{ "type": "bundle", "id": "bundle--5bbe09c9-9040-4415-bd25-45b7950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:31:59.000Z", "modified": "2018-10-13T14:31:59.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5bbe09c9-9040-4415-bd25-45b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:31:59.000Z", "modified": "2018-10-13T14:31:59.000Z", "name": "OSINT - Threat Spotlight: Panda Banker Trojan Targets the US, Canada and Japan", "published": "2018-10-13T14:32:04Z", "object_refs": [ "observed-data--5bbe09dc-2250-4f64-b8be-4746950d210f", "url--5bbe09dc-2250-4f64-b8be-4746950d210f", "indicator--5bbe0a00-7120-46aa-bb57-4975950d210f", "indicator--5bbe0a01-c870-4dc4-b3fa-4c85950d210f", "indicator--5bbe0a02-dc14-43b8-950d-4411950d210f", "indicator--5bbe0a02-e614-4c72-9c8f-4a3b950d210f", "indicator--5bbe0a03-64e4-43c5-b296-4558950d210f", "indicator--5bbe0a03-0e34-44aa-8510-4265950d210f", "indicator--5bbf4793-0874-4cff-8f22-494a950d210f", "indicator--5bbf4795-3100-4ffa-ac0f-4bcd950d210f", "indicator--5bbf4799-cad4-4925-8766-4fcd950d210f", "indicator--5bbf4799-aa6c-4a57-8f36-49a6950d210f", "indicator--5bbf479a-596c-4667-a6c3-43d4950d210f", "indicator--5bbf479a-e098-464c-9e76-4994950d210f", "indicator--5bbf479b-7cdc-42bb-ba1f-4638950d210f", "indicator--5bbf479e-20c4-40a1-ade7-46bc950d210f", "indicator--5bbf47a4-8c04-42e1-a634-4b8d950d210f", "indicator--5bbf47a9-5448-43f0-ba9d-40f1950d210f", "indicator--5bbf47aa-69a0-4326-aa27-454c950d210f", "indicator--5bbf47ac-83b4-4c54-9a16-44c0950d210f", "indicator--5bbf47ad-0604-4ae1-a8c9-47b4950d210f", "indicator--5bbf47ae-ffa4-4e29-b373-433a950d210f", "indicator--5bbf47b0-5200-4fb3-b90f-4d2c950d210f", "indicator--5bbf47b1-2cf0-4cb8-877f-4bd2950d210f", "indicator--5bbf47b2-e30c-4969-b0e1-44ef950d210f", "indicator--5bbf47b7-2f24-4acd-9e28-4bc0950d210f", "indicator--5bbf47bc-32d8-4cca-b59d-49d3950d210f", "indicator--5bbf47c1-be50-4057-b3a8-4242950d210f", "indicator--5bbf47c2-8eb0-4964-98d7-4758950d210f", "indicator--5bbf47c2-86e4-434a-aabb-45ef950d210f", "indicator--5bbf47c3-0e80-4d76-9f8c-49f6950d210f", "indicator--5bbf47c3-dde8-49db-ba8b-45f8950d210f", "indicator--5bbf47c4-39f4-43c3-87ea-4b2f950d210f", "indicator--5bbf47c4-a008-4d16-92e5-4103950d210f", "indicator--5bbf47c5-7c40-4147-b83c-4ebd950d210f", "indicator--5bbf47c5-cf14-43dd-aa46-45b2950d210f", "indicator--5bbf47c6-43bc-44bf-a23f-4280950d210f", "indicator--5bbf47c6-41e4-4d78-9e8e-4ac1950d210f", "indicator--5bbf4b33-b024-4397-a219-4c30950d210f", "indicator--5bbf4b34-e9e0-4836-bbd3-4d17950d210f", "indicator--5bbf4b35-e748-45da-98bc-465e950d210f", "indicator--5bbf4b36-6648-4c1a-ba63-4c18950d210f", "indicator--5bbf4b37-03ec-4fd1-98cb-4045950d210f", "indicator--5bbf4b37-49ac-472f-b881-47ec950d210f", "indicator--5bbf4b38-77d8-4b4a-bb67-4bb9950d210f", "indicator--5bbf4b39-d458-4cff-998d-462f950d210f", "indicator--5bbf4b39-9538-4482-937b-4967950d210f", "indicator--5bbf4b3a-7970-48ff-a149-4fcb950d210f", "indicator--5bbf4b3b-f514-4d75-9ff7-4977950d210f", "indicator--5bbf4b3b-784c-464e-aec8-4824950d210f", "indicator--5bbf4b3c-31f4-4f88-952e-4e52950d210f", "indicator--5bbf4b41-7840-44bf-8454-4e26950d210f", "indicator--5bbf4b42-40f8-40ea-b995-4d72950d210f", "indicator--5bbf4b49-c7d8-4660-b23f-424e950d210f", "indicator--5bbf4b51-6178-4489-bf76-47d4950d210f", "indicator--5bbf4b56-5160-4663-b753-4e02950d210f", "indicator--5bbf4b5f-1f2c-4e9f-a8b1-4172950d210f", "indicator--5bbf4b60-924c-462c-a9e2-4164950d210f", "indicator--5bbf4b60-200c-44eb-a131-442e950d210f", "indicator--5bbf4b61-9384-4b1d-aa58-411c950d210f", "indicator--5bbf4b62-30f8-4d41-b84d-40e7950d210f", "indicator--5bbf4b62-35dc-42e7-a3c1-4f75950d210f", "indicator--5bbf4b63-9cc4-4e52-8421-4ceb950d210f", "indicator--5bbf4b67-72cc-4a30-9ed7-46f5950d210f", "indicator--5bbf4b67-34e0-4c71-97aa-4dbf950d210f", "indicator--5bbf4b68-1518-4a62-81fd-4fa8950d210f", "indicator--5bbf4b69-57c8-41ae-b630-4736950d210f", "indicator--5bbf4b69-87cc-4599-a9b6-4311950d210f", "indicator--5bbf4b6a-dde0-4a3f-8650-491f950d210f", "indicator--5bbf4b6b-07a0-400e-b25d-45e5950d210f", "indicator--5bbf4b70-47a8-4674-85fe-40c2950d210f", "indicator--5bbf4b78-7afc-4dd7-865f-4a32950d210f", "indicator--5bbf4b7c-b7a0-4f4d-a717-4c5b950d210f", "indicator--5bbf4b85-8284-4ece-a2a5-493f950d210f", "indicator--5bbf4b89-0fa8-4d79-b974-458f950d210f", "indicator--5bbf4b8d-0be8-4633-bacb-4ee6950d210f", "indicator--5bbf4b90-078c-4209-b17e-49a7950d210f", "indicator--5bbf4b96-ac80-4f5c-a603-4b66950d210f", "indicator--5bbf4b96-c704-42b1-ae14-4fd4950d210f", "indicator--5bbf4b9b-719c-4701-a296-48e1950d210f", "indicator--5bbf4ba0-cba8-4f46-828f-48c3950d210f", "indicator--5bbf4ba1-b770-4185-bf4c-4c28950d210f", "indicator--5bbf4ba1-7b18-462d-b9f2-4044950d210f", "indicator--5bbf4ba2-4c98-45d6-8cdb-4b45950d210f", "indicator--5bbf4ba3-e8c8-48c3-b84e-4012950d210f", "indicator--5bbf4ba3-d068-4574-8a44-412e950d210f", "indicator--5bbf4ba4-008c-4b5c-9752-4f8e950d210f", "indicator--5bbf4e91-03f4-42b7-af1e-4315950d210f", "indicator--5bbf4e94-8bbc-4736-ad4e-4315950d210f", "indicator--5bbf4e98-b7b0-4031-a6ac-4315950d210f", "indicator--5bbf4e99-7ee8-4003-ba59-4315950d210f", "indicator--5bbf4e99-261c-4605-8a22-4315950d210f", "indicator--5bbf4e9a-1bb8-4103-9ac1-4315950d210f", "indicator--5bbf4e9a-7b48-46d7-98bf-4315950d210f", "indicator--5bbf4e9b-39e0-445e-852a-4315950d210f", "indicator--5bbf4e9b-ccc8-4fb4-ae22-4315950d210f", "indicator--5bbf4e9b-9458-4c15-9aa3-4315950d210f", "indicator--5bbf4e9c-05f8-4116-bf0d-4315950d210f", "indicator--5bbf4e9c-0b2c-47a6-ac02-4315950d210f", "indicator--5bbf4ea0-3764-44d5-845e-4315950d210f", "indicator--5bbf4ea5-276c-4e49-a727-4315950d210f", "indicator--5bbf4eab-bbcc-4381-b5d1-4315950d210f", "indicator--5bbf4eab-2928-4bbe-9e6e-4315950d210f", "indicator--5bbf4eac-db2c-41a7-83e9-4315950d210f", "indicator--5bbf4eac-3790-43ae-bedf-4315950d210f", "indicator--5bbf4ead-afbc-4a27-b23c-4315950d210f", "indicator--5bbf4ead-4e14-4bb3-925f-4315950d210f", "indicator--5bbf4eae-6460-4d97-b96f-4315950d210f", "indicator--5bbf4eae-6154-4435-ab53-4315950d210f", "indicator--5bbf4eaf-becc-42a3-9218-4315950d210f", "indicator--5bbf4eb3-cf64-4453-87f5-4315950d210f", "indicator--5bbf4eb6-c9b4-4eba-a8fb-4315950d210f", "indicator--5bbf4ebc-6ffc-49fd-97fc-4315950d210f", "indicator--5bbf4ebe-79f8-4c3d-b6f6-4315950d210f", "indicator--5bbf4ec3-cc20-4674-be71-4315950d210f", "indicator--5bbf4ec3-5f98-4109-a25d-4315950d210f", "indicator--5bbf4ec4-cd84-40cd-9d53-4315950d210f", "indicator--5bbf4ec4-e9e8-45bc-a686-4315950d210f", "indicator--5bbf4ec4-07c0-4596-9d9d-4315950d210f", "indicator--5bbf4ec5-773c-418c-b0b1-4315950d210f", "indicator--5bbf4ec5-3f14-4529-b505-4315950d210f", "indicator--5bbf4eca-914c-4ce3-a8b8-4315950d210f", "indicator--5bbf4ece-f374-41ae-aae1-4315950d210f", "indicator--5bbf4ed3-2080-42ec-9081-4315950d210f", "indicator--5bbf4ed4-ee1c-4d47-8bad-4315950d210f", "indicator--5bbf4ed4-3630-4d90-9188-4315950d210f", "indicator--5bbf4ed9-1174-46e6-b13f-4315950d210f", "indicator--5bbf4eda-9fe0-4234-9d60-4315950d210f", "indicator--5bbf4eda-61a0-4b8d-911d-4315950d210f", "indicator--5bbf4edf-4700-40a1-abb6-4315950d210f", "indicator--5bbf4ee3-1f9c-4ace-9dc5-4315950d210f", "indicator--5bbf4ee8-3d54-483b-961e-4315950d210f", "indicator--5bbf4eea-4438-4792-afbc-4315950d210f", "indicator--5bbf4ef0-3e14-49e2-9fee-4315950d210f", "indicator--5bbf4ef5-0e8c-4474-99ef-4315950d210f", "indicator--5bbf4ef6-e1f8-4b9b-a0f9-4315950d210f", "indicator--5bbf4ef7-a030-48a0-9441-4315950d210f", "indicator--5bbf4ef7-323c-4cb1-9b20-4315950d210f", "indicator--5bbf4ef8-926c-414e-bbf3-4315950d210f", "indicator--5bbf4ef9-2088-4145-bac8-4315950d210f", "indicator--5bbf4ef9-af84-4d1b-a146-4315950d210f", "indicator--5bbf4efa-cef4-4acf-a545-4315950d210f", "indicator--5bbf4efa-ad7c-4764-a3db-4315950d210f", "indicator--5bbf4f00-8450-47bc-9c7b-4315950d210f", "indicator--5bbf4f04-9870-4bce-a8eb-4315950d210f", "indicator--5bbf4f04-9cf8-475e-ad67-4315950d210f", "indicator--5bbf4f05-a490-4cb4-b03a-4315950d210f", "indicator--5bbf4f05-9200-4231-9ae7-4315950d210f", "indicator--5bbf4f06-b540-4a97-9206-4315950d210f", "indicator--5bbf4f06-71c0-4bd0-8c03-4315950d210f", "indicator--5bbf4f0b-cbf8-40e7-bee8-4315950d210f", "indicator--5bbf4f11-343c-47d6-8e4e-4315950d210f", "indicator--5bbf4f16-e3ec-4809-8007-4315950d210f", "indicator--5bbf4f17-cfa8-4443-868a-4315950d210f", "indicator--5bbf4f17-5fac-447e-8b13-4315950d210f", "indicator--5bbf4f1c-0c1c-4fe2-a1c8-4315950d210f", "indicator--5bbf4f21-ff74-427d-85db-4315950d210f", "indicator--5bbf4f26-7514-467e-9475-4315950d210f", "indicator--5bbf4f2a-833c-469f-9fe3-4315950d210f", "indicator--5bbf4f2d-dda8-4461-b7ff-4315950d210f", "indicator--5bbf4f32-9e7c-4496-95f4-4315950d210f", "indicator--5bbf4f32-878c-4d38-b334-4315950d210f", "indicator--5bbf4f33-f270-44c1-98a6-4315950d210f", "indicator--5bbf4f33-f1a0-4ffa-aec2-4315950d210f", "indicator--5bbf4f33-6550-41f2-9c72-4315950d210f", "indicator--5bbf4f34-3218-4088-91e3-4315950d210f", "indicator--5bbf4f34-9d2c-489d-a663-4315950d210f", "indicator--5bbf4f35-7db0-4e28-b914-4315950d210f", "indicator--5bbf4f38-fe80-4da3-aa47-4315950d210f", "indicator--5bbf4f38-7dac-459f-980a-4315950d210f", "indicator--5bbf4f39-9f8c-4134-a0b5-4315950d210f", "indicator--5bbf4f39-f7c4-4a13-a102-4315950d210f", "indicator--5bbf4f3a-34ec-4a43-a993-4315950d210f", "indicator--5bbf4f3a-39ec-40f8-99ba-4315950d210f", "indicator--5bbf4f3f-8320-4197-a8f3-4315950d210f", "indicator--5bbf4f3f-c998-413c-a4eb-4315950d210f", "indicator--5bbf4f40-04d0-4469-8771-4315950d210f", "indicator--5bbf4f40-9784-4d95-a4c1-4315950d210f", "indicator--5bbf4f41-7cc4-4e3f-bea3-4315950d210f", "indicator--5bbf4f41-7394-4595-b0bd-4315950d210f", "indicator--5bbf4f46-2cec-44c4-9243-4315950d210f", "indicator--5bbf4a88-e644-4373-8f22-4f5c950d210f", "indicator--f0ecd20c-c324-4552-b22e-2254d13c0d70", "x-misp-object--6c4edc48-764b-446e-bd3a-e08d58c5f414", "indicator--dc3b0ca2-7e14-41d8-8c34-022baaa305da", "x-misp-object--fae2cb08-fb69-48cb-aac2-7b3250b62ad5", "indicator--25010369-b434-4849-9096-aa17cced6ad8", "x-misp-object--40df6dc6-4008-4511-8942-c68ae7c4c439", "indicator--f0067c21-5a51-48ee-b5a0-748e94e698f5", "x-misp-object--1cd76294-1677-4dab-983a-e33422ac6c06", "indicator--3a47367c-5962-4e07-99ce-54f4aedb0c99", "x-misp-object--b819962d-72fd-40c0-8e97-9404acfe53f6", "indicator--666f7de1-d07f-4338-9e36-f8682d20937f", "x-misp-object--7470f298-272d-4997-a3a9-1e2caf089fc5", "indicator--02083d52-09a4-472a-be1a-72f5de96c4e1", "x-misp-object--585149aa-ac1e-4772-9f75-63454f6f03a4", "indicator--8f18793b-7d4f-4118-85a8-c3c232c332f9", "x-misp-object--ca08f8bc-3f96-451e-8edf-f68d01cbf731", "indicator--1add812c-a522-4b1b-abd9-4c5cae1ab7bc", "x-misp-object--75f83f9e-61ba-4d6d-8b35-5b676b67cc83", "indicator--0137dda2-1337-46d6-94a9-62767e660212", "x-misp-object--d9e567e6-749d-48d9-8d4c-5cc3940925ea", "indicator--ccbdf26b-9daa-4595-8bd3-f5936c78077b", "x-misp-object--283c947e-0fbc-4c5d-90a5-c0920818017b", "indicator--716c54d2-9fe7-4298-a41e-e0f7039e6597", "x-misp-object--946d0c35-380c-4096-85d9-51bb3c2a270a", "indicator--79357d15-935b-4c65-8ebd-e833a37e392e", "x-misp-object--2e92239b-9952-4018-bf23-8677faf45b20", "indicator--8ceadd5c-78e1-4d36-bc76-90cdda36183b", "x-misp-object--112a8c20-ac6e-4d67-89c5-2465589397a6", "indicator--e79a1f3b-7093-418a-ae2b-beb6167055ff", "x-misp-object--62173e48-3eae-4a9b-acb6-3fd28147d243", "indicator--c68ce55d-fac2-4f4f-8c1f-05a081a07427", "x-misp-object--ffcdf8c5-d42e-42a3-b1b6-17a36bd68c4b", "indicator--cf5169d7-134c-41c0-992a-9aaafd89fa7e", "x-misp-object--f7bbedb7-2b40-487f-9fe0-36bb03719010", "indicator--a2e795f9-03f0-4374-a361-4283add548d9", "x-misp-object--6382b419-dfcb-4147-8617-968cbce89878", "indicator--2232c998-99a2-4d0a-99ef-191ae7aa0b4b", "x-misp-object--d6bfda7d-fce7-419d-83ca-dd6e334fd72f", "indicator--c6c3d7c3-e3ad-4947-ac6b-637f3393e1eb", "x-misp-object--06f90ed1-6d51-48d0-992e-649b609b0196", "indicator--6f11d27a-6534-48c5-b854-c49cf5a591c5", "x-misp-object--d395d4d7-2cab-49ce-9da3-b61c070cd153", "indicator--fbeb7670-7016-4cbf-9be7-914d985ff8ec", "x-misp-object--f7dc33bd-ea3b-4c04-b5a4-aceae14bac9c", "indicator--502df54a-3b51-4e3b-a3f3-508ea91deb34", "x-misp-object--c6bbf84f-cece-45dc-8d30-22a739c1d362", "indicator--416533e3-49d9-4093-b383-5cda3ee03931", "x-misp-object--42f142f7-3e65-49ba-91d4-3d3cc8e107b7", "indicator--029e31e7-5057-4cad-a5e2-d185983c98f5", "x-misp-object--ed94cf78-fbf6-46d4-8474-9ebd1f00d3da", "indicator--857206fa-64e6-4cc7-9a8f-cc1bea9d7bec", "x-misp-object--9983f130-96c0-4d6d-9cea-88961a5c4203", "indicator--13866788-eb30-4b88-ab83-ab1e4b94573a", "x-misp-object--f0b4db0a-9c42-42a2-8388-8690e37e2d9a", "indicator--489c3c47-36a1-414b-b900-0285b2742f7e", "x-misp-object--81e3916e-a5f1-4d2c-98bd-c34f00b4c86e", "indicator--7eeec90d-2d22-4d1f-9239-e8df266c78e8", "x-misp-object--66268f88-4020-445c-8d0b-fe9da7666eef", "indicator--a94eb647-88bc-4f7d-8269-ee9c549a8234", "x-misp-object--f6cf1551-0bc9-44c0-a9ec-35748471737a", "relationship--108cb7f4-1be7-4c27-a365-0a1b88f2af3c", "relationship--98b61688-0eef-44bc-bc4c-fae9895bcaa7", "relationship--95e04edf-a665-4b00-b662-a3c8f8727034", "relationship--c9933aa3-8173-4f26-b025-def50999bdbe", "relationship--cc5e3994-5834-4131-a9c1-138e78a0fe0d", "relationship--85a3e6bf-e0a4-4294-b66f-e741a332dc06", "relationship--639b46f3-8d36-40b7-aa3c-41d230d7a646", "relationship--c6e45511-eb31-467f-8a2d-5686f924fbd7", "relationship--795738c0-94ad-47de-9c5a-43687986531c", "relationship--36e80774-9c4b-4945-a495-e855e47656a2", "relationship--e4314409-3cd6-4de7-ac11-a734b48fa8c7", "relationship--87eb3e00-1998-4362-b500-62576479bb53", "relationship--32d42a89-2e87-4129-9dc9-b241b3bf17e7", "relationship--19b2a729-0927-4713-9afe-0692b5914db3", "relationship--6ca9fccf-8bdb-4a0b-9676-4d420388ca66", "relationship--8614ac37-0224-4e07-b728-8bbc725e0bc9", "relationship--1f0d1194-d5a2-40ad-8c58-1ed951509d94", "relationship--22d8eea4-f70a-4662-b20e-f0f880e3399d", "relationship--94133cba-b97a-4b4b-be76-f56bd8f08e38", "relationship--180c065a-a138-4272-85e7-28d4a1d7cc10", "relationship--d99d348f-57e3-46c9-9099-6c2a6dcf10cd", "relationship--f4eb40b9-cc8f-4cf1-b08e-961b94428780", "relationship--d62fb844-35c8-4917-93f7-f43a47df01ba", "relationship--0fcb943a-b752-4bde-a58d-7a3bc3586696", "relationship--084c8d42-1a8d-4e7f-8b6c-9ec17ad7a8a2", "relationship--bf0c91e4-829e-484d-85e5-4f39d7747202", "relationship--b12e46f0-9974-4f5e-adbe-5293625f4166", "relationship--31499035-b186-478b-ad5f-94dfc6acd41d", "relationship--d008c942-f427-49be-91ce-e6bcd2767b8d", "relationship--dde0c001-df2e-45e8-9644-e45e68461659" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:banker=\"Panda Banker\"", "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Man in the Browser - T1185\"", "misp-galaxy:banker=\"Geodo\"", "misp-galaxy:tool=\"Emotet\"", "osint:source-type=\"blog-post\"", "malware_classification:malware-category=\"Trojan\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5bbe09dc-2250-4f64-b8be-4746950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:27:38.000Z", "modified": "2018-10-11T13:27:38.000Z", "first_observed": "2018-10-11T13:27:38Z", "last_observed": "2018-10-11T13:27:38Z", "number_observed": 1, "object_refs": [ "url--5bbe09dc-2250-4f64-b8be-4746950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5bbe09dc-2250-4f64-b8be-4746950d210f", "value": "https://threatvector.cylance.com/en_us/home/threat-spotlight-panda-banker-trojan-targets-the-us-canada-and-japan.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbe0a00-7120-46aa-bb57-4975950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:30:08.000Z", "modified": "2018-10-11T13:30:08.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/1rifoluwaqyseawawuvza.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:30:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbe0a01-c870-4dc4-b3fa-4c85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:31:23.000Z", "modified": "2018-10-11T13:31:23.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/webinjects_new3.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:31:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbe0a02-dc14-43b8-950d-4411950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:30:02.000Z", "modified": "2018-10-11T13:30:02.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/1rifoluwaqyseawawuvza.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:30:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbe0a02-e614-4c72-9c8f-4a3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:29:50.000Z", "modified": "2018-10-11T13:29:50.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/webinject32_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:29:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbe0a03-64e4-43c5-b296-4558950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:29:58.000Z", "modified": "2018-10-11T13:29:58.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/webinject64_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:29:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbe0a03-0e34-44aa-8510-4265950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:29:16.000Z", "modified": "2018-10-11T13:29:16.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/vnc32_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:29:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4793-0874-4cff-8f22-494a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:35.000Z", "modified": "2018-10-11T12:52:35.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '088e2de6e3cf283f6b7cb518655adb32f1de8a0d14eff9e8a10aa16d1420cc4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4795-3100-4ffa-ac0f-4bcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:37.000Z", "modified": "2018-10-11T12:52:37.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '0dd11e77562e51de1c12c1d7edf9c34c115f79f13cdc8d2a4743f41515d069f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4799-cad4-4925-8766-4fcd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:41.000Z", "modified": "2018-10-11T12:52:41.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '111b67b802426c2e94e933761cbb6168a6730c99849244e518d11e1474218088']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4799-aa6c-4a57-8f36-49a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:41.000Z", "modified": "2018-10-11T12:52:41.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '200dd176eccfe11a3456193bf1fe7d46d23408834e172991b883d59aa59ce259']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf479a-596c-4667-a6c3-43d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:42.000Z", "modified": "2018-10-11T12:52:42.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '20f4445b40dc0cd1830dee6031a7342284e51dc4c399d331507b28f74ba0727b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf479a-e098-464c-9e76-4994950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:42.000Z", "modified": "2018-10-11T12:52:42.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '2527c9eb597bd85c4ca2e7a6550cc7480dbb3129dd3d6033e66e82b0988ee061']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf479b-7cdc-42bb-ba1f-4638950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:43.000Z", "modified": "2018-10-11T12:52:43.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '333aff311b07c5cbedfb618ff902b0dd663c0ba50b2dc8a2a590e9409cb9bc3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf479e-20c4-40a1-ade7-46bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:46.000Z", "modified": "2018-10-11T12:52:46.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '3dd50e3c6f108c9e7289e797127527b7e5321f360893fc1fcc41b19b06dd65bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47a4-8c04-42e1-a634-4b8d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:52.000Z", "modified": "2018-10-11T12:52:52.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47a9-5448-43f0-ba9d-40f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:57.000Z", "modified": "2018-10-11T12:52:57.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '57cfd2da86195b4d5636579aba6c61fa7fc9d0646ea6fe7cb4752ddbc789428a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47aa-69a0-4326-aa27-454c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:52:58.000Z", "modified": "2018-10-11T12:52:58.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '5b7f1708092a1fecf4ad1dc22cccca62c1648361f805762c465f12b9501e485c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:52:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47ac-83b4-4c54-9a16-44c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:00.000Z", "modified": "2018-10-11T12:53:00.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '5cde033fd3d5e1f4750034e262f7e913a26231dcd2d658581557387c1fa7306b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47ad-0604-4ae1-a8c9-47b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:01.000Z", "modified": "2018-10-11T12:53:01.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '6030ce3acf4dd0729b30795b23a4dc9983a9363e5bf6b1e7dc82ef4ccaef7754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47ae-ffa4-4e29-b373-433a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:02.000Z", "modified": "2018-10-11T12:53:02.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '8327163cf9c9dc8c4680ad6adccf10aaf4458f75c4db045e7e3608081ce6fae1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47b0-5200-4fb3-b90f-4d2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:04.000Z", "modified": "2018-10-11T12:53:04.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '85d8829d7795af046e238d9981592f96ad49dcb2ccb9e5c6bb938bc04b1e8552']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47b1-2cf0-4cb8-877f-4bd2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:05.000Z", "modified": "2018-10-11T12:53:05.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '8a26412234ec7cb43b07bae7e9910eb0f7eb807cf8581abed56aafaf514ac4a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47b2-e30c-4969-b0e1-44ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:06.000Z", "modified": "2018-10-11T12:53:06.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = '997a9a38aae2be74659296df901aed09ef5adb671ee682605dd999243f9e9983']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47b7-2f24-4acd-9e28-4bc0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:11.000Z", "modified": "2018-10-11T12:53:11.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'ad7b21f9c14c49ea28f7e98a8e3b44973446342537d9817ec91c13681bae0023']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47bc-32d8-4cca-b59d-49d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:16.000Z", "modified": "2018-10-11T12:53:16.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'b1ebf3d44d496ee574831266474b10b55c06e30aea56d41ac8830ba2b28f7a0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c1-be50-4057-b3a8-4242950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:21.000Z", "modified": "2018-10-11T12:53:21.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'b6708bb21911fe143fdc33a57993db91be7f90ebacc0eac302019b2d12a763e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c2-8eb0-4964-98d7-4758950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:22.000Z", "modified": "2018-10-11T12:53:22.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'bc394ca7b7db058dab18ad8f612fe99c734006f034945b1336682e4728a4e932']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c2-86e4-434a-aabb-45ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:22.000Z", "modified": "2018-10-11T12:53:22.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'c83d21ddcc75d410a3f40b9c869e7c75861240077be7a174f6d2b574bf6bc2c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c3-0e80-4d76-9f8c-49f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:23.000Z", "modified": "2018-10-11T12:53:23.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'c93f049bfd7e1e5b9fafb04100cacc156fe76d69d4cc0a1df27d29b057371e05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c3-dde8-49db-ba8b-45f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:23.000Z", "modified": "2018-10-11T12:53:23.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'cb050e95ce7cd9cdd444741c8bf80e913297565eebb7b8cb64b4f69407017944']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c4-39f4-43c3-87ea-4b2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:24.000Z", "modified": "2018-10-11T12:53:24.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'ceb3cc460681d1274113d2a983b143049c139261d03552356c0f95f8c140b669']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c4-a008-4d16-92e5-4103950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:24.000Z", "modified": "2018-10-11T12:53:24.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c5-7c40-4147-b83c-4ebd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:25.000Z", "modified": "2018-10-11T12:53:25.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'e187df28541a1296d10a6ac2ff7ed5a52ce7577fcc8bc3811af3238af0e5e991']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c5-cf14-43dd-aa46-45b2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:25.000Z", "modified": "2018-10-11T12:53:25.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'f87439636b309409b96b336099d84fff56773391cfa52faf069c3b7b517ba154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c6-43bc-44bf-a23f-4280950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:26.000Z", "modified": "2018-10-11T12:53:26.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'facd400eb4530f6c0357c1115c3275e7feefdb982df96f13ffec62f56b95ccb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf47c6-41e4-4d78-9e8e-4ac1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T12:53:26.000Z", "modified": "2018-10-11T12:53:26.000Z", "description": "Panda Banker payloads", "pattern": "[file:hashes.SHA256 = 'fbc8126a3bc0746e57dbd4ae29c64006b79825243e47659e0ff57b5b27641123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T12:53:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b33-b024-4397-a219-4c30950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:03.000Z", "modified": "2018-10-11T13:08:03.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'rxdirectories.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b34-e9e0-4836-bbd3-4d17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:04.000Z", "modified": "2018-10-11T13:08:04.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'adshiepkhach.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b35-e748-45da-98bc-465e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:05.000Z", "modified": "2018-10-11T13:08:05.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'akihabrajdu.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b36-6648-4c1a-ba63-4c18950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:06.000Z", "modified": "2018-10-11T13:08:06.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'antrefurniture.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b37-03ec-4fd1-98cb-4045950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:07.000Z", "modified": "2018-10-11T13:08:07.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'bloodskin.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b37-49ac-472f-b881-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:07.000Z", "modified": "2018-10-11T13:08:07.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'canariasmotor.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b38-77d8-4b4a-bb67-4bb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:08.000Z", "modified": "2018-10-11T13:08:08.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'cebabsebi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b39-d458-4cff-998d-462f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:09.000Z", "modified": "2018-10-11T13:08:09.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'coloredcredit.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b39-9538-4482-937b-4967950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:09.000Z", "modified": "2018-10-11T13:08:09.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'connectionjump.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b3a-7970-48ff-a149-4fcb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:10.000Z", "modified": "2018-10-11T13:08:10.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'dintlasirob.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b3b-f514-4d75-9ff7-4977950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:11.000Z", "modified": "2018-10-11T13:08:11.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'downloadmasala.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b3b-784c-464e-aec8-4824950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:11.000Z", "modified": "2018-10-11T13:08:11.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'encitimefoan.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b3c-31f4-4f88-952e-4e52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:12.000Z", "modified": "2018-10-11T13:08:12.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'fullspectrumavs.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b41-7840-44bf-8454-4e26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:17.000Z", "modified": "2018-10-11T13:08:17.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'gmokkasd.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b42-40f8-40ea-b995-4d72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:18.000Z", "modified": "2018-10-11T13:08:18.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'haketsitet.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b49-c7d8-4660-b23f-424e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:25.000Z", "modified": "2018-10-11T13:08:25.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'hogamotin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b51-6178-4489-bf76-47d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:33.000Z", "modified": "2018-10-11T13:08:33.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'humoronoff.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b56-5160-4663-b753-4e02950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:38.000Z", "modified": "2018-10-11T13:08:38.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'indolentgames.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b5f-1f2c-4e9f-a8b1-4172950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:47.000Z", "modified": "2018-10-11T13:08:47.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'inghapwilhe.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b60-924c-462c-a9e2-4164950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:48.000Z", "modified": "2018-10-11T13:08:48.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'jecrusandsi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b60-200c-44eb-a131-442e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:48.000Z", "modified": "2018-10-11T13:08:48.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'joltter.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b61-9384-4b1d-aa58-411c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:49.000Z", "modified": "2018-10-11T13:08:49.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'legaleeny.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b62-30f8-4d41-b84d-40e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:50.000Z", "modified": "2018-10-11T13:08:50.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'letretuthes.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b62-35dc-42e7-a3c1-4f75950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:50.000Z", "modified": "2018-10-11T13:08:50.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'luxurygoosedown.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b63-9cc4-4e52-8421-4ceb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:51.000Z", "modified": "2018-10-11T13:08:51.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'lyletening.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b67-72cc-4a30-9ed7-46f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:55.000Z", "modified": "2018-10-11T13:08:55.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'majorhunt.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b67-34e0-4c71-97aa-4dbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:55.000Z", "modified": "2018-10-11T13:08:55.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'mihecksandca.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b68-1518-4a62-81fd-4fa8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:56.000Z", "modified": "2018-10-11T13:08:56.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'miliocife.aktyubinsk.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b69-57c8-41ae-b630-4736950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:57.000Z", "modified": "2018-10-11T13:08:57.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'myaningmuchme.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b69-87cc-4599-a9b6-4311950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:57.000Z", "modified": "2018-10-11T13:08:57.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'myhubcloud.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b6a-dde0-4a3f-8650-491f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:58.000Z", "modified": "2018-10-11T13:08:58.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'mykeeptake.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b6b-07a0-400e-b25d-45e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:08:59.000Z", "modified": "2018-10-11T13:08:59.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'mystratusstore.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:08:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b70-47a8-4674-85fe-40c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:04.000Z", "modified": "2018-10-11T13:09:04.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'nauseorofte.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b78-7afc-4dd7-865f-4a32950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:12.000Z", "modified": "2018-10-11T13:09:12.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'nybaseballfans.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b7c-b7a0-4f4d-a717-4c5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:16.000Z", "modified": "2018-10-11T13:09:16.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'picosloop.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b85-8284-4ece-a2a5-493f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:25.000Z", "modified": "2018-10-11T13:09:25.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'rebretaci.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b89-0fa8-4d79-b974-458f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:29.000Z", "modified": "2018-10-11T13:09:29.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'rombutcading.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b8d-0be8-4633-bacb-4ee6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:33.000Z", "modified": "2018-10-11T13:09:33.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'smartnutriment.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b90-078c-4209-b17e-49a7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:36.000Z", "modified": "2018-10-11T13:09:36.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'speakeasyclan.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b96-ac80-4f5c-a603-4b66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:42.000Z", "modified": "2018-10-11T13:09:42.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'tailbackuisback.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b96-c704-42b1-ae14-4fd4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:42.000Z", "modified": "2018-10-11T13:09:42.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'theeunload.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4b9b-719c-4701-a296-48e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:46.000Z", "modified": "2018-10-11T13:09:46.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'thevisitorsfilm.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba0-cba8-4f46-828f-48c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:52.000Z", "modified": "2018-10-11T13:09:52.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'uiaoduiiej.chimkent.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba1-b770-4185-bf4c-4c28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:53.000Z", "modified": "2018-10-11T13:09:53.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'umirushieteg.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba1-7b18-462d-b9f2-4044950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:53.000Z", "modified": "2018-10-11T13:09:53.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'vethatnetont.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba2-4c98-45d6-8cdb-4b45950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:54.000Z", "modified": "2018-10-11T13:09:54.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'vudoshakar123123.website']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba3-e8c8-48c3-b84e-4012950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:55.000Z", "modified": "2018-10-11T13:09:55.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'watercraftuavs.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba3-d068-4574-8a44-412e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:55.000Z", "modified": "2018-10-11T13:09:55.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'wegmanss.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ba4-008c-4b5c-9752-4f8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:09:56.000Z", "modified": "2018-10-11T13:09:56.000Z", "description": "C2 domain names", "pattern": "[domain-name:value = 'zanhimnohedt.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:09:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e91-03f4-42b7-af1e-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:25.000Z", "modified": "2018-10-11T13:22:25.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/vnc64_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e94-8bbc-4736-ad4e-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:28.000Z", "modified": "2018-10-11T13:22:28.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/backsocks_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e98-b7b0-4031-a6ac-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:32.000Z", "modified": "2018-10-11T13:22:32.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/grabber_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e99-7ee8-4003-ba59-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:33.000Z", "modified": "2018-10-11T13:22:33.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://vudoshakar123123.website/keylogger_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e99-261c-4605-8a22-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:33.000Z", "modified": "2018-10-11T13:22:33.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/2itopfetoebenfeakoqas.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9a-1bb8-4103-9ac1-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:34.000Z", "modified": "2018-10-11T13:22:34.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/webinjects_new3.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9a-7b48-46d7-98bf-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:34.000Z", "modified": "2018-10-11T13:22:34.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/2itopfetoebenfeakoqas.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9b-39e0-445e-852a-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:35.000Z", "modified": "2018-10-11T13:22:35.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/webinject32_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9b-ccc8-4fb4-ae22-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:35.000Z", "modified": "2018-10-11T13:22:35.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/webinject64_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9b-9458-4c15-9aa3-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:35.000Z", "modified": "2018-10-11T13:22:35.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/vnc32_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9c-05f8-4116-bf0d-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:36.000Z", "modified": "2018-10-11T13:22:36.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/vnc64_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4e9c-0b2c-47a6-ac02-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:36.000Z", "modified": "2018-10-11T13:22:36.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/backsocks_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ea0-3764-44d5-845e-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:40.000Z", "modified": "2018-10-11T13:22:40.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/grabber_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ea5-276c-4e49-a727-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:45.000Z", "modified": "2018-10-11T13:22:45.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mystratusstore.xyz/keylogger_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eab-bbcc-4381-b5d1-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:51.000Z", "modified": "2018-10-11T13:22:51.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/1ixcyidwexoumibewibbi.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eab-2928-4bbe-9e6e-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:51.000Z", "modified": "2018-10-11T13:22:51.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610webinjects.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eac-db2c-41a7-83e9-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:52.000Z", "modified": "2018-10-11T13:22:52.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/1ixcyidwexoumibewibbi.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eac-3790-43ae-bedf-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:52.000Z", "modified": "2018-10-11T13:22:52.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610webinject32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ead-afbc-4a27-b23c-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:53.000Z", "modified": "2018-10-11T13:22:53.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610webinject64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ead-4e14-4bb3-925f-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:53.000Z", "modified": "2018-10-11T13:22:53.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610vnc32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eae-6460-4d97-b96f-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:54.000Z", "modified": "2018-10-11T13:22:54.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610vnc64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eae-6154-4435-ab53-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:54.000Z", "modified": "2018-10-11T13:22:54.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610backsocks.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eaf-becc-42a3-9218-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:55.000Z", "modified": "2018-10-11T13:22:55.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610grabber.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eb3-cf64-4453-87f5-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:22:59.000Z", "modified": "2018-10-11T13:22:59.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://mihecksandca.ru/610keylogger.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eb6-c9b4-4eba-a8fb-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:02.000Z", "modified": "2018-10-11T13:23:02.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/1toziimufuzutotsaguel.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ebc-6ffc-49fd-97fc-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:08.000Z", "modified": "2018-10-11T13:23:08.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610webinjects.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ebe-79f8-4c3d-b6f6-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:10.000Z", "modified": "2018-10-11T13:23:10.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/1toziimufuzutotsaguel.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec3-cc20-4674-be71-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:15.000Z", "modified": "2018-10-11T13:23:15.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610webinject32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec3-5f98-4109-a25d-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:15.000Z", "modified": "2018-10-11T13:23:15.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610webinject64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec4-cd84-40cd-9d53-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:16.000Z", "modified": "2018-10-11T13:23:16.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610vnc32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec4-e9e8-45bc-a686-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:16.000Z", "modified": "2018-10-11T13:23:16.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610vnc64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec4-07c0-4596-9d9d-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:16.000Z", "modified": "2018-10-11T13:23:16.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610backsocks.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec5-773c-418c-b0b1-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:17.000Z", "modified": "2018-10-11T13:23:17.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610grabber.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ec5-3f14-4529-b505-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:17.000Z", "modified": "2018-10-11T13:23:17.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://rombutcading.ru/610keylogger.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eca-914c-4ce3-a8b8-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:22.000Z", "modified": "2018-10-11T13:23:22.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/1haetibatiqinoktaitov.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ece-f374-41ae-aae1-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:26.000Z", "modified": "2018-10-11T13:23:26.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69webinjects.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ed3-2080-42ec-9081-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:31.000Z", "modified": "2018-10-11T13:23:31.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/1haetibatiqinoktaitov.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ed4-ee1c-4d47-8bad-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:32.000Z", "modified": "2018-10-11T13:23:32.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69webinject32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ed4-3630-4d90-9188-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:32.000Z", "modified": "2018-10-11T13:23:32.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69webinject64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ed9-1174-46e6-b13f-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:37.000Z", "modified": "2018-10-11T13:23:37.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69vnc32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eda-9fe0-4234-9d60-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:38.000Z", "modified": "2018-10-11T13:23:38.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69vnc64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eda-61a0-4b8d-911d-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:38.000Z", "modified": "2018-10-11T13:23:38.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69backsocks.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4edf-4700-40a1-abb6-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:43.000Z", "modified": "2018-10-11T13:23:43.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69grabber.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ee3-1f9c-4ace-9dc5-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:47.000Z", "modified": "2018-10-11T13:23:47.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://betrephengu.ru/69keylogger.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ee8-3d54-483b-961e-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:52.000Z", "modified": "2018-10-11T13:23:52.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/1uqboygheizxeraneorlo.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4eea-4438-4792-afbc-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:23:54.000Z", "modified": "2018-10-11T13:23:54.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/webinjects_new3.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:23:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef0-3e14-49e2-9fee-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:00.000Z", "modified": "2018-10-11T13:24:00.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/1uqboygheizxeraneorlo.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef5-0e8c-4474-99ef-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:05.000Z", "modified": "2018-10-11T13:24:05.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/webinject32_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef6-e1f8-4b9b-a0f9-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:06.000Z", "modified": "2018-10-11T13:24:06.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/webinject64_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef7-a030-48a0-9441-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:07.000Z", "modified": "2018-10-11T13:24:07.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/vnc32_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef7-323c-4cb1-9b20-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:07.000Z", "modified": "2018-10-11T13:24:07.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/vnc64_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef8-926c-414e-bbf3-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:08.000Z", "modified": "2018-10-11T13:24:08.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/backsocks_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef9-2088-4145-bac8-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:09.000Z", "modified": "2018-10-11T13:24:09.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/grabber_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4ef9-af84-4d1b-a146-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:09.000Z", "modified": "2018-10-11T13:24:09.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://humoronoff.top/keylogger_new3.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4efa-cef4-4acf-a545-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:10.000Z", "modified": "2018-10-11T13:24:10.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/1ifmuybbolakuotegepma.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4efa-ad7c-4764-a3db-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:10.000Z", "modified": "2018-10-11T13:24:10.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610webinjects.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f00-8450-47bc-9c7b-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:16.000Z", "modified": "2018-10-11T13:24:16.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/1ifmuybbolakuotegepma.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f04-9870-4bce-a8eb-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:20.000Z", "modified": "2018-10-11T13:24:20.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610webinject32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f04-9cf8-475e-ad67-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:20.000Z", "modified": "2018-10-11T13:24:20.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610webinject64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f05-a490-4cb4-b03a-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:21.000Z", "modified": "2018-10-11T13:24:21.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610vnc32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f05-9200-4231-9ae7-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:21.000Z", "modified": "2018-10-11T13:24:21.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610vnc64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f06-b540-4a97-9206-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:22.000Z", "modified": "2018-10-11T13:24:22.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610backsocks.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f06-71c0-4bd0-8c03-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:22.000Z", "modified": "2018-10-11T13:24:22.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610grabber.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f0b-cbf8-40e7-bee8-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:27.000Z", "modified": "2018-10-11T13:24:27.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://nauseorofte.ru/610keylogger.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f11-343c-47d6-8e4e-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:33.000Z", "modified": "2018-10-11T13:24:33.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/1waemgadyezabawhakavi.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f16-e3ec-4809-8007-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:38.000Z", "modified": "2018-10-11T13:24:38.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610webinjects.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f17-cfa8-4443-868a-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:39.000Z", "modified": "2018-10-11T13:24:39.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/1waemgadyezabawhakavi.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f17-5fac-447e-8b13-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:39.000Z", "modified": "2018-10-11T13:24:39.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610webinject32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f1c-0c1c-4fe2-a1c8-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:44.000Z", "modified": "2018-10-11T13:24:44.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610webinject64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f21-ff74-427d-85db-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:49.000Z", "modified": "2018-10-11T13:24:49.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610vnc32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f26-7514-467e-9475-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:54.000Z", "modified": "2018-10-11T13:24:54.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610vnc64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f2a-833c-469f-9fe3-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:24:58.000Z", "modified": "2018-10-11T13:24:58.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610backsocks.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:24:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f2d-dda8-4461-b7ff-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:01.000Z", "modified": "2018-10-11T13:25:01.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610grabber.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f32-9e7c-4496-95f4-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:06.000Z", "modified": "2018-10-11T13:25:06.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://myaningmuchme.ru/610keylogger.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f32-878c-4d38-b334-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:06.000Z", "modified": "2018-10-11T13:25:06.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/5fewucaopezanxenuzebu.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f33-f270-44c1-98a6-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:07.000Z", "modified": "2018-10-11T13:25:07.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/webinjects.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f33-f1a0-4ffa-aec2-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:07.000Z", "modified": "2018-10-11T13:25:07.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/5fewucaopezanxenuzebu.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f33-6550-41f2-9c72-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:07.000Z", "modified": "2018-10-11T13:25:07.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/webinject32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f34-3218-4088-91e3-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:08.000Z", "modified": "2018-10-11T13:25:08.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/webinject64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f34-9d2c-489d-a663-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:08.000Z", "modified": "2018-10-11T13:25:08.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/vnc32.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f35-7db0-4e28-b914-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:09.000Z", "modified": "2018-10-11T13:25:09.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/vnc64.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f38-fe80-4da3-aa47-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:12.000Z", "modified": "2018-10-11T13:25:12.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/backsocks.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f38-7dac-459f-980a-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:12.000Z", "modified": "2018-10-11T13:25:12.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/grabber.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f39-9f8c-4134-a0b5-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:13.000Z", "modified": "2018-10-11T13:25:13.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://uiaoduiiej.chimkent.su/keylogger.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f39-f7c4-4a13-a102-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:13.000Z", "modified": "2018-10-11T13:25:13.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/1boehzyyspokusiakziof.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f3a-34ec-4a43-a993-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:14.000Z", "modified": "2018-10-11T13:25:14.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/webinjects_new2.dat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f3a-39ec-40f8-99ba-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:14.000Z", "modified": "2018-10-11T13:25:14.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/1boehzyyspokusiakziof.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f3f-8320-4197-a8f3-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:19.000Z", "modified": "2018-10-11T13:25:19.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/webinject32_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f3f-c998-413c-a4eb-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:19.000Z", "modified": "2018-10-11T13:25:19.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/webinject64_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f40-04d0-4469-8771-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:20.000Z", "modified": "2018-10-11T13:25:20.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/vnc32_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f40-9784-4d95-a4c1-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:20.000Z", "modified": "2018-10-11T13:25:20.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/vnc64_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f41-7cc4-4e3f-bea3-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:21.000Z", "modified": "2018-10-11T13:25:21.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/backsocks_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f41-7394-4595-b0bd-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:21.000Z", "modified": "2018-10-11T13:25:21.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/grabber_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4f46-2cec-44c4-9243-4315950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:25:26.000Z", "modified": "2018-10-11T13:25:26.000Z", "description": "URLs in configuration from C2 server", "pattern": "[url:value = 'https://adshiepkhach.top/keylogger_new2.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:25:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bbf4a88-e644-4373-8f22-4f5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-11T13:05:12.000Z", "modified": "2018-10-11T13:05:12.000Z", "description": "Persistency", "pattern": "[windows-registry-key:key = 'HKCU\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run' AND windows-registry-key:values[0].data = 'path to : An executable file Panda Banker created (e.g., path to blocklist.exe)' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'An executable file name Panda Banker created (e.g., blocklist.exe)' AND windows-registry-key:x_misp_root_keys = 'HKCC']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-11T13:05:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0ecd20c-c324-4552-b22e-2254d13c0d70", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:06:42.000Z", "modified": "2018-10-13T14:06:42.000Z", "pattern": "[file:hashes.MD5 = '82c6a5e05ceec286c79ae978bc746244' AND file:hashes.SHA1 = '4119689d41eda5626bae47260a08b1ae9adb45d7' AND file:hashes.SHA256 = 'f87439636b309409b96b336099d84fff56773391cfa52faf069c3b7b517ba154']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:06:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6c4edc48-764b-446e-bd3a-e08d58c5f414", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:06:42.000Z", "modified": "2018-10-13T14:06:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:58", "category": "Other", "uuid": "585b4a1d-da7e-4b68-8fed-59dfd092fb5c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f87439636b309409b96b336099d84fff56773391cfa52faf069c3b7b517ba154/analysis/1539299398/", "category": "External analysis", "uuid": "439a5ccd-c6bc-4859-aba4-58bbbce283d0" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/68", "category": "Other", "uuid": "4700becc-d6da-43eb-bd21-fc11ee71b9fb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc3b0ca2-7e14-41d8-8c34-022baaa305da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:06:57.000Z", "modified": "2018-10-13T14:06:57.000Z", "pattern": "[file:hashes.MD5 = '9cba1ff8e39923f10c186380beeacb62' AND file:hashes.SHA1 = '7d3f950b7ab75eb2e24f549d5644978204121de7' AND file:hashes.SHA256 = 'facd400eb4530f6c0357c1115c3275e7feefdb982df96f13ffec62f56b95ccb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fae2cb08-fb69-48cb-aac2-7b3250b62ad5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:02.000Z", "modified": "2018-10-13T14:07:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:51:07", "category": "Other", "uuid": "f26c704d-2e4d-49d5-ab2c-827ddefd7ab9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/facd400eb4530f6c0357c1115c3275e7feefdb982df96f13ffec62f56b95ccb2/analysis/1539201067/", "category": "External analysis", "uuid": "d781c68e-13f5-410e-a9e6-5c0f4025c3bd" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/66", "category": "Other", "uuid": "81bce785-0648-4b01-a90d-b1da2db4ee1b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25010369-b434-4849-9096-aa17cced6ad8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:07.000Z", "modified": "2018-10-13T14:07:07.000Z", "pattern": "[file:hashes.MD5 = '40a2d604c3a8ce1c9cb2d5805dffeeff' AND file:hashes.SHA1 = '906bc19ee0da16c8a42ba35273daad43d9594244' AND file:hashes.SHA256 = '0dd11e77562e51de1c12c1d7edf9c34c115f79f13cdc8d2a4743f41515d069f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:07:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--40df6dc6-4008-4511-8942-c68ae7c4c439", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:12.000Z", "modified": "2018-10-13T14:07:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:55", "category": "Other", "uuid": "2864139b-e5ec-49da-bf02-56af3c11c036" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0dd11e77562e51de1c12c1d7edf9c34c115f79f13cdc8d2a4743f41515d069f1/analysis/1539299395/", "category": "External analysis", "uuid": "154bb634-7286-4fa1-a24b-967d2b6efaae" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Other", "uuid": "79fc1da8-6b12-4be0-aaf7-2c3eeb2164e3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0067c21-5a51-48ee-b5a0-748e94e698f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:16.000Z", "modified": "2018-10-13T14:07:16.000Z", "pattern": "[file:hashes.MD5 = '81626d40c133a71a41e8b778835276ec' AND file:hashes.SHA1 = '10769389d0be6e8e9e467504943fc3a56771ba6c' AND file:hashes.SHA256 = '111b67b802426c2e94e933761cbb6168a6730c99849244e518d11e1474218088']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1cd76294-1677-4dab-983a-e33422ac6c06", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:19.000Z", "modified": "2018-10-13T14:07:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:48:43", "category": "Other", "uuid": "f4bec90d-5440-4ca3-b48d-3a8c1949a3f1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/111b67b802426c2e94e933761cbb6168a6730c99849244e518d11e1474218088/analysis/1539200923/", "category": "External analysis", "uuid": "112c1a14-4928-4600-bd21-0076f0f81a23" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/66", "category": "Other", "uuid": "995cb373-468e-4332-9a19-ad51b6806ae5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3a47367c-5962-4e07-99ce-54f4aedb0c99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:24.000Z", "modified": "2018-10-13T14:07:24.000Z", "pattern": "[file:hashes.MD5 = 'c5af923eb0f8e5d68df3fbed7710bd7d' AND file:hashes.SHA1 = 'aaa8a35f800723049ad3152c8e424b73b53cd1b2' AND file:hashes.SHA256 = '57cfd2da86195b4d5636579aba6c61fa7fc9d0646ea6fe7cb4752ddbc789428a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:07:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b819962d-72fd-40c0-8e97-9404acfe53f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:23.000Z", "modified": "2018-10-13T14:07:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:50:41", "category": "Other", "uuid": "9384c75b-1c52-4a10-820f-77b5823fb752" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/57cfd2da86195b4d5636579aba6c61fa7fc9d0646ea6fe7cb4752ddbc789428a/analysis/1539201041/", "category": "External analysis", "uuid": "e6e935e8-2a7f-4da2-ac3f-0d85f6e50bbe" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/65", "category": "Other", "uuid": "581d5bc9-5c7f-46a4-bd99-0b952b7b959f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--666f7de1-d07f-4338-9e36-f8682d20937f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:27.000Z", "modified": "2018-10-13T14:07:27.000Z", "pattern": "[file:hashes.MD5 = 'acfadcf7242b6d20d76d925b8c15faeb' AND file:hashes.SHA1 = 'c79bd776456954a99e24055df865220411b17b45' AND file:hashes.SHA256 = '20f4445b40dc0cd1830dee6031a7342284e51dc4c399d331507b28f74ba0727b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:07:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7470f298-272d-4997-a3a9-1e2caf089fc5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:36.000Z", "modified": "2018-10-13T14:07:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:50:34", "category": "Other", "uuid": "afe162b4-23f1-4d34-9793-d90b6039ea95" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/20f4445b40dc0cd1830dee6031a7342284e51dc4c399d331507b28f74ba0727b/analysis/1539201034/", "category": "External analysis", "uuid": "667b4076-591f-4751-a5fe-13ffd46e92ae" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/64", "category": "Other", "uuid": "e20cc45d-478b-4470-9c7a-e939e1ba376c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02083d52-09a4-472a-be1a-72f5de96c4e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:51.000Z", "modified": "2018-10-13T14:07:51.000Z", "pattern": "[file:hashes.MD5 = 'a77b86e1a57a73c050b2743673ea9d26' AND file:hashes.SHA1 = 'bab0bbd9defa41609c6b1c93d7708c183d989cde' AND file:hashes.SHA256 = '5b7f1708092a1fecf4ad1dc22cccca62c1648361f805762c465f12b9501e485c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--585149aa-ac1e-4772-9f75-63454f6f03a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:07:57.000Z", "modified": "2018-10-13T14:07:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:50:43", "category": "Other", "uuid": "e41786c8-fe8a-495e-8bf9-7839e0bc2504" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b7f1708092a1fecf4ad1dc22cccca62c1648361f805762c465f12b9501e485c/analysis/1539201043/", "category": "External analysis", "uuid": "100df01b-3140-494c-af65-5e86b32060a0" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/61", "category": "Other", "uuid": "a8bb3d07-cdba-491f-a77b-16b1425d6b07" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8f18793b-7d4f-4118-85a8-c3c232c332f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:02.000Z", "modified": "2018-10-13T14:08:02.000Z", "pattern": "[file:hashes.MD5 = '082f08ccb4fd970e35c464d5ceaeb455' AND file:hashes.SHA1 = 'a80c4522e98fa2a58a23770daf35f0f547efd373' AND file:hashes.SHA256 = 'ad7b21f9c14c49ea28f7e98a8e3b44973446342537d9817ec91c13681bae0023']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ca08f8bc-3f96-451e-8edf-f68d01cbf731", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:06.000Z", "modified": "2018-10-13T14:08:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:50:52", "category": "Other", "uuid": "dbfb4031-15b9-4215-98fd-68d03c9d6626" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ad7b21f9c14c49ea28f7e98a8e3b44973446342537d9817ec91c13681bae0023/analysis/1539201052/", "category": "External analysis", "uuid": "4446df3f-54b5-4807-89e1-62441ce6a980" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Other", "uuid": "89069af8-3890-4036-a068-717ff2259273" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1add812c-a522-4b1b-abd9-4c5cae1ab7bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:13.000Z", "modified": "2018-10-13T14:08:13.000Z", "pattern": "[file:hashes.MD5 = 'f400b12a3800265ace7e580659e84270' AND file:hashes.SHA1 = 'a57560605fb72ff836c8285d602cbf0e4ed0f6fb' AND file:hashes.SHA256 = '6030ce3acf4dd0729b30795b23a4dc9983a9363e5bf6b1e7dc82ef4ccaef7754']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--75f83f9e-61ba-4d6d-8b35-5b676b67cc83", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:15.000Z", "modified": "2018-10-13T14:08:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "48867a5e-c2d8-4275-ac30-be4574d95608" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6030ce3acf4dd0729b30795b23a4dc9983a9363e5bf6b1e7dc82ef4ccaef7754/analysis/1539299397/", "category": "External analysis", "uuid": "6d459638-e9d4-4ab6-a3aa-3d1b830cf65a" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Other", "uuid": "06167c6c-1212-476e-bbca-21ccd40d1aa8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0137dda2-1337-46d6-94a9-62767e660212", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:28.000Z", "modified": "2018-10-13T14:08:28.000Z", "pattern": "[file:hashes.MD5 = '3cff30d736cd0b56d8446822e5dabc7d' AND file:hashes.SHA1 = '0d4673f2bc135d8c3bf7f4120c11d08a8d16d5d1' AND file:hashes.SHA256 = 'fbc8126a3bc0746e57dbd4ae29c64006b79825243e47659e0ff57b5b27641123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d9e567e6-749d-48d9-8d4c-5cc3940925ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:31.000Z", "modified": "2018-10-13T14:08:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:58", "category": "Other", "uuid": "0fec3826-9cc1-485d-a31d-c3afa53a5013" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fbc8126a3bc0746e57dbd4ae29c64006b79825243e47659e0ff57b5b27641123/analysis/1539299398/", "category": "External analysis", "uuid": "b3ba6e1d-71d6-4e20-af91-ea7b789bdb7b" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Other", "uuid": "13c01330-4c74-4ace-9f9c-74fa1994b7f5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ccbdf26b-9daa-4595-8bd3-f5936c78077b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:42.000Z", "modified": "2018-10-13T14:08:42.000Z", "pattern": "[file:hashes.MD5 = '19ddcfd98967e6a3a10582a4a209c515' AND file:hashes.SHA1 = 'cc67c07510c723dc09dca11812aa51a0971cdf6b' AND file:hashes.SHA256 = '85d8829d7795af046e238d9981592f96ad49dcb2ccb9e5c6bb938bc04b1e8552']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--283c947e-0fbc-4c5d-90a5-c0920818017b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:40.000Z", "modified": "2018-10-13T14:08:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "895f9f60-27f4-4fb6-8f20-a894b2006c22" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/85d8829d7795af046e238d9981592f96ad49dcb2ccb9e5c6bb938bc04b1e8552/analysis/1539299397/", "category": "External analysis", "uuid": "86a37c01-a933-4d58-a1e2-3e9bb372c76e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/66", "category": "Other", "uuid": "70079626-0a2b-474a-a263-7717a2da6049" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--716c54d2-9fe7-4298-a41e-e0f7039e6597", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:45.000Z", "modified": "2018-10-13T14:08:45.000Z", "pattern": "[file:hashes.MD5 = '18b4073e0e8bdcc09ebc229515f5b461' AND file:hashes.SHA1 = '124b49bf714b1798078df4c1bc01a5f93072d8d9' AND file:hashes.SHA256 = '45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--946d0c35-380c-4096-85d9-51bb3c2a270a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:43.000Z", "modified": "2018-10-13T14:08:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:50:40", "category": "Other", "uuid": "e78311d2-13ec-4954-974f-3e8d662133e3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74/analysis/1539201040/", "category": "External analysis", "uuid": "eea67725-327d-4416-ac2d-4d0ba4b84f65" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/67", "category": "Other", "uuid": "c6f411be-39c4-49d4-8cd7-e436fead05f1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79357d15-935b-4c65-8ebd-e833a37e392e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:47.000Z", "modified": "2018-10-13T14:08:47.000Z", "pattern": "[file:hashes.MD5 = '52e8875c385d79952237078c756158f3' AND file:hashes.SHA1 = 'd52fa033aa3e52bdda221a52c96d90cbf8b7d030' AND file:hashes.SHA256 = 'ceb3cc460681d1274113d2a983b143049c139261d03552356c0f95f8c140b669']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2e92239b-9952-4018-bf23-8677faf45b20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:46.000Z", "modified": "2018-10-13T14:08:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "e3aa964a-0337-4100-b496-faef1f7ed224" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ceb3cc460681d1274113d2a983b143049c139261d03552356c0f95f8c140b669/analysis/1539299397/", "category": "External analysis", "uuid": "3e94bd7f-c88e-4afa-a247-e110d0b54eae" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/67", "category": "Other", "uuid": "d7416bc3-a8fc-492e-b57c-b25758c13c23" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ceadd5c-78e1-4d36-bc76-90cdda36183b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:50.000Z", "modified": "2018-10-13T14:08:50.000Z", "pattern": "[file:hashes.MD5 = 'daed686ded4f8eaa14c9bce8883e9c46' AND file:hashes.SHA1 = '489c691cbab6d632294704d6f293baa99c146532' AND file:hashes.SHA256 = '333aff311b07c5cbedfb618ff902b0dd663c0ba50b2dc8a2a590e9409cb9bc3c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:08:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--112a8c20-ac6e-4d67-89c5-2465589397a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:08:54.000Z", "modified": "2018-10-13T14:08:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-12T04:12:30", "category": "Other", "uuid": "f5f098d4-6ef1-4bb2-b650-16fc06d67d9a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/333aff311b07c5cbedfb618ff902b0dd663c0ba50b2dc8a2a590e9409cb9bc3c/analysis/1539317550/", "category": "External analysis", "uuid": "dff070b5-1f33-45ea-ac8c-608232f3702e" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/67", "category": "Other", "uuid": "ccf371d5-0912-462c-9992-5f6eddf71a32" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e79a1f3b-7093-418a-ae2b-beb6167055ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:04.000Z", "modified": "2018-10-13T14:09:04.000Z", "pattern": "[file:hashes.MD5 = 'fa6947f297d5b3c1fe312b23cac3ff89' AND file:hashes.SHA1 = 'ba61d554d72f662042b39c6c60aca00e2d693910' AND file:hashes.SHA256 = '200dd176eccfe11a3456193bf1fe7d46d23408834e172991b883d59aa59ce259']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--62173e48-3eae-4a9b-acb6-3fd28147d243", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:06.000Z", "modified": "2018-10-13T14:09:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:50:32", "category": "Other", "uuid": "7ef742bc-55ee-446f-9531-2c5a728f54e0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/200dd176eccfe11a3456193bf1fe7d46d23408834e172991b883d59aa59ce259/analysis/1539201032/", "category": "External analysis", "uuid": "cf49e46e-2850-4a71-9375-11ed91480111" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/68", "category": "Other", "uuid": "8f31d3ee-fd8c-4f2a-9043-be44d4dd736c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c68ce55d-fac2-4f4f-8c1f-05a081a07427", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:12.000Z", "modified": "2018-10-13T14:09:12.000Z", "pattern": "[file:hashes.MD5 = '4491677af1f35674a7416ade001629cb' AND file:hashes.SHA1 = 'c5ed39dc6e49c1265b889b6ab7bfe613f7e9fc67' AND file:hashes.SHA256 = '5cde033fd3d5e1f4750034e262f7e913a26231dcd2d658581557387c1fa7306b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ffcdf8c5-d42e-42a3-b1b6-17a36bd68c4b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:18.000Z", "modified": "2018-10-13T14:09:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:56", "category": "Other", "uuid": "27bba491-ccb1-4dba-a572-25610c957371" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5cde033fd3d5e1f4750034e262f7e913a26231dcd2d658581557387c1fa7306b/analysis/1539299396/", "category": "External analysis", "uuid": "09e15795-79a5-437f-9cc4-d1b1da670c6a" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/67", "category": "Other", "uuid": "298e91eb-36d3-448e-89c2-7ef8d5cb9f5c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf5169d7-134c-41c0-992a-9aaafd89fa7e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:28.000Z", "modified": "2018-10-13T14:09:28.000Z", "pattern": "[file:hashes.MD5 = '3a32abf68aa974e40a2dac95aaf775a3' AND file:hashes.SHA1 = 'e582e840fb6a762bdc7055b330facb8243812c0e' AND file:hashes.SHA256 = '3dd50e3c6f108c9e7289e797127527b7e5321f360893fc1fcc41b19b06dd65bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f7bbedb7-2b40-487f-9fe0-36bb03719010", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:29.000Z", "modified": "2018-10-13T14:09:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:56", "category": "Other", "uuid": "7ef666a3-cf69-4084-816a-446eec43f014" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3dd50e3c6f108c9e7289e797127527b7e5321f360893fc1fcc41b19b06dd65bf/analysis/1539299396/", "category": "External analysis", "uuid": "ade75448-54ce-4b3b-869d-126d53e183d4" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/68", "category": "Other", "uuid": "b0dbed5a-a7c1-4400-8b8e-34a97cb484a5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2e795f9-03f0-4374-a361-4283add548d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:34.000Z", "modified": "2018-10-13T14:09:34.000Z", "pattern": "[file:hashes.MD5 = '2d489b55e3696e18ffb5cd10dd12cf98' AND file:hashes.SHA1 = '63e2189bd4f5735cda2f69310dc4f27fa2bc3706' AND file:hashes.SHA256 = 'c83d21ddcc75d410a3f40b9c869e7c75861240077be7a174f6d2b574bf6bc2c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6382b419-dfcb-4147-8617-968cbce89878", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:33.000Z", "modified": "2018-10-13T14:09:33.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:56", "category": "Other", "uuid": "66d8797c-695f-406d-bb1c-0f73c1a67303" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c83d21ddcc75d410a3f40b9c869e7c75861240077be7a174f6d2b574bf6bc2c0/analysis/1539299396/", "category": "External analysis", "uuid": "456e02c7-33e9-409b-8ef7-43b47d8783a1" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Other", "uuid": "1a678750-4cea-43ca-b709-3efbf328e225" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2232c998-99a2-4d0a-99ef-191ae7aa0b4b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:37.000Z", "modified": "2018-10-13T14:09:37.000Z", "pattern": "[file:hashes.MD5 = 'c52d9c2548df0003134e564228d72c99' AND file:hashes.SHA1 = '17c0e2df86e51365dcb2a6b21452fa8a29293439' AND file:hashes.SHA256 = '8327163cf9c9dc8c4680ad6adccf10aaf4458f75c4db045e7e3608081ce6fae1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d6bfda7d-fce7-419d-83ca-dd6e334fd72f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:36.000Z", "modified": "2018-10-13T14:09:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "e344d5cf-f4a9-4e8e-b4fa-6ed184cd7a18" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8327163cf9c9dc8c4680ad6adccf10aaf4458f75c4db045e7e3608081ce6fae1/analysis/1539299397/", "category": "External analysis", "uuid": "80479bc2-da48-443d-bffb-0eef136cf8f0" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/67", "category": "Other", "uuid": "2a87106f-2f9a-430d-9465-bf5258a39e13" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6c3d7c3-e3ad-4947-ac6b-637f3393e1eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:40.000Z", "modified": "2018-10-13T14:09:40.000Z", "pattern": "[file:hashes.MD5 = 'ea4068c0ba61ff9c1b0ddc4b99a02b80' AND file:hashes.SHA1 = '05efe6a7ddcbe038bc7dc63ccf804ac3710d1e32' AND file:hashes.SHA256 = '997a9a38aae2be74659296df901aed09ef5adb671ee682605dd999243f9e9983']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--06f90ed1-6d51-48d0-992e-649b609b0196", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:42.000Z", "modified": "2018-10-13T14:09:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:54", "category": "Other", "uuid": "ff218d3f-f076-4edc-bb6b-85d8bcca2fce" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/997a9a38aae2be74659296df901aed09ef5adb671ee682605dd999243f9e9983/analysis/1539299394/", "category": "External analysis", "uuid": "33cb5154-9f53-4144-b333-a6c40841007b" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Other", "uuid": "2a7e1815-8e1c-4a7b-81fb-52f822520382" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6f11d27a-6534-48c5-b854-c49cf5a591c5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:09:58.000Z", "modified": "2018-10-13T14:09:58.000Z", "pattern": "[file:hashes.MD5 = '4a4d8fb51d6cd0573976638d6af62a57' AND file:hashes.SHA1 = 'f0fd515edc242b603a8cb89507b84336c6cbc07e' AND file:hashes.SHA256 = 'c93f049bfd7e1e5b9fafb04100cacc156fe76d69d4cc0a1df27d29b057371e05']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:09:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d395d4d7-2cab-49ce-9da3-b61c070cd153", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:00.000Z", "modified": "2018-10-13T14:10:00.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "3dc1bad4-1d09-4fe3-af1e-4228e16bd05f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c93f049bfd7e1e5b9fafb04100cacc156fe76d69d4cc0a1df27d29b057371e05/analysis/1539299397/", "category": "External analysis", "uuid": "8ea8215f-2cee-400a-82af-3f50b1e073e5" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Other", "uuid": "6ef08405-1cb3-4539-b8c8-fabac565de41" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbeb7670-7016-4cbf-9be7-914d985ff8ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:06.000Z", "modified": "2018-10-13T14:10:06.000Z", "pattern": "[file:hashes.MD5 = 'c78bf8ed0768f2abe150e5c84c901dd1' AND file:hashes.SHA1 = 'ee13b91cd664fbfd126e9ac9308b74c99eb5ca38' AND file:hashes.SHA256 = 'e187df28541a1296d10a6ac2ff7ed5a52ce7577fcc8bc3811af3238af0e5e991']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:10:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f7dc33bd-ea3b-4c04-b5a4-aceae14bac9c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:17.000Z", "modified": "2018-10-13T14:10:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "1ebb8ae8-6244-4aa4-917c-abce2a846aa1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e187df28541a1296d10a6ac2ff7ed5a52ce7577fcc8bc3811af3238af0e5e991/analysis/1539299397/", "category": "External analysis", "uuid": "7784707b-184f-4034-b6ad-313355bdc558" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/67", "category": "Other", "uuid": "bf269748-076c-4f07-9e40-631f9d0d8558" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--502df54a-3b51-4e3b-a3f3-508ea91deb34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:27.000Z", "modified": "2018-10-13T14:10:27.000Z", "pattern": "[file:hashes.MD5 = '74268217ff89509b01293ee56572c3f8' AND file:hashes.SHA1 = 'f14cc8410a7c68147fa779257b77bd7364ca1bd0' AND file:hashes.SHA256 = '088e2de6e3cf283f6b7cb518655adb32f1de8a0d14eff9e8a10aa16d1420cc4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:10:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c6bbf84f-cece-45dc-8d30-22a739c1d362", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:25.000Z", "modified": "2018-10-13T14:10:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:54", "category": "Other", "uuid": "3e26f56c-e65e-45ab-8a79-87ad11ee70d5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/088e2de6e3cf283f6b7cb518655adb32f1de8a0d14eff9e8a10aa16d1420cc4b/analysis/1539299394/", "category": "External analysis", "uuid": "d0607b95-3ecb-440f-9fc5-9022db5ed48f" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/67", "category": "Other", "uuid": "3c931b90-9049-4664-a587-c782a3063087" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--416533e3-49d9-4093-b383-5cda3ee03931", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:33.000Z", "modified": "2018-10-13T14:10:33.000Z", "pattern": "[file:hashes.MD5 = '7814e3aa2cc45678d51cd3d49064070c' AND file:hashes.SHA1 = 'f9062546b86c0141b20faf701cf2c90a96da355a' AND file:hashes.SHA256 = 'bc394ca7b7db058dab18ad8f612fe99c734006f034945b1336682e4728a4e932']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:10:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--42f142f7-3e65-49ba-91d4-3d3cc8e107b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:31.000Z", "modified": "2018-10-13T14:10:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:56", "category": "Other", "uuid": "5ad36a77-aa75-4c58-b89a-66e4b673b09e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bc394ca7b7db058dab18ad8f612fe99c734006f034945b1336682e4728a4e932/analysis/1539299396/", "category": "External analysis", "uuid": "241a1902-6d21-48b6-b417-ae614706cf6d" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Other", "uuid": "f751ddea-99af-48a3-946f-227a0ad93d30" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--029e31e7-5057-4cad-a5e2-d185983c98f5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:48.000Z", "modified": "2018-10-13T14:10:48.000Z", "pattern": "[file:hashes.MD5 = '7fd9f29628c0cdb54963b49615045f9b' AND file:hashes.SHA1 = 'c2b8eea32554f7562f024a074d902bc8dfda7b9c' AND file:hashes.SHA256 = '8a26412234ec7cb43b07bae7e9910eb0f7eb807cf8581abed56aafaf514ac4a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:10:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ed94cf78-fbf6-46d4-8474-9ebd1f00d3da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:52.000Z", "modified": "2018-10-13T14:10:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "c51e9efc-4c46-4ef3-bcb4-f1e5b8f56b2e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8a26412234ec7cb43b07bae7e9910eb0f7eb807cf8581abed56aafaf514ac4a2/analysis/1539299397/", "category": "External analysis", "uuid": "f4a328a4-c4d0-46ca-9fdf-5fc6150dd9b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/66", "category": "Other", "uuid": "17dc1951-de9f-4dce-bbf1-2a9da0c8a591" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--857206fa-64e6-4cc7-9a8f-cc1bea9d7bec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:10:58.000Z", "modified": "2018-10-13T14:10:58.000Z", "pattern": "[file:hashes.MD5 = '5adbfc0f8654bb458438b3f614ca9e37' AND file:hashes.SHA1 = '1a99cb666cccb67e4537856e083773576ec29e1d' AND file:hashes.SHA256 = '2527c9eb597bd85c4ca2e7a6550cc7480dbb3129dd3d6033e66e82b0988ee061']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:10:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9983f130-96c0-4d6d-9cea-88961a5c4203", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:07.000Z", "modified": "2018-10-13T14:11:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:55", "category": "Other", "uuid": "f52a4ba2-7547-4754-b87b-1ea6de38da82" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2527c9eb597bd85c4ca2e7a6550cc7480dbb3129dd3d6033e66e82b0988ee061/analysis/1539299395/", "category": "External analysis", "uuid": "498516f9-f664-42c8-8f27-8e4d672dd5c1" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/68", "category": "Other", "uuid": "42933515-d00a-43d3-94bc-7e4970f31b10" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13866788-eb30-4b88-ab83-ab1e4b94573a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:19.000Z", "modified": "2018-10-13T14:11:19.000Z", "pattern": "[file:hashes.MD5 = '44f357b0809495b8159398c50b9ab9a2' AND file:hashes.SHA1 = 'b7bff24611e45e4a97c3c0dc7cac43f06cb7049a' AND file:hashes.SHA256 = 'b6708bb21911fe143fdc33a57993db91be7f90ebacc0eac302019b2d12a763e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:11:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f0b4db0a-9c42-42a2-8388-8690e37e2d9a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:18.000Z", "modified": "2018-10-13T14:11:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:56", "category": "Other", "uuid": "deab84da-dbd6-4b9c-8f41-89c44fa196be" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b6708bb21911fe143fdc33a57993db91be7f90ebacc0eac302019b2d12a763e3/analysis/1539299396/", "category": "External analysis", "uuid": "124fe893-275c-47d6-aaab-dc721bf56f09" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/68", "category": "Other", "uuid": "6cda3af9-6c23-4e34-809f-38604b48ebb9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--489c3c47-36a1-414b-b900-0285b2742f7e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:22.000Z", "modified": "2018-10-13T14:11:22.000Z", "pattern": "[file:hashes.MD5 = '3b78b983ed00cfa580c0b1c9beda4ca2' AND file:hashes.SHA1 = '5a88d73f54788cd3ffbc379e416be84bd536a4ca' AND file:hashes.SHA256 = 'cb050e95ce7cd9cdd444741c8bf80e913297565eebb7b8cb64b4f69407017944']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--81e3916e-a5f1-4d2c-98bd-c34f00b4c86e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:21.000Z", "modified": "2018-10-13T14:11:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:57", "category": "Other", "uuid": "b175eabc-1b4d-4489-8227-2b7370989fa6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cb050e95ce7cd9cdd444741c8bf80e913297565eebb7b8cb64b4f69407017944/analysis/1539299397/", "category": "External analysis", "uuid": "88466f8e-eb42-4638-98bd-db439458acea" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/66", "category": "Other", "uuid": "bba507eb-dc59-41b0-bd1f-4fd11fb38443" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7eeec90d-2d22-4d1f-9239-e8df266c78e8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:25.000Z", "modified": "2018-10-13T14:11:25.000Z", "pattern": "[file:hashes.MD5 = '93357178a260a6c26fa676298b10fba1' AND file:hashes.SHA1 = 'b9387f872b86a319dfe47e6306775bc6ea21c403' AND file:hashes.SHA256 = 'dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:11:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--66268f88-4020-445c-8d0b-fe9da7666eef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:28.000Z", "modified": "2018-10-13T14:11:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-10T19:51:02", "category": "Other", "uuid": "2141d890-0cd0-469e-a2fb-44e629a4d4cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0/analysis/1539201062/", "category": "External analysis", "uuid": "5e59ba75-e0b8-4272-a3e8-541839ad21b8" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/66", "category": "Other", "uuid": "162e4475-0b5d-47ba-abfa-7b8bc340fb5e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a94eb647-88bc-4f7d-8269-ee9c549a8234", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "pattern": "[file:hashes.MD5 = '41df48366d694c386221a798ed0068e0' AND file:hashes.SHA1 = 'f5f1bbe4878423183786daf7c7c196cdd2ab6ed1' AND file:hashes.SHA256 = 'b1ebf3d44d496ee574831266474b10b55c06e30aea56d41ac8830ba2b28f7a0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-13T14:11:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f6cf1551-0bc9-44c0-a9ec-35748471737a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-13T14:11:42.000Z", "modified": "2018-10-13T14:11:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-11T23:09:55", "category": "Other", "uuid": "9086cdfb-b63f-453e-8429-1d2e5fec40d6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b1ebf3d44d496ee574831266474b10b55c06e30aea56d41ac8830ba2b28f7a0f/analysis/1539299395/", "category": "External analysis", "uuid": "81054c1a-c132-4376-82a0-95d1d97a0136" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/68", "category": "Other", "uuid": "d52b78a0-8c0e-4b20-b480-e2399361290f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--108cb7f4-1be7-4c27-a365-0a1b88f2af3c", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f0ecd20c-c324-4552-b22e-2254d13c0d70", "target_ref": "x-misp-object--6c4edc48-764b-446e-bd3a-e08d58c5f414" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--98b61688-0eef-44bc-bc4c-fae9895bcaa7", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dc3b0ca2-7e14-41d8-8c34-022baaa305da", "target_ref": "x-misp-object--fae2cb08-fb69-48cb-aac2-7b3250b62ad5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--95e04edf-a665-4b00-b662-a3c8f8727034", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--25010369-b434-4849-9096-aa17cced6ad8", "target_ref": "x-misp-object--40df6dc6-4008-4511-8942-c68ae7c4c439" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c9933aa3-8173-4f26-b025-def50999bdbe", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f0067c21-5a51-48ee-b5a0-748e94e698f5", "target_ref": "x-misp-object--1cd76294-1677-4dab-983a-e33422ac6c06" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cc5e3994-5834-4131-a9c1-138e78a0fe0d", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3a47367c-5962-4e07-99ce-54f4aedb0c99", "target_ref": "x-misp-object--b819962d-72fd-40c0-8e97-9404acfe53f6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--85a3e6bf-e0a4-4294-b66f-e741a332dc06", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--666f7de1-d07f-4338-9e36-f8682d20937f", "target_ref": "x-misp-object--7470f298-272d-4997-a3a9-1e2caf089fc5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--639b46f3-8d36-40b7-aa3c-41d230d7a646", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--02083d52-09a4-472a-be1a-72f5de96c4e1", "target_ref": "x-misp-object--585149aa-ac1e-4772-9f75-63454f6f03a4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c6e45511-eb31-467f-8a2d-5686f924fbd7", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8f18793b-7d4f-4118-85a8-c3c232c332f9", "target_ref": "x-misp-object--ca08f8bc-3f96-451e-8edf-f68d01cbf731" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--795738c0-94ad-47de-9c5a-43687986531c", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1add812c-a522-4b1b-abd9-4c5cae1ab7bc", "target_ref": "x-misp-object--75f83f9e-61ba-4d6d-8b35-5b676b67cc83" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--36e80774-9c4b-4945-a495-e855e47656a2", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0137dda2-1337-46d6-94a9-62767e660212", "target_ref": "x-misp-object--d9e567e6-749d-48d9-8d4c-5cc3940925ea" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e4314409-3cd6-4de7-ac11-a734b48fa8c7", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ccbdf26b-9daa-4595-8bd3-f5936c78077b", "target_ref": "x-misp-object--283c947e-0fbc-4c5d-90a5-c0920818017b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87eb3e00-1998-4362-b500-62576479bb53", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--716c54d2-9fe7-4298-a41e-e0f7039e6597", "target_ref": "x-misp-object--946d0c35-380c-4096-85d9-51bb3c2a270a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32d42a89-2e87-4129-9dc9-b241b3bf17e7", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--79357d15-935b-4c65-8ebd-e833a37e392e", "target_ref": "x-misp-object--2e92239b-9952-4018-bf23-8677faf45b20" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--19b2a729-0927-4713-9afe-0692b5914db3", "created": "2018-10-13T14:11:43.000Z", "modified": "2018-10-13T14:11:43.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8ceadd5c-78e1-4d36-bc76-90cdda36183b", "target_ref": "x-misp-object--112a8c20-ac6e-4d67-89c5-2465589397a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6ca9fccf-8bdb-4a0b-9676-4d420388ca66", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e79a1f3b-7093-418a-ae2b-beb6167055ff", "target_ref": "x-misp-object--62173e48-3eae-4a9b-acb6-3fd28147d243" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8614ac37-0224-4e07-b728-8bbc725e0bc9", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c68ce55d-fac2-4f4f-8c1f-05a081a07427", "target_ref": "x-misp-object--ffcdf8c5-d42e-42a3-b1b6-17a36bd68c4b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1f0d1194-d5a2-40ad-8c58-1ed951509d94", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cf5169d7-134c-41c0-992a-9aaafd89fa7e", "target_ref": "x-misp-object--f7bbedb7-2b40-487f-9fe0-36bb03719010" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--22d8eea4-f70a-4662-b20e-f0f880e3399d", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a2e795f9-03f0-4374-a361-4283add548d9", "target_ref": "x-misp-object--6382b419-dfcb-4147-8617-968cbce89878" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--94133cba-b97a-4b4b-be76-f56bd8f08e38", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2232c998-99a2-4d0a-99ef-191ae7aa0b4b", "target_ref": "x-misp-object--d6bfda7d-fce7-419d-83ca-dd6e334fd72f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--180c065a-a138-4272-85e7-28d4a1d7cc10", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c6c3d7c3-e3ad-4947-ac6b-637f3393e1eb", "target_ref": "x-misp-object--06f90ed1-6d51-48d0-992e-649b609b0196" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d99d348f-57e3-46c9-9099-6c2a6dcf10cd", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6f11d27a-6534-48c5-b854-c49cf5a591c5", "target_ref": "x-misp-object--d395d4d7-2cab-49ce-9da3-b61c070cd153" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f4eb40b9-cc8f-4cf1-b08e-961b94428780", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fbeb7670-7016-4cbf-9be7-914d985ff8ec", "target_ref": "x-misp-object--f7dc33bd-ea3b-4c04-b5a4-aceae14bac9c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d62fb844-35c8-4917-93f7-f43a47df01ba", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--502df54a-3b51-4e3b-a3f3-508ea91deb34", "target_ref": "x-misp-object--c6bbf84f-cece-45dc-8d30-22a739c1d362" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0fcb943a-b752-4bde-a58d-7a3bc3586696", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--416533e3-49d9-4093-b383-5cda3ee03931", "target_ref": "x-misp-object--42f142f7-3e65-49ba-91d4-3d3cc8e107b7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--084c8d42-1a8d-4e7f-8b6c-9ec17ad7a8a2", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--029e31e7-5057-4cad-a5e2-d185983c98f5", "target_ref": "x-misp-object--ed94cf78-fbf6-46d4-8474-9ebd1f00d3da" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf0c91e4-829e-484d-85e5-4f39d7747202", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--857206fa-64e6-4cc7-9a8f-cc1bea9d7bec", "target_ref": "x-misp-object--9983f130-96c0-4d6d-9cea-88961a5c4203" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b12e46f0-9974-4f5e-adbe-5293625f4166", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--13866788-eb30-4b88-ab83-ab1e4b94573a", "target_ref": "x-misp-object--f0b4db0a-9c42-42a2-8388-8690e37e2d9a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--31499035-b186-478b-ad5f-94dfc6acd41d", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--489c3c47-36a1-414b-b900-0285b2742f7e", "target_ref": "x-misp-object--81e3916e-a5f1-4d2c-98bd-c34f00b4c86e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d008c942-f427-49be-91ce-e6bcd2767b8d", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7eeec90d-2d22-4d1f-9239-e8df266c78e8", "target_ref": "x-misp-object--66268f88-4020-445c-8d0b-fe9da7666eef" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dde0c001-df2e-45e8-9644-e45e68461659", "created": "2018-10-13T14:11:44.000Z", "modified": "2018-10-13T14:11:44.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a94eb647-88bc-4f7d-8269-ee9c549a8234", "target_ref": "x-misp-object--f6cf1551-0bc9-44c0-a9ec-35748471737a" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }