{ "type": "bundle", "id": "bundle--5c9b92ae-0428-46ef-9ced-4d47950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-05T06:33:52.000Z", "modified": "2019-04-05T06:33:52.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5c9b92ae-0428-46ef-9ced-4d47950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-05T06:33:52.000Z", "modified": "2019-04-05T06:33:52.000Z", "name": "Bulletin d\u2019actualit\u00e9 CERTFR-2019-ACT-005", "context": "suspicious-activity", "object_refs": [ "observed-data--5c9c7c27-f578-43fb-8950-f682950d210f", "url--5c9c7c27-f578-43fb-8950-f682950d210f", "observed-data--5c9c80a8-de8c-4737-92ae-4250950d210f", "url--5c9c80a8-de8c-4737-92ae-4250950d210f", "indicator--5c9c9c28-b844-44bf-91d9-45c5950d210f", "indicator--5c9c9c28-2aa0-4318-b516-44f8950d210f", "x-misp-attribute--5c9ca433-92e0-4c95-a054-4528950d210f", "indicator--5c9cdbca-78dc-499a-86a2-4d6e950d210f", "indicator--5c9cdbca-0e04-42d7-ab25-4e14950d210f", "indicator--5c9cdcc4-d2dc-4f8c-8947-43c0950d210f", "indicator--5c9cdcc7-8654-45c7-b3b1-440b950d210f", "indicator--5c9cdccf-0b50-4881-8bfe-4b34950d210f", "indicator--5c9cdcd0-3b78-4d12-b3c2-42ea950d210f", "indicator--5c9cdcd0-2d68-4958-8ea1-4cc3950d210f", "indicator--5c9cdcd0-4e7c-4567-a324-4a7d950d210f", "x-misp-attribute--5c9e39dc-a38c-422e-903f-4831950d210f", "indicator--5ca1b269-0aa4-479e-80c5-457a950d210f", "indicator--5ca1b269-97c8-4a64-aec2-46f0950d210f", "indicator--5ca1b269-b02c-43ad-afbd-4f69950d210f", "indicator--5ca1b269-01f8-4c66-b7a6-4318950d210f", "indicator--5ca1b269-6478-47f0-a5cd-4e8f950d210f", "indicator--5ca1b269-9670-48a3-8bbe-4639950d210f", "indicator--5ca1b269-f7fc-4efd-9e26-4955950d210f", "indicator--5ca1b269-eb04-4df7-8a0b-41d9950d210f", "indicator--5ca1ce9d-cd4c-46b6-9a6a-3ff6950d210f", "indicator--5ca1ce9d-b568-4caf-bdff-3ff6950d210f", "indicator--5ca1d8cb-4e80-4388-9890-d6af950d210f", "indicator--5ca1d8cb-e228-4161-9aa7-d6af950d210f", "indicator--5ca1d8cb-f2a0-4fca-a92a-d6af950d210f", "indicator--5ca1d8cb-69b8-4968-9f67-d6af950d210f", "indicator--5ca1d8cb-1654-4bf2-b765-d6af950d210f", "indicator--5ca1d8cb-3414-41ec-9f72-d6af950d210f", "indicator--5ca1d8cb-8b64-4abe-87e7-d6af950d210f", "indicator--5ca1d8cb-121c-4714-aa3e-d6af950d210f", "indicator--5ca1d8cb-a8d8-46e0-aa54-d6af950d210f", "indicator--5ca1d8cb-6ed8-400b-b4fa-d6af950d210f", "indicator--5ca1d8cb-d90c-47f7-94c8-d6af950d210f", "indicator--5ca1d8cb-27c4-4c61-a7ef-d6af950d210f", "indicator--5ca1d8cc-5548-451c-9747-d6af950d210f", "indicator--5ca1d8cc-c67c-4701-8470-d6af950d210f", "indicator--5ca1d8cc-a450-4ef1-a1bb-d6af950d210f", "indicator--5ca1d8cc-f1c0-4dfc-85f9-d6af950d210f", "indicator--5ca1d8cc-5104-424c-bb78-d6af950d210f", "indicator--5ca1d8cc-2b0c-4ab6-9304-d6af950d210f", "indicator--5ca1d8cc-dc90-45a2-a6bf-d6af950d210f", "indicator--5ca1d8cc-fb50-48bc-8dbb-d6af950d210f", "indicator--5ca1d8cc-c190-4f11-9122-d6af950d210f", "indicator--5ca1d8cc-c2f0-469e-8883-d6af950d210f", "indicator--5ca1d8cc-0cd4-4431-a10f-d6af950d210f", "indicator--5ca1d8cc-6270-48ed-af05-d6af950d210f", "indicator--5ca1d8cc-dedc-4b55-ab68-d6af950d210f", "indicator--5ca1d8cc-3284-4bbd-a95a-d6af950d210f", "indicator--5ca1d8cc-589c-4067-adcd-d6af950d210f", "indicator--5ca1d8cc-ac04-4efc-a767-d6af950d210f", "indicator--5ca1d8cc-4df0-408a-8b83-d6af950d210f", "indicator--5ca1d8cc-f428-494a-86ac-d6af950d210f", "indicator--5ca1d8cc-2d24-4de1-8232-d6af950d210f", "indicator--5ca1d8cc-c530-4ce4-9202-d6af950d210f", "indicator--5ca1d8cc-5c10-4070-aebe-d6af950d210f", "indicator--5ca1d8cc-55a0-4f8a-baf7-d6af950d210f", "indicator--5ca1d8cc-84f4-476c-8619-d6af950d210f", "indicator--5ca1d8cc-4490-4918-ac84-d6af950d210f", "indicator--5ca1e082-87c0-4e54-891a-4dba950d210f", "indicator--5ca1e082-c73c-48e1-91c2-4875950d210f", "indicator--5ca1e082-a4c8-4094-be2e-4276950d210f", "indicator--5ca1e082-df5c-42e5-95c1-43ca950d210f", "indicator--5ca1e082-2f08-4f8b-a82a-4d65950d210f", "indicator--5ca1e082-08fc-4585-83d4-47c7950d210f", "indicator--5ca1e082-1960-4f42-89e3-4a5c950d210f", "indicator--5ca1e082-5a98-4ee3-afa7-48c0950d210f", "indicator--5ca1e082-9dc4-4403-aaaa-406e950d210f", "indicator--5ca1e082-1610-4df6-9bd7-4a89950d210f", "indicator--5ca1e082-0ebc-43d4-b476-48ea950d210f", "indicator--5ca1e082-aa0c-48ab-ac8e-4840950d210f", "indicator--5ca1e082-fed8-4893-b9c4-4dc7950d210f", "indicator--5ca1e082-e1c8-4d0d-8458-41eb950d210f", "indicator--5ca1e082-72d0-49db-8909-4523950d210f", "indicator--5ca1e082-7dfc-43c5-864b-494c950d210f", "indicator--5ca1e082-4b0c-4376-89e9-4075950d210f", "indicator--5ca1e082-c614-431c-b553-4eff950d210f", "indicator--5ca1e719-4834-41f6-be6d-4586950d210f", "indicator--5ca1e719-db18-46a6-9d1c-4acc950d210f", "indicator--5ca1e719-819c-451a-9977-400e950d210f", "indicator--5ca1e719-ffe4-4586-9f65-4c75950d210f", "indicator--5ca1e719-0af8-451f-9ab5-4828950d210f", "indicator--5ca1e71a-e47c-45fa-95f8-4ebc950d210f", "indicator--5ca1e71a-eb68-4e2f-afb1-405c950d210f", "indicator--5ca1e71a-4378-412c-acbe-499f950d210f", "indicator--5ca21226-bc58-47e2-bc18-4c09950d210f", "indicator--5ca21226-ff2c-4002-91db-40b4950d210f", "indicator--5ca21226-c4bc-43b0-b0da-40a8950d210f", "indicator--5ca61559-4fd4-4df0-976e-43ba950d210f", "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f", "indicator--5c9c882a-a40c-46db-a3f5-f383950d210f", "indicator--5c9cb1a2-817c-414b-b7be-43cd950d210f", "indicator--5c9cb1c2-6f04-4808-99d0-4d8f950d210f", "indicator--5c9cb1dc-7ee8-4a94-adef-41cb950d210f", "indicator--5c9cb2c5-c444-4380-9cd7-4c8a950d210f", "indicator--5c9cdbf4-ea34-4d13-90a4-4ce6950d210f", "indicator--5c9cdc5e-12f4-4dfc-9918-4108950d210f", "indicator--5c9cdc7d-4d18-4cc8-b36e-4c83950d210f", "indicator--5c9cdeef-4adc-461d-9b72-4062950d210f", "indicator--5c9e3862-4960-4ec0-a6fc-4f4e950d210f", "indicator--5c9e3895-b9dc-4d74-baa0-4e3e950d210f", "indicator--5c9e38d2-e5ac-42e6-8787-4c7a950d210f", "indicator--5c9e3b43-3128-4838-8d63-4a69950d210f", "indicator--5c9e3bc2-5a24-4d69-a335-4793950d210f", "indicator--5ca1b7ca-7424-4d99-8c46-4095950d210f", "indicator--5ca1ce80-3410-445c-9a8c-20d7950d210f", "indicator--5ca5e3be-9cc4-4a68-939e-bac6950d210f", "indicator--f9ccc29b-21e0-4670-bd40-9ddb5e77097a", "x-misp-object--35c21dc1-1c39-413c-946a-f8bb9b26b6f7", "indicator--72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1", "x-misp-object--5108ef6e-6e11-42eb-b04b-c98a3baf0989", "indicator--f267dc71-bbf0-4cc5-9b5b-3fa211e28a18", "x-misp-object--f0ef8684-416a-4769-ad67-0b01c27351f8", "indicator--aea6e39a-79e2-459d-bcc5-4a1ea6a2a033", "x-misp-object--9d450a87-d02c-4ca7-8e63-51de5717eac9", "indicator--a1a98fae-2b40-4d36-bd5c-5b601c2ca216", "x-misp-object--e3d0d58a-ba39-4023-9f87-abc23fee99ab", "x-misp-object--83d90e56-d8fd-4fb2-bb57-580a66a57ee2", "x-misp-object--15d2637f-5587-422e-9c0d-b5765db3b370", "x-misp-object--62d88faa-c81c-4ee2-a031-950e7b8e74eb", "x-misp-object--655b355a-d27a-47e7-953c-e518814e77d1", "x-misp-object--aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d", "x-misp-object--dff728c7-5c19-4f03-86c3-da8de2fb5fe9", "x-misp-object--5e8bc41a-f1de-4db9-99ce-f8e2d360a71e", "x-misp-object--90999cf4-f049-48cc-b058-7218d5e66a87", "x-misp-object--6ec3241c-a53a-4b24-ad19-b37fe1926ca3", "x-misp-object--0bc1a3db-aa59-4e3e-962c-0141a9507044", "x-misp-object--c4efd0bd-ca37-4e9a-9669-b284391231d0", "x-misp-object--91238841-2e89-4fd8-a8e8-eda64827b73d", "x-misp-object--4a8c1dc6-773d-4883-be6f-8c7008a56ba7", "x-misp-object--3ba890fa-43c6-4805-a7ab-2fba74c0ced0", "x-misp-object--c186be47-3752-42e1-89d5-1e5b3d5223de", "indicator--b6346b5e-5482-4314-9d7b-8671c4155bf1", "indicator--d74356f9-39d2-4c30-9711-8ed1a401acd3", "indicator--e668ce8c-af43-4832-89b2-9c08e3f5124c", "indicator--6e1a65fa-acb6-4ea6-a06b-636c428138b5", "indicator--f7e26e48-37f4-45a8-8a1c-2ecc11dec53a", "indicator--d4db8abd-f691-4927-9e28-14ce0ee7d430", "indicator--3d49a49b-5bc6-49be-a0e6-ab3b72ccfe46", "indicator--f898f5e1-93e1-458b-996c-ebc6dba13222", "indicator--89b53bf3-e0c4-4f48-8e25-ff54844fae43", "indicator--1162a78a-804d-4856-82b3-0b77509bcfe7", "indicator--bf5439e4-3e35-44a0-9ff3-129042947aad", "indicator--02af3be3-4a7e-4a84-81eb-83f604a3f0a5", "indicator--dae97fa0-3eb3-4915-82cc-e7e489d64dd1", "indicator--24e6319c-f91c-43b2-a9d3-7b0bfd5a76a7", "indicator--3dac003b-a958-48e2-8a96-6d0fdba7875d", "indicator--c01e648d-7f49-45f7-b7d7-48ce5a507a47", "indicator--ac91f1d9-024c-44e2-8a7c-06172796ea12", "indicator--2ba4112d-7327-4b19-8035-a2e6eb73d573", "indicator--7f430f07-3ff9-4553-b81a-36681949c447", "indicator--6fe2ec22-3ff6-4a79-af8e-30e6a5253e45", "indicator--b14e7307-30f6-49c8-b4fe-0b6735a3a94d", "indicator--3549d1ed-c1c7-4066-a9cc-9d0a86cd8e0a", "indicator--eaa8dc3c-16ef-45eb-add4-3d736d1bd330", "indicator--7e91cd8c-c822-43fe-ac0b-5d137f57bc3a", "indicator--7b59d923-d374-41bc-89b7-e68498bacc72", "indicator--4b9fdc52-1ce3-45d7-85cc-60215eb30f0c", "indicator--fa63b93f-2201-4f6c-8341-4a86980805b3", "indicator--c73504a4-60da-4107-adef-c10a0f52266b", "indicator--edbac896-cf24-4628-9064-7bac3c8e8d58", "indicator--d91eacd1-efda-4eaf-ae5a-f815869b10dd", "indicator--a1a25873-3445-4873-8b6b-7dca2e15615a", "indicator--9aa33ad7-9f08-4774-b109-cedaed81cd60", "indicator--dc691061-1ee8-46b1-b3ef-488f082e45c8", "indicator--8d31887c-d4a7-4e7f-899c-df1d3a41e15f", "indicator--febd2cf8-35c9-49d2-9963-21b43acb6f04", "indicator--f63b62d9-f5f1-4c51-9488-139d016e7660", "relationship--fda6f5a2-8bb2-483c-a116-a85e4af5a63c", "relationship--8c11cd12-6c58-48f9-9507-cdc20ec4808b", "relationship--698b9ceb-35b8-42cf-9ff0-2609135d8e4d", "relationship--47456290-8048-4f4f-8e61-d2f1cdc4352d", "relationship--3be46b31-0f69-4697-8a2a-4c0eeabbe276", "relationship--a5f6984a-455b-4b3f-88c0-fa261a2a5a99", "relationship--7ee3ed03-c55a-4876-83fd-bcb4dfef5f0d", "relationship--c20ead58-c00a-4a20-a12d-f48037f6ff15", "relationship--febebabb-5110-4905-86ce-2d648f99cb14", "relationship--b4fb6776-1cf4-42ad-b133-4760551469cc", "relationship--651589c3-8f49-40d3-b56a-b248b42885fc", "relationship--6b7f6e62-f6dd-4ae5-b9fc-b894fea0fc0e", "relationship--36226550-fccd-4fec-b338-54f706df5ef1", "relationship--8c6dd630-7dd1-46f7-a6c5-a793600b6d9e", "relationship--e82243d7-eaa6-4b0d-b35b-0e9c317c57d4", "relationship--4c8b82ff-6089-4de2-84f0-3b560c0a7e39", "relationship--352f73c0-c34d-41c2-82e7-dfc48726c068", "relationship--cd8c80c3-0cfb-49a4-9182-a43caeef1055", "relationship--878ba33b-1b27-4ad0-88fb-4da7f1bed61b", "relationship--e1916cea-2bbc-4ea3-871d-a74bbdeeb186", "relationship--6d6260c4-ddbc-47f4-a506-37a21c70d6a0" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:malpedia=\"Ryuk\"", "misp-galaxy:ransomware=\"LockerGoga\"", "misp-galaxy:ransomware=\"Ryuk ransomware\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike\"", "misp-galaxy:mitre-tool=\"Cobalt Strike\"", "misp-galaxy:rat=\"Cobalt Strike\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c9c7c27-f578-43fb-8950-f682950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-05T06:33:52.000Z", "modified": "2019-04-05T06:33:52.000Z", "first_observed": "2019-04-05T06:33:52Z", "last_observed": "2019-04-05T06:33:52Z", "number_observed": 1, "object_refs": [ "url--5c9c7c27-f578-43fb-8950-f682950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c9c7c27-f578-43fb-8950-f682950d210f", "value": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2019-ACT-005/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c9c80a8-de8c-4737-92ae-4250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T08:07:20.000Z", "modified": "2019-03-28T08:07:20.000Z", "first_observed": "2019-03-28T08:07:20Z", "last_observed": "2019-03-28T08:07:20Z", "number_observed": 1, "object_refs": [ "url--5c9c80a8-de8c-4737-92ae-4250950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"technical-report\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c9c80a8-de8c-4737-92ae-4250950d210f", "value": "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-005.pdf" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9c9c28-b844-44bf-91d9-45c5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T10:04:24.000Z", "modified": "2019-03-28T10:04:24.000Z", "pattern": "[email-message:from_ref.value = 'cottleakela@protonmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T10:04:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9c9c28-2aa0-4318-b516-44f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T10:04:24.000Z", "modified": "2019-03-28T10:04:24.000Z", "pattern": "[email-message:from_ref.value = 'qyavauzehyco1994@o2.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T10:04:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5c9ca433-92e0-4c95-a054-4528950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T10:38:43.000Z", "modified": "2019-03-28T10:38:43.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Artifacts dropped\"" ], "x_misp_category": "Artifacts dropped", "x_misp_comment": "Ransomnote", "x_misp_type": "text", "x_misp_value": "Greetings!There was a significant flaw in the security system of your company.\r\nYou should be thankful that the flaw was exploited by serious people and not some rookies.\r\nThey would have damaged all of your data by mistake or for fun.\r\n\r\nYour files are encrypted with the strongest military algorithms RSA4096 and AES-256.\r\nWithout our special decoder it is impossible to restore the data.\r\nAttempts to restore your data with third party software as Photorec, RannohDecryptor etc.\r\nwill lead to irreversible destruction of your data.\r\n\r\nTo confirm our honest intentions.\r\nSend us 2-3 different random files and you will get them decrypted.\r\nIt can be from different computers on your network to be sure that our decoder decrypts everything.\r\nSample files we unlock for free (files should not be related to any kind of backups).\r\n\r\nWe exclusively have decryption software for your situation\r\n\r\nDO NOT RESET OR SHUTDOWN - files may be damaged.\r\nDO NOT RENAME the encrypted files.\r\nDO NOT MOVE the encrypted files.\r\nThis may lead to the impossibility of recovery of the certain files.\r\n\r\nTo get information on the price of the decoder contact us at:\r\nCottleAkela@protonmail.com;QyavauZehyco1994@o2.pl\r\nThe payment has to be made in Bitcoins.\r\nThe final price depends on how fast you contact us.\r\nAs soon as we receive the payment you will get the decryption tool and\r\ninstructions on how to improve your systems security" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdbca-78dc-499a-86a2-4d6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:35:54.000Z", "modified": "2019-03-28T14:35:54.000Z", "pattern": "[email-message:from_ref.value = 'abbschevis@protonmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:35:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdbca-0e04-42d7-ab25-4e14950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:35:54.000Z", "modified": "2019-03-28T14:35:54.000Z", "pattern": "[email-message:from_ref.value = 'ijuqodisunovib98@o2.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:35:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdcc4-d2dc-4f8c-8947-43c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:40:04.000Z", "modified": "2019-03-28T14:40:04.000Z", "pattern": "[domain-name:value = 'protonmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:40:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdcc7-8654-45c7-b3b1-440b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:40:07.000Z", "modified": "2019-03-28T14:40:07.000Z", "pattern": "[domain-name:value = 'o2.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:40:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdccf-0b50-4881-8bfe-4b34950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:40:15.000Z", "modified": "2019-03-28T14:40:15.000Z", "pattern": "[email-message:from_ref.value = 'romanchukeyla@protonmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:40:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdcd0-3b78-4d12-b3c2-42ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:40:16.000Z", "modified": "2019-03-28T14:40:16.000Z", "pattern": "[email-message:from_ref.value = 'couwetizotofo@o2.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:40:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdcd0-2d68-4958-8ea1-4cc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:40:16.000Z", "modified": "2019-03-28T14:40:16.000Z", "pattern": "[email-message:from_ref.value = 'phanthavongsaneveyah@protonmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:40:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdcd0-4e7c-4567-a324-4a7d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:40:16.000Z", "modified": "2019-03-28T14:40:16.000Z", "pattern": "[email-message:from_ref.value = 'aperywsqaroci@o2.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:40:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5c9e39dc-a38c-422e-903f-4831950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-29T15:29:32.000Z", "modified": "2019-03-29T15:29:32.000Z", "labels": [ "misp:type=\"pattern-in-file\"", "misp:category=\"Artifacts dropped\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pattern-in-file", "x_misp_value": "javobohisabi yohoxucojanukazahaviwexepeniwa negikicudosoyihuruyadeyafipihaja\r\nTelawefibudi wuzahibe liga. Caku jakacoza zususezebonuli setusidafohi. Xekaho tiyiwifuvu damonixuxaho togubo\r\nxisLadoxuna pibifuzida. Goso sepudahemeli bu zevahilipezipa xurotocomupe. Kofe ridimarijoyane. Yeve.\r\nTuwipufebedopi yocomujiyezejo su su. Timevumavizase hapezo fogiju. Xonucosegogi li. Bobixayogaci. Kuyi. Leto\r\nzoyihebezobu wu ciwu. Docadufe ro judewocekodiki" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-0aa4-479e-80c5-457a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:10:25.000Z", "modified": "2019-04-01T09:10:25.000Z", "description": "C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.136.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:10:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-97c8-4a64-aec2-46f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T06:40:41.000Z", "modified": "2019-04-01T06:40:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.0.0/16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T06:40:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-b02c-43ad-afbd-4f69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:11:07.000Z", "modified": "2019-04-01T09:11:07.000Z", "description": "C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.202.174.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:11:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-01f8-4c66-b7a6-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T06:40:41.000Z", "modified": "2019-04-01T06:40:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.202.174.0/24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T06:40:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-6478-47f0-a5cd-4e8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:11:00.000Z", "modified": "2019-04-01T09:11:00.000Z", "description": "C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.202.174.86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:11:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-9670-48a3-8bbe-4639950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T06:40:41.000Z", "modified": "2019-04-01T06:40:41.000Z", "pattern": "[url:value = 'https://pastebin.com/raw/7Qmz6q5v']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T06:40:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-f7fc-4efd-9e26-4955950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:11:03.000Z", "modified": "2019-04-01T09:11:03.000Z", "description": "C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.115.26.171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:11:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b269-eb04-4df7-8a0b-41d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T06:40:41.000Z", "modified": "2019-04-01T06:40:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.115.26.0/24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T06:40:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1ce9d-cd4c-46b6-9a6a-3ff6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T08:41:01.000Z", "modified": "2019-04-01T08:41:01.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.126.85.207']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T08:41:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1ce9d-b568-4caf-bdff-3ff6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T08:41:01.000Z", "modified": "2019-04-01T08:41:01.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.126.85.0/24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T08:41:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-4e80-4388-9890-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.238.0.217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-e228-4161-9aa7-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.105.158']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-f2a0-4fca-a92a-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.105.43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-69b8-4968-9f67-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-1654-4bf2-b765-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-3414-41ec-9f72-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.192.108.122']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-8b64-4abe-87e7-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.192.108.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-121c-4714-aa3e-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.186']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-a8d8-46e0-aa54-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-6ed8-400b-b4fa-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-d90c-47f7-94c8-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.185']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cb-27c4-4c61-a7ef-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:27.000Z", "modified": "2019-04-01T09:24:27.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.184.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-5548-451c-9747-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.184.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-c67c-4701-8470-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-a450-4ef1-a1bb-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-f1c0-4dfc-85f9-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-5104-424c-bb78-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-2b0c-4ab6-9304-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-dc90-45a2-a6bf-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-fb50-48bc-8dbb-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-c190-4f11-9122-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-c2f0-469e-8883-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-0cd4-4431-a10f-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-6270-48ed-af05-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-dedc-4b55-ab68-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.70.187.92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-3284-4bbd-a95a-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-589c-4067-adcd-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-ac04-4efc-a767-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-4df0-408a-8b83-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.44.84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-f428-494a-86ac-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.45.251']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-2d24-4de1-8232-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.207.45.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-c530-4ce4-9202-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.172']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-5c10-4070-aebe-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.183']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-55a0-4f8a-baf7-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.184']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-84f4-476c-8619-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1d8cc-4490-4918-ac84-d6af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:24:28.000Z", "modified": "2019-04-01T09:24:28.000Z", "description": "IP of server administration", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.188']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:24:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-87c0-4e54-891a-4dba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '5286a5ed1288e7c54f1ca04d097f17c1d6aea32b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-c73c-48e1-91c2-4875950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '6dc00843f313690075612ee5ce770cae067cd37f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-a4c8-4094-be2e-4276950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = 'ee4c9567c9a072e1d8ed8a78cb06d6ce1a81dd11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-df5c-42e5-95c1-43ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '2200eb3303e448a52404128458e87f3248d4612c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-2f08-4f8b-a82a-4d65950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.219.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-08fc-4585-83d4-47c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = 'f0e07b689caa5c7b3767bb3b4cfe4cba2aecb5f8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-1960-4f42-89e3-4a5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = 'cc9aa7e71ce04b893bcdf49a1da2f0e20e45faf2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-5a98-4ee3-afa7-48c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '840963454567b38a5f1d1df7cd202629804e4c61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-9dc4-4403-aaaa-406e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.58.204.177']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-1610-4df6-9bd7-4a89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = 'dc8f3c31906c01d077c614809bb1195af2393dc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-0ebc-43d4-b476-48ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '02faf3e291435468607857694df5e45b68851868']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-aa0c-48ab-ac8e-4840950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '28a4481f8138c889367f9112ef48e4f17fb69944']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-fed8-4893-b9c4-4dc7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '339cdd57cfd5b141169b615ff31428782d1da639']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-e1c8-4d0d-8458-41eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = 'f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-72d0-49db-8909-4523950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '3712786dd9d1d8ac7db60ba2f989280c7257a3a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-7dfc-43c5-864b-494c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '736a4dc679d682da321563647c60f699f0dfc268']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-4b0c-4376-89e9-4075950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = 'b1bc968bd4f49d622aa89a81f2150152a41d829c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e082-c614-431c-b553-4eff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T09:57:22.000Z", "modified": "2019-04-01T09:57:22.000Z", "pattern": "[file:hashes.SHA1 = '15abccaae3920046f55293e25f5f931a6581e00f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T09:57:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e719-4834-41f6-be6d-4586950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:29.000Z", "modified": "2019-04-01T10:25:29.000Z", "pattern": "[domain-name:value = 'scourketchupfries.cn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e719-db18-46a6-9d1c-4acc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:29.000Z", "modified": "2019-04-01T10:25:29.000Z", "pattern": "[file:name = 'vds58339.localdomain']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e719-819c-451a-9977-400e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:29.000Z", "modified": "2019-04-01T10:25:29.000Z", "pattern": "[email-message:from_ref.value = 'root@vds58339.localdomain']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e719-ffe4-4586-9f65-4c75950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:29.000Z", "modified": "2019-04-01T10:25:29.000Z", "pattern": "[file:name = 'localhost.localdomain']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e719-0af8-451f-9ab5-4828950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:29.000Z", "modified": "2019-04-01T10:25:29.000Z", "pattern": "[email-message:from_ref.value = 'root@localhost.localdomain']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e71a-e47c-45fa-95f8-4ebc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:30.000Z", "modified": "2019-04-01T10:25:30.000Z", "pattern": "[domain-name:value = 'www.csgolite.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e71a-eb68-4e2f-afb1-405c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:30.000Z", "modified": "2019-04-01T10:25:30.000Z", "pattern": "[domain-name:value = 'tcp.csgolite.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1e71a-4378-412c-acbe-499f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T10:25:30.000Z", "modified": "2019-04-01T10:25:30.000Z", "pattern": "[domain-name:value = 'bendermoney.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T10:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca21226-bc58-47e2-bc18-4c09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T13:29:10.000Z", "modified": "2019-04-01T13:29:10.000Z", "pattern": "[url:value = 'https://pastebin.com/raw/wdcq0Tda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T13:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca21226-ff2c-4002-91db-40b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T13:29:10.000Z", "modified": "2019-04-01T13:29:10.000Z", "pattern": "[url:value = 'https://pastebin.com/raw/9ditgTZh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T13:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca21226-c4bc-43b0-b0da-40a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-01T13:29:10.000Z", "modified": "2019-04-01T13:29:10.000Z", "pattern": "[url:value = 'https://pastebin.com/Mzd1HFrN']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-01T13:29:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca61559-4fd4-4df0-976e-43ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:31:53.000Z", "modified": "2019-04-04T14:31:53.000Z", "pattern": "[file:hashes.IMPHASH = 'c226ac4bab6f48634bacbb7a1d34f8f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:31:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:46.000Z", "modified": "2019-04-04T11:02:46.000Z", "pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9c882a-a40c-46db-a3f5-f383950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T08:39:06.000Z", "modified": "2019-03-28T08:39:06.000Z", "pattern": "[file:name = 'README-NOW.txt' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T08:39:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cb1a2-817c-414b-b7be-43cd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:46.000Z", "modified": "2019-04-04T11:02:46.000Z", "pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cb1c2-6f04-4808-99d0-4d8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:46.000Z", "modified": "2019-04-04T11:02:46.000Z", "pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cb1dc-7ee8-4a94-adef-41cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:46.000Z", "modified": "2019-04-04T11:02:46.000Z", "pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cb2c5-c444-4380-9cd7-4c8a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:46.000Z", "modified": "2019-04-04T11:02:46.000Z", "pattern": "[file:hashes.MD5 = 'a5bc1f94e7505a2e73c866551f7996f9' AND file:hashes.SHA1 = '7dea7ff735023418b902d093964028aefbc486a5' AND file:hashes.SHA256 = '14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdbf4-ea34-4d13-90a4-4ce6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdc5e-12f4-4dfc-9918-4108950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = 'b3d3da12ca3b9efd042953caa6c3b8cd' AND file:hashes.SHA1 = '34fb03a35e723d27e99776ed3e81967229b3afe1' AND file:hashes.SHA256 = '7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdc7d-4d18-4cc8-b36e-4c83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = 'faf4de4e1c5d8e4241088c90cfe8eddd' AND file:hashes.SHA1 = 'fcd241fdcd462199f2907ca34c73ce9c89b03e5f' AND file:hashes.SHA256 = '47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9cdeef-4adc-461d-9b72-4062950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-28T14:49:19.000Z", "modified": "2019-03-28T14:49:19.000Z", "pattern": "[file:name = 'READ-ME-NOW.txt' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:parent_directory_ref.path = 'E:\\\\goga\\\\' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-28T14:49:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9e3862-4960-4ec0-a6fc-4f4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = '174e3d9c7b0380dd7576187c715c4681' AND file:hashes.SHA1 = '31fbfe814628db3b459ddc87bf5ed538700db17a' AND file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9e3895-b9dc-4d74-baa0-4e3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = 'a52f26575556d3c4eccd3b51265cb4e6' AND file:hashes.SHA1 = '61fdebb3c9dfa880b54e82579256acfcd4d6d406' AND file:hashes.SHA256 = '97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9e38d2-e5ac-42e6-8787-4c7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = 'ba53d8910ec3e46864c3c86ebd628796' AND file:hashes.SHA1 = 'd1c2dfedc602f5d5f2036b0ba5541cac8f8b4b95' AND file:hashes.SHA256 = 'a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9e3b43-3128-4838-8d63-4a69950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = '871aa15f4d61c85e1284e1be3f99f705' AND file:hashes.SHA1 = '236eac0b19f91117b27f1b198a4d8490d99ec2e5' AND file:hashes.SHA256 = 'b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9e3bc2-5a24-4d69-a335-4793950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = '34187a34d0a3c5d63016c26346371b54' AND file:hashes.SHA1 = 'ce8209ff9828aa8cb095bd7d1589fc4d394c298c' AND file:hashes.SHA256 = '5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3' AND file:name = 'kill.bat' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1b7ca-7424-4d99-8c46-4095950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = '644087ccca16d2a728ef7685a4106f09' AND file:hashes.SHA1 = 'eabd6974ac71efd72d9e0688d5a6131f336d169c' AND file:hashes.SHA256 = '385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e' AND file:name = 'cob93.exe' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca1ce80-3410-445c-9a8c-20d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = '7b792de1468a70cfe990b65034d5f3ac' AND file:hashes.SHA1 = '320f1fc66054e98681fd291415ff17b2e1a71b61' AND file:hashes.SHA256 = 'a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b' AND file:name = 'test.bat' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5e3be-9cc4-4a68-939e-bac6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:00:14.000Z", "modified": "2019-04-04T11:00:14.000Z", "pattern": "[file:hashes.MD5 = '06457b317d5624590803a77d3770bff2' AND file:name = 'AD.zip' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:size = '472243' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9ccc29b-21e0-4670-bd40-9ddb5e77097a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:47.000Z", "modified": "2019-04-04T11:02:47.000Z", "pattern": "[file:hashes.MD5 = 'ecf535c505b7752b0af188a915a23786' AND file:hashes.SHA1 = '736a4dc679d682da321563647c60f699f0dfc268' AND file:hashes.SHA256 = 'bfdf4cf3f143ad0db912d8ab3a7c12f617b9ea60ce8b1f4e44f74270fb21b19b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--35c21dc1-1c39-413c-946a-f8bb9b26b6f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-12-05 00:08:31", "category": "Other", "uuid": "a3fa831d-a38e-413e-bb19-1910b97fec2a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bfdf4cf3f143ad0db912d8ab3a7c12f617b9ea60ce8b1f4e44f74270fb21b19b/analysis/1543968511/", "category": "Payload delivery", "uuid": "7ad826d7-4477-4290-9dd7-a0d29a060c1f" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/58", "category": "Payload delivery", "uuid": "f0291f05-fdde-4969-8684-db393699dea4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "pattern": "[file:hashes.MD5 = '83e10465b722ef33ff0b6f535e8d996b' AND file:hashes.SHA1 = '339cdd57cfd5b141169b615ff31428782d1da639' AND file:hashes.SHA256 = '02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5108ef6e-6e11-42eb-b04b-c98a3baf0989", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-03 11:56:47", "category": "Other", "uuid": "f59d8322-50b5-4d3b-a2e4-eb219bcf694b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0/analysis/1554292607/", "category": "Payload delivery", "uuid": "270cedd4-baf8-4281-b6fc-0f949fc211ca" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/58", "category": "Payload delivery", "uuid": "ebb52bad-6f2a-4b1b-a485-43be41a61f93" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f267dc71-bbf0-4cc5-9b5b-3fa211e28a18", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "pattern": "[file:hashes.MD5 = '1d3554048578b03f42424dbf20730a3f' AND file:hashes.SHA1 = '02faf3e291435468607857694df5e45b68851868' AND file:hashes.SHA256 = '687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f0ef8684-416a-4769-ad67-0b01c27351f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-30 09:28:42", "category": "Other", "uuid": "3576524b-3254-41ac-ac75-478ebe162909" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2/analysis/1553938122/", "category": "Payload delivery", "uuid": "f5c8e926-2ac1-49ef-8bb4-6f237baaf112" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/58", "category": "Payload delivery", "uuid": "458c15ba-a1ca-4e47-8901-0500a4203afc" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aea6e39a-79e2-459d-bcc5-4a1ea6a2a033", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "pattern": "[file:hashes.MD5 = '1edaf9ae99ce2920667d0e9a8b3f8c9c' AND file:hashes.SHA1 = 'f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0' AND file:hashes.SHA256 = '4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9d450a87-d02c-4ca7-8e63-51de5717eac9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-20 15:20:14", "category": "Other", "uuid": "615d556b-f37c-400f-88e2-020eb673be6d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da/analysis/1553095214/", "category": "Payload delivery", "uuid": "3b2c4cbb-41d9-4954-b0dd-4b6a52b87303" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/54", "category": "Payload delivery", "uuid": "8d33693b-a8e3-4c60-9df0-6bb18c7686e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1a98fae-2b40-4d36-bd5c-5b601c2ca216", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:48.000Z", "modified": "2019-04-04T11:02:48.000Z", "pattern": "[file:hashes.MD5 = '3e455215095192e1b75d379fb187298a' AND file:hashes.SHA1 = 'b1bc968bd4f49d622aa89a81f2150152a41d829c' AND file:hashes.SHA256 = 'ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T11:02:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e3d0d58a-ba39-4023-9f87-abc23fee99ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-28 21:20:19", "category": "Other", "uuid": "a5771217-664e-468a-b883-963967688281" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99/analysis/1551388819/", "category": "Payload delivery", "uuid": "5c9d5e47-d971-4bd4-a0e2-55df09eb31f0" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/54", "category": "Payload delivery", "uuid": "9b3526d2-e054-419d-b3f6-b36588aa00fb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--83d90e56-d8fd-4fb2-bb57-580a66a57ee2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:10:19", "category": "Other", "uuid": "c221b793-ca91-4ea5-9ba9-3a08b8d153b0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1554361819/", "category": "Payload delivery", "uuid": "e62b032c-b748-43cf-9663-7bf43b7c811e" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "uuid": "0903cfac-7124-4138-b7ca-350ccf89ef78" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--15d2637f-5587-422e-9c0d-b5765db3b370", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-03 10:15:05", "category": "Other", "uuid": "95dd2a05-d5e2-4ca5-9b63-950965df87d7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b/analysis/1554286505/", "category": "Payload delivery", "uuid": "92fa1fda-791f-4245-b42c-bf14fc0fb1d5" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/58", "category": "Payload delivery", "uuid": "9e9cd2ac-2699-4da9-befb-53651ad2aaa6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--62d88faa-c81c-4ee2-a031-950e7b8e74eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-03 10:14:59", "category": "Other", "uuid": "8a4b82c6-9892-4c00-9855-b521648e574a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4/analysis/1554286499/", "category": "Payload delivery", "uuid": "c8a542e8-a2cb-4cf9-a070-d0b25ee49519" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/71", "category": "Payload delivery", "uuid": "9263cb76-ef44-45ae-972c-fe3b90a4b2ff" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--655b355a-d27a-47e7-953c-e518814e77d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 06:54:10", "category": "Other", "uuid": "5871b620-bb9b-4dc1-ac8f-2f1c4e0840fd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e/analysis/1554360850/", "category": "Payload delivery", "uuid": "1e73fc65-f7ce-4262-8463-0f80f93da9ae" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "uuid": "796a7fb7-65cf-4b5f-85a8-0a097520d3cb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:24:59", "category": "Other", "uuid": "112fad1f-774e-4b50-8947-9657406c3627" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca/analysis/1554362699/", "category": "Payload delivery", "uuid": "8b0c280c-7c10-4b30-9fd0-4c073c4ea048" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/71", "category": "Payload delivery", "uuid": "b138d431-1a16-4779-813e-b149a3421b4b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dff728c7-5c19-4f03-86c3-da8de2fb5fe9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:49.000Z", "modified": "2019-04-04T11:02:49.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 06:59:47", "category": "Other", "uuid": "96719cd4-a3be-42f9-9edd-7551a3d10efa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3/analysis/1554361187/", "category": "Payload delivery", "uuid": "7f6155ce-dd15-474a-9b1e-b183b029e656" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/57", "category": "Payload delivery", "uuid": "33b779b8-ad32-4a69-8bbd-9fe21046e36b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5e8bc41a-f1de-4db9-99ce-f8e2d360a71e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-01 16:37:44", "category": "Other", "uuid": "7d9c017b-8edd-49dd-ac87-83ede8411029" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1554136664/", "category": "Payload delivery", "uuid": "e9bd4bc8-d8ec-4185-90ed-7e5786a6bce9" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/71", "category": "Payload delivery", "uuid": "83263b7e-8059-46d2-8b99-5b0b43a37e90" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--90999cf4-f049-48cc-b058-7218d5e66a87", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:05:59", "category": "Other", "uuid": "4553a71a-776c-4461-8a66-c7cd64e44318" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1554361559/", "category": "Payload delivery", "uuid": "da933654-16fb-498a-8640-44e69146f078" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/61", "category": "Payload delivery", "uuid": "a03d25eb-08d2-4ff8-87b8-e8f2c98eb179" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6ec3241c-a53a-4b24-ad19-b37fe1926ca3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-02 23:51:08", "category": "Other", "uuid": "b5672881-9c3c-44f9-8db2-298d466a4dd9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43/analysis/1554249068/", "category": "Payload delivery", "uuid": "ed5167e6-ce8b-4816-888d-18b7cf9a9b4f" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/72", "category": "Payload delivery", "uuid": "a4480342-e0bc-4292-bd67-5bcbe6369375" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0bc1a3db-aa59-4e3e-962c-0141a9507044", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-02 23:53:36", "category": "Other", "uuid": "19057350-70ca-4b61-bf3a-ccfe54f0490a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a/analysis/1554249216/", "category": "Payload delivery", "uuid": "021bca0d-21c1-4af3-ad1d-9ede46c96d73" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "uuid": "1d711364-ad24-4f60-a406-579fc420984f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c4efd0bd-ca37-4e9a-9669-b284391231d0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:16:09", "category": "Other", "uuid": "a3ef3a8c-2c5b-469a-ba3a-232ea3d646b4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1554362169/", "category": "Payload delivery", "uuid": "3431a2b3-15e0-4e7b-81e8-3a8a4467c58a" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/70", "category": "Payload delivery", "uuid": "2fd75f6e-a29d-4193-83af-07e23cc7565e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--91238841-2e89-4fd8-a8e8-eda64827b73d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-03 17:13:07", "category": "Other", "uuid": "101cf662-c46e-4335-8eef-189b488e4a31" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262/analysis/1554311587/", "category": "Payload delivery", "uuid": "15db5590-265b-4922-b1fd-352d2725bebc" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/66", "category": "Payload delivery", "uuid": "93ca72df-1be0-455f-a1cd-cf769e550da5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4a8c1dc6-773d-4883-be6f-8c7008a56ba7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:50.000Z", "modified": "2019-04-04T11:02:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:26:59", "category": "Other", "uuid": "0023fe73-0980-46e0-9556-46bbfe5fdec4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125/analysis/1554362819/", "category": "Payload delivery", "uuid": "383e14be-cdda-4969-99ae-3adae2fa7b7f" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Payload delivery", "uuid": "ab2852d7-9aae-4a0f-aa4b-549583563ce7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3ba890fa-43c6-4805-a7ab-2fba74c0ced0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:21:45", "category": "Other", "uuid": "d4aea7f7-e340-4e76-89c1-2546884db901" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1554362505/", "category": "Payload delivery", "uuid": "bcc766b7-352e-4241-b3ba-4dab52c02065" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "uuid": "401b939c-ce2c-426b-9505-0554136fa85c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c186be47-3752-42e1-89d5-1e5b3d5223de", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04 07:20:30", "category": "Other", "uuid": "29971556-1f8f-491a-bc22-607f26e0cdcf" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1554362430/", "category": "Payload delivery", "uuid": "088b3a1d-f7d5-4bf0-9998-7fa00b4d1177" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/71", "category": "Payload delivery", "uuid": "de0d2c55-e16b-426a-95ef-f04995cada4f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6346b5e-5482-4314-9d7b-8671c4155bf1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:08:41.000Z", "modified": "2019-04-04T14:08:41.000Z", "pattern": "[file:hashes.SHA1 = '2a030cc6d84d5785f5e84d0f5888a411d4b06d01' AND file:name = 'soft.exe' AND file:size = '45568']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:08:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d74356f9-39d2-4c30-9711-8ed1a401acd3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:42.000Z", "modified": "2019-04-04T14:11:42.000Z", "pattern": "[file:hashes.SHA1 = '2abae839362edfe52d9ebe282fb61113d22b331f' AND file:name = 'sttager.exe' AND file:size = '20480']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e668ce8c-af43-4832-89b2-9c08e3f5124c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:42.000Z", "modified": "2019-04-04T14:11:42.000Z", "pattern": "[file:hashes.SHA1 = '6995a32e0a4d4f6d0c9b2a00a96d69bff4b83ea7' AND file:name = 'test443.exe' AND file:size = '373911']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e1a65fa-acb6-4ea6-a06b-636c428138b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:43.000Z", "modified": "2019-04-04T14:11:43.000Z", "pattern": "[file:hashes.SHA1 = '87b1f17fbb4a1e8eef4cb31c1c0194b1426c868c' AND file:name = 'veil.exe' AND file:size = '345761']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f7e26e48-37f4-45a8-8a1c-2ecc11dec53a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:43.000Z", "modified": "2019-04-04T14:11:43.000Z", "pattern": "[file:hashes.SHA1 = 'afc36916a4df934446681ea28bef6add4decb98a' AND file:name = '80_http.exe.exe' AND file:size = '411850']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4db8abd-f691-4927-9e28-14ce0ee7d430", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:43.000Z", "modified": "2019-04-04T14:11:43.000Z", "pattern": "[file:hashes.SHA1 = 'f832d94391a8d2d5cf92773e6c912905ec7c40c7' AND file:name = 'test1.exe' AND file:size = '406636']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d49a49b-5bc6-49be-a0e6-ab3b72ccfe46", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:44.000Z", "modified": "2019-04-04T14:11:44.000Z", "pattern": "[file:hashes.SHA1 = '056823c7891a04b2fec8903eb401ae3291743a54' AND file:name = 'beca.exe.exe' AND file:size = '23808']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f898f5e1-93e1-458b-996c-ebc6dba13222", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:44.000Z", "modified": "2019-04-04T14:11:44.000Z", "pattern": "[file:hashes.SHA1 = 'b7afa7acf1b7ded2c4e3d0884b5cdaa230d9f82e' AND file:name = 'shell1.exe' AND file:size = '24576']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89b53bf3-e0c4-4f48-8e25-ff54844fae43", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:45.000Z", "modified": "2019-04-04T14:11:45.000Z", "pattern": "[file:hashes.SHA1 = '4b50b6b9157026ab408d966ece02d1cef8045f82' AND file:name = 'starggge.exe' AND file:size = '27136']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1162a78a-804d-4856-82b3-0b77509bcfe7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:45.000Z", "modified": "2019-04-04T14:11:45.000Z", "pattern": "[file:hashes.SHA1 = '6042dfd50d33da40e383baec4a7ef7c75bf17481' AND file:name = '8_32.exe' AND file:size = '24064']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf5439e4-3e35-44a0-9ff3-129042947aad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:45.000Z", "modified": "2019-04-04T14:11:45.000Z", "pattern": "[file:hashes.SHA1 = '9b50fae63f4d8d402f30c487ca7216f610413642' AND file:name = 'payload.exe' AND file:size = '6144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02af3be3-4a7e-4a84-81eb-83f604a3f0a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:46.000Z", "modified": "2019-04-04T14:11:46.000Z", "pattern": "[file:hashes.SHA1 = '781778f789185889259d2a8dec981e80098fa490' AND file:name = '443_12.exe' AND file:size = '28904']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dae97fa0-3eb3-4915-82cc-e7e489d64dd1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:46.000Z", "modified": "2019-04-04T14:11:46.000Z", "pattern": "[file:hashes.SHA1 = '153d37f0f0660734a1e05cb67721c4ceff54919f' AND file:name = 'test.exe' AND file:size = '370807']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--24e6319c-f91c-43b2-a9d3-7b0bfd5a76a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:47.000Z", "modified": "2019-04-04T14:11:47.000Z", "pattern": "[file:hashes.SHA1 = '2d038fcd5987b2e7008b2e269b0a9ff968063ee8' AND file:name = 'test_1.exe' AND file:size = '601039']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3dac003b-a958-48e2-8a96-6d0fdba7875d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:47.000Z", "modified": "2019-04-04T14:11:47.000Z", "pattern": "[file:hashes.SHA1 = '9d2148cd22c245fc3ba7861a560d223f72f34414' AND file:name = 'synack_network_noinject_x86.ps1' AND file:size = '302611']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c01e648d-7f49-45f7-b7d7-48ce5a507a47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:48.000Z", "modified": "2019-04-04T14:11:48.000Z", "pattern": "[file:hashes.SHA1 = 'c8207144f89c9d775ff5565888dbbc8167e09330' AND file:name = 'synack_network_noinject_x64.ps1' AND file:size = '390311']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ac91f1d9-024c-44e2-8a7c-06172796ea12", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:49.000Z", "modified": "2019-04-04T14:11:49.000Z", "pattern": "[file:hashes.SHA1 = '5131a7a011041e88b32a2a98e5170c42d5c57250' AND file:name = 'synack_network_x64.ps1' AND file:size = '423995']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2ba4112d-7327-4b19-8035-a2e6eb73d573", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:50.000Z", "modified": "2019-04-04T14:11:50.000Z", "pattern": "[file:hashes.SHA1 = 'e925c3ba15f007363ad32b84df7da9b299b9b100' AND file:name = 'synack_x64.ps1' AND file:size = '423995']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7f430f07-3ff9-4553-b81a-36681949c447", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:51.000Z", "modified": "2019-04-04T14:11:51.000Z", "pattern": "[file:hashes.SHA1 = '481b18bcbd9d32c5363bb56ab212d57d78497c05' AND file:name = 'synack_network_x86.ps1' AND file:size = '327187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fe2ec22-3ff6-4a79-af8e-30e6a5253e45", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:51.000Z", "modified": "2019-04-04T14:11:51.000Z", "pattern": "[file:hashes.SHA1 = '2bcfd0679726f0110545b47b4512a8a4ddcb830f' AND file:name = 'synack_x86.ps1' AND file:size = '327187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b14e7307-30f6-49c8-b4fe-0b6735a3a94d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:52.000Z", "modified": "2019-04-04T14:11:52.000Z", "pattern": "[file:hashes.SHA1 = 'eaefb5e9ea2e0d301ee594e6358ea136442cd075' AND file:name = 'test.exe' AND file:size = '529477']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3549d1ed-c1c7-4066-a9cc-9d0a86cd8e0a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:52.000Z", "modified": "2019-04-04T14:11:52.000Z", "pattern": "[file:hashes.SHA1 = '237b19af7c867b21f46793dd7257dff2f3be1513' AND file:name = 'encryptor.zip' AND file:size = '18211']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eaa8dc3c-16ef-45eb-add4-3d736d1bd330", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:52.000Z", "modified": "2019-04-04T14:11:52.000Z", "pattern": "[file:hashes.SHA1 = 'f5619064f2d8aebfdba0fc3f566cb60f599f9f6e' AND file:name = 'encryptor.exe' AND file:size = '29696']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e91cd8c-c822-43fe-ac0b-5d137f57bc3a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:11:53.000Z", "modified": "2019-04-04T14:11:53.000Z", "pattern": "[file:hashes.SHA1 = '399d4d5ab0bdbe0b1a61bac007d56adff005486d' AND file:name = 'tung2901_AU3_EXE_6cr22.rar' AND file:size = '277412']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:11:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b59d923-d374-41bc-89b7-e68498bacc72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:34.000Z", "modified": "2019-04-04T14:19:34.000Z", "pattern": "[file:hashes.MD5 = '644087ccca16d2a728ef7685a4106f09' AND file:hashes.SHA1 = 'eabd6974ac71efd72d9e0688d5a6131f336d169c' AND file:hashes.SHA256 = '385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4b9fdc52-1ce3-45d7-85cc-60215eb30f0c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:34.000Z", "modified": "2019-04-04T14:19:34.000Z", "pattern": "[file:hashes.MD5 = '34187a34d0a3c5d63016c26346371b54' AND file:hashes.SHA1 = 'ce8209ff9828aa8cb095bd7d1589fc4d394c298c' AND file:hashes.SHA256 = '5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa63b93f-2201-4f6c-8341-4a86980805b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:35.000Z", "modified": "2019-04-04T14:19:35.000Z", "pattern": "[file:hashes.MD5 = '871aa15f4d61c85e1284e1be3f99f705' AND file:hashes.SHA1 = '236eac0b19f91117b27f1b198a4d8490d99ec2e5' AND file:hashes.SHA256 = 'b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c73504a4-60da-4107-adef-c10a0f52266b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:35.000Z", "modified": "2019-04-04T14:19:35.000Z", "pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--edbac896-cf24-4628-9064-7bac3c8e8d58", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:36.000Z", "modified": "2019-04-04T14:19:36.000Z", "pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d91eacd1-efda-4eaf-ae5a-f815869b10dd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:36.000Z", "modified": "2019-04-04T14:19:36.000Z", "pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1a25873-3445-4873-8b6b-7dca2e15615a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:36.000Z", "modified": "2019-04-04T14:19:36.000Z", "pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9aa33ad7-9f08-4774-b109-cedaed81cd60", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:37.000Z", "modified": "2019-04-04T14:19:37.000Z", "pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc691061-1ee8-46b1-b3ef-488f082e45c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:38.000Z", "modified": "2019-04-04T14:19:38.000Z", "pattern": "[file:hashes.MD5 = 'a5bc1f94e7505a2e73c866551f7996f9' AND file:hashes.SHA1 = '7dea7ff735023418b902d093964028aefbc486a5' AND file:hashes.SHA256 = '14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d31887c-d4a7-4e7f-899c-df1d3a41e15f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:38.000Z", "modified": "2019-04-04T14:19:38.000Z", "pattern": "[file:hashes.MD5 = 'b3d3da12ca3b9efd042953caa6c3b8cd' AND file:hashes.SHA1 = '34fb03a35e723d27e99776ed3e81967229b3afe1' AND file:hashes.SHA256 = '7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--febd2cf8-35c9-49d2-9963-21b43acb6f04", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:39.000Z", "modified": "2019-04-04T14:19:39.000Z", "pattern": "[file:hashes.MD5 = 'faf4de4e1c5d8e4241088c90cfe8eddd' AND file:hashes.SHA1 = 'fcd241fdcd462199f2907ca34c73ce9c89b03e5f' AND file:hashes.SHA256 = '47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f63b62d9-f5f1-4c51-9488-139d016e7660", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T14:19:39.000Z", "modified": "2019-04-04T14:19:39.000Z", "pattern": "[file:hashes.MD5 = '7b792de1468a70cfe990b65034d5f3ac' AND file:hashes.SHA1 = '320f1fc66054e98681fd291415ff17b2e1a71b61' AND file:hashes.SHA256 = 'a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T14:19:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fda6f5a2-8bb2-483c-a116-a85e4af5a63c", "created": "2019-03-28T08:39:21.000Z", "modified": "2019-03-28T08:39:21.000Z", "relationship_type": "creator-of", "source_ref": "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f", "target_ref": "indicator--5c9c882a-a40c-46db-a3f5-f383950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c11cd12-6c58-48f9-9507-cdc20ec4808b", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9c866a-b3b4-41e8-9594-f646950d210f", "target_ref": "x-misp-object--3ba890fa-43c6-4805-a7ab-2fba74c0ced0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--698b9ceb-35b8-42cf-9ff0-2609135d8e4d", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cb1a2-817c-414b-b7be-43cd950d210f", "target_ref": "x-misp-object--83d90e56-d8fd-4fb2-bb57-580a66a57ee2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--47456290-8048-4f4f-8e61-d2f1cdc4352d", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cb1c2-6f04-4808-99d0-4d8f950d210f", "target_ref": "x-misp-object--c4efd0bd-ca37-4e9a-9669-b284391231d0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3be46b31-0f69-4697-8a2a-4c0eeabbe276", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cb1dc-7ee8-4a94-adef-41cb950d210f", "target_ref": "x-misp-object--c186be47-3752-42e1-89d5-1e5b3d5223de" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a5f6984a-455b-4b3f-88c0-fa261a2a5a99", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cb2c5-c444-4380-9cd7-4c8a950d210f", "target_ref": "x-misp-object--aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7ee3ed03-c55a-4876-83fd-bcb4dfef5f0d", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cdbf4-ea34-4d13-90a4-4ce6950d210f", "target_ref": "x-misp-object--90999cf4-f049-48cc-b058-7218d5e66a87" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c20ead58-c00a-4a20-a12d-f48037f6ff15", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cdc5e-12f4-4dfc-9918-4108950d210f", "target_ref": "x-misp-object--4a8c1dc6-773d-4883-be6f-8c7008a56ba7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--febebabb-5110-4905-86ce-2d648f99cb14", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9cdc7d-4d18-4cc8-b36e-4c83950d210f", "target_ref": "x-misp-object--62d88faa-c81c-4ee2-a031-950e7b8e74eb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b4fb6776-1cf4-42ad-b133-4760551469cc", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9e3862-4960-4ec0-a6fc-4f4e950d210f", "target_ref": "x-misp-object--5e8bc41a-f1de-4db9-99ce-f8e2d360a71e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--651589c3-8f49-40d3-b56a-b248b42885fc", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9e3895-b9dc-4d74-baa0-4e3e950d210f", "target_ref": "x-misp-object--6ec3241c-a53a-4b24-ad19-b37fe1926ca3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6b7f6e62-f6dd-4ae5-b9fc-b894fea0fc0e", "created": "2019-04-04T11:02:51.000Z", "modified": "2019-04-04T11:02:51.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9e38d2-e5ac-42e6-8787-4c7a950d210f", "target_ref": "x-misp-object--0bc1a3db-aa59-4e3e-962c-0141a9507044" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36226550-fccd-4fec-b338-54f706df5ef1", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9e3b43-3128-4838-8d63-4a69950d210f", "target_ref": "x-misp-object--91238841-2e89-4fd8-a8e8-eda64827b73d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8c6dd630-7dd1-46f7-a6c5-a793600b6d9e", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5c9e3bc2-5a24-4d69-a335-4793950d210f", "target_ref": "x-misp-object--dff728c7-5c19-4f03-86c3-da8de2fb5fe9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e82243d7-eaa6-4b0d-b35b-0e9c317c57d4", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5ca1b7ca-7424-4d99-8c46-4095950d210f", "target_ref": "x-misp-object--655b355a-d27a-47e7-953c-e518814e77d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c8b82ff-6089-4de2-84f0-3b560c0a7e39", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5ca1ce80-3410-445c-9a8c-20d7950d210f", "target_ref": "x-misp-object--15d2637f-5587-422e-9c0d-b5765db3b370" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--352f73c0-c34d-41c2-82e7-dfc48726c068", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9ccc29b-21e0-4670-bd40-9ddb5e77097a", "target_ref": "x-misp-object--35c21dc1-1c39-413c-946a-f8bb9b26b6f7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cd8c80c3-0cfb-49a4-9182-a43caeef1055", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1", "target_ref": "x-misp-object--5108ef6e-6e11-42eb-b04b-c98a3baf0989" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--878ba33b-1b27-4ad0-88fb-4da7f1bed61b", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f267dc71-bbf0-4cc5-9b5b-3fa211e28a18", "target_ref": "x-misp-object--f0ef8684-416a-4769-ad67-0b01c27351f8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e1916cea-2bbc-4ea3-871d-a74bbdeeb186", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--aea6e39a-79e2-459d-bcc5-4a1ea6a2a033", "target_ref": "x-misp-object--9d450a87-d02c-4ca7-8e63-51de5717eac9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d6260c4-ddbc-47f4-a506-37a21c70d6a0", "created": "2019-04-04T11:02:52.000Z", "modified": "2019-04-04T11:02:52.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1a98fae-2b40-4d36-bd5c-5b601c2ca216", "target_ref": "x-misp-object--e3d0d58a-ba39-4023-9f87-abc23fee99ab" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }