6823da27d886bbdb9f242b3584' AND file:hashes.SHA256 = 'eef8248e20dfa95ac1ceb46bfffd4126d238cd5c244fead8c0991014ffa436f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3a343bcb-20bf-408c-b484-25366a9999c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:25.000Z", "modified": "2020-03-24T14:36:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-19T06:30:09+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "a85dd139-a53d-4e31-9303-0af17f9813ad" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eef8248e20dfa95ac1ceb46bfffd4126d238cd5c244fead8c0991014ffa436f1/analysis/1584599409/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "fd4d8529-aad6-4c6c-a525-a3028116a68f" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "07f81196-2184-49fd-912f-775ccfe96d85" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61187cb2-d89c-4480-8d84-b2058c6fc2c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:25.000Z", "modified": "2020-03-24T14:36:25.000Z", "pattern": "[file:hashes.MD5 = '725e847eca66f9fd882239a73ae066d1' AND file:hashes.SHA1 = 'abbbe10e3c6e5ed480a0743c540dbaba62ecaaf6' AND file:hashes.SHA256 = '1d20fca6089bb0f967b4d2b203eee43ae0d9f2d52417d608fb886be8e68dfa92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--67e97413-2f49-4d8a-8596-90b2ab38a09e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:25.000Z", "modified": "2020-03-24T14:36:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-16T23:04:04+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "f5559fd0-febb-4cac-9909-f4d1845e4e66" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1d20fca6089bb0f967b4d2b203eee43ae0d9f2d52417d608fb886be8e68dfa92/analysis/1584399844/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "3e881f65-866c-44e4-a7e4-edcb939fe9d8" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/71", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "3ce3c86a-6fd5-493e-a0bb-383a1cbefa7a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c206342-00ee-4a05-9851-d871a7fb36f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:25.000Z", "modified": "2020-03-24T14:36:25.000Z", "pattern": "[file:hashes.MD5 = '44a072d0d5f531d245f1d4afdd698045' AND file:hashes.SHA1 = '1a81675040a7ce679d7802695245a8ea8e6424d3' AND file:hashes.SHA256 = '451e4d4584232f3bce46b448ca6ab1c8210276bfbebd8d254709503c80c960f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6e46b743-a59f-44fc-8758-aac9654faf1a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-20T07:01:30+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "f47dd028-cfad-4077-a4e1-5e92d52211cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/451e4d4584232f3bce46b448ca6ab1c8210276bfbebd8d254709503c80c960f3/analysis/1584687690/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "20376095-8886-4d92-91ea-60f1cdacba66" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/73", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "bcdd319a-3ca2-45ad-9ee9-363e55714592" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce558851-5e8d-4e60-b5b1-ec8f05d36c21", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "pattern": "[file:hashes.MD5 = '3bf3208b13b3fa71fed6e982ea97ba24' AND file:hashes.SHA1 = 'ab78a81c43b153153de83f432608f8f2e6578341' AND file:hashes.SHA256 = 'fe1e416fced8f9557f471531c3b7f965d73606f6102e5a339e40237865d60eb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-03-24T14:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4e863807-bb6e-4a10-9602-84f289931607", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-03-20T07:25:15+00:00", "category": "Other", "comment": "RiskIQ expansion", "uuid": "8e711621-0a71-4ff2-b05a-e3c952828408" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fe1e416fced8f9557f471531c3b7f965d73606f6102e5a339e40237865d60eb4/analysis/1584689115/", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "199c4dd0-2fa2-4a6e-9b3f-83c7c529f938" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/71", "category": "Payload delivery", "comment": "RiskIQ expansion", "uuid": "ed6d16cd-57d4-45bf-a05c-a66f5fe8c8eb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f68303d-84e6-4b59-9ba7-bc7bc3a17b1e", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f76a681a-8320-432a-971c-d6af19b497f8", "target_ref": "x-misp-object--432f1504-8445-4a8e-a7eb-883ba6b0b52e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1efae8a1-d93d-491f-b204-cccb7dc11aab", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d9c7cce-7ad2-4479-9ab0-8d1e0cafc544", "target_ref": "x-misp-object--25a1e4ec-1fef-4774-8c69-eff8d494e892" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4dc1eaed-173f-4480-b01a-986e7bc0ed3f", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--204301ea-d686-4d16-9981-9bd004e4afb8", "target_ref": "x-misp-object--b5b7c881-daec-4fc8-a43b-83344548d6e4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f140879b-8f19-4311-8780-13c2b728f5e2", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3d55c00e-a69f-4227-bf8c-7566418430b8", "target_ref": "x-misp-object--75899f14-fde0-470c-8a97-73d10c6228e5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c80f368c-9d24-4a26-aaf1-e3ed1357e178", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--20d43fe6-f333-4e0a-b4e5-bed417807b67", "target_ref": "x-misp-object--1b7e0ae2-7040-4243-b455-426833f0610e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--675df4fa-67e7-4f3c-820d-e680502b2928", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8b47a154-fc00-4edf-b90a-d03cf5552b95", "target_ref": "x-misp-object--e13e2f5a-e8b3-4115-9d02-ef2c09335cba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7164c7e9-dee4-41d8-9417-a19e87fc4ce9", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec2159c6-1e9d-42eb-8d30-4c324682727f", "target_ref": "x-misp-object--0fb8dde5-db9d-4325-ab53-0e7404037f2f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fd87e71c-5494-40ec-8636-29758502008a", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d348d543-7258-4136-9561-fdcb09094cf8", "target_ref": "x-misp-object--77435506-8369-4930-8582-b36ca661fd4e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0e77db7-9487-465f-9469-1270608b8bbc", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d99b5879-0d8e-4974-bdcd-7d07cda14e8f", "target_ref": "x-misp-object--e15b15b3-8717-4f39-8320-50589c8c41c0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2900d897-a72c-4b49-b80b-df31b172bcd6", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3db629ff-cb1a-4e1b-800d-7d569005b015", "target_ref": "x-misp-object--77febe5a-7f90-45b1-bb57-1d99f458fd78" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ee78f23b-ff39-435d-80d8-0fc72b24bbf6", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--71633f2d-548f-4a5c-9d94-977cc1e9d480", "target_ref": "x-misp-object--15954897-e5fa-466a-a676-a421b2523bf2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82b6ef72-a215-42b0-916a-57c5b851002d", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e573e735-58a3-45d0-9238-b5b61723b376", "target_ref": "x-misp-object--e5cec23a-f3eb-4505-9acb-c7384f488c9d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f2418851-8f32-4fc3-9921-d3ecc46760c3", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b8fe9dc2-a017-44f3-8c66-4b75c18b2a7c", "target_ref": "x-misp-object--0c2996b2-a4d4-428f-833e-c9d476cd0084" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3dc15333-e3a8-49e6-913f-c94987b6e3a3", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--37b61c47-5345-472c-ad8a-7c42424eec35", "target_ref": "x-misp-object--19556fee-a174-4697-ba43-73fde89f550f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d2a2e4f7-4723-4455-9a74-25810c034724", "created": "2020-03-24T14:36:26.000Z", "modified": "2020-03-24T14:36:26.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bb5ff5a6-c9da-4e5d-8c82-8236abfb7b4e", "target_ref": "x-misp-object--361058b9-f2cc-485c-bbc9-43c08acfb535" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4bda4e8-ba20-4a51-bc19-8ee1af8f194c", "created": "2020-03-24T14:36:27.000Z", "modified": "2020-03-24T14:36:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e1d45267-77c9-4a93-b863-269ae13a7ffa", "target_ref": "x-misp-object--3a343bcb-20bf-408c-b484-25366a9999c7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b693b1a-e3f8-4626-8201-ec71ba769677", "created": "2020-03-24T14:36:27.000Z", "modified": "2020-03-24T14:36:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--61187cb2-d89c-4480-8d84-b2058c6fc2c8", "target_ref": "x-misp-object--67e97413-2f49-4d8a-8596-90b2ab38a09e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--553d475c-0c43-41ca-ba00-3800d6fe0985", "created": "2020-03-24T14:36:27.000Z", "modified": "2020-03-24T14:36:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1c206342-00ee-4a05-9851-d871a7fb36f9", "target_ref": "x-misp-object--6e46b743-a59f-44fc-8758-aac9654faf1a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d3be0ed7-57c0-4ca8-80ae-79dcd413dab1", "created": "2020-03-24T14:36:27.000Z", "modified": "2020-03-24T14:36:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ce558851-5e8d-4e60-b5b1-ec8f05d36c21", "target_ref": "x-misp-object--4e863807-bb6e-4a10-9602-84f289931607" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }