{ "type": "bundle", "id": "bundle--5b325da8-0434-48ad-8b27-48de950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:28:06.000Z", "modified": "2018-07-03T09:28:06.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b325da8-0434-48ad-8b27-48de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:28:06.000Z", "modified": "2018-07-03T09:28:06.000Z", "name": "OSINT - RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families", "published": "2018-07-03T09:28:49Z", "object_refs": [ "x-misp-attribute--5b325dc2-90c0-4944-9e86-4072950d210f", "observed-data--5b325dd5-5a74-419b-bc1a-41d7950d210f", "url--5b325dd5-5a74-419b-bc1a-41d7950d210f", "indicator--5b3344db-0f88-4bec-b454-422a950d210f", "indicator--5b3344dc-bedc-4624-8b60-4f7b950d210f", "indicator--5b334872-9e80-4ce8-80c8-49df950d210f", "observed-data--5b334b13-a7cc-48de-9517-4db9950d210f", "mutex--5b334b13-a7cc-48de-9517-4db9950d210f", "observed-data--5b334b5e-3568-42d1-98f3-4f63950d210f", "mutex--5b334b5e-3568-42d1-98f3-4f63950d210f", "indicator--5b33515d-58b4-42bd-9440-4d80950d210f", "indicator--5b33515e-eef0-41af-82e3-4542950d210f", "indicator--5b33515f-86a4-4d15-81eb-4878950d210f", "indicator--5b33515f-a7e4-455a-83e1-41af950d210f", "indicator--5b335160-6560-4bbf-b10a-47c9950d210f", "indicator--5b3353b3-0db4-4cbf-a6a8-4578950d210f", "indicator--5b3353b4-8968-45b6-9874-4b21950d210f", "indicator--5b3353b5-a744-4a97-99f1-4219950d210f", "indicator--5b3353b5-c0b8-468f-b5b7-4156950d210f", "indicator--5b3353b6-6d70-4c7d-ad9e-40bc950d210f", "indicator--5b3353b6-ea54-49bb-8b4d-42bf950d210f", "indicator--5b3353b6-d9c4-4e9a-bfbf-41ad950d210f", "indicator--5b3353b7-7b08-4e4c-9806-4b78950d210f", "indicator--5b333f9d-538c-44ae-af71-405a950d210f", "indicator--5b333fcb-7060-4d26-8dc5-4970950d210f", "indicator--5b334422-f2f8-4b4e-8873-47b4950d210f", "indicator--5b3349f9-6a74-42cd-a80f-4c15950d210f", "indicator--5b335268-0f64-4354-a783-4b2d950d210f", "indicator--5b335279-2d7c-47dd-a880-40af950d210f", "indicator--5b3352a3-669c-429e-93c5-4079950d210f", "indicator--5b3352bb-b844-43d1-ad06-4b7f950d210f", "indicator--5b3352e8-2f2c-4dbd-9eff-457f950d210f", "indicator--5b3352f9-5c88-4d97-b859-4b93950d210f", "indicator--5b33530d-aa10-4f2b-b024-449f950d210f", "indicator--5b3354cd-2058-4b73-9df3-4133950d210f", "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f", "indicator--5b335b27-0e54-43fb-970a-4c73950d210f", "indicator--5b335c5b-9a8c-4f72-a350-4591950d210f", "indicator--5b338cf5-09c4-49a2-9488-6911950d210f", "indicator--5b338d23-d4e0-4283-b2a1-6911950d210f", "indicator--5b338d3d-b4a8-4b78-9ec1-6911950d210f", "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7", "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a", "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8", "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827", "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa", "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11", "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce", "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b", "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d", "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42", "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101", "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522", "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8", "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1", "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f", "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0", "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135", "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360", "indicator--5b3390c0-6268-40af-9ab0-68df950d210f", "indicator--5b3390d6-42fc-46d2-b142-6861950d210f", "indicator--5b3390e7-57f0-4f04-879a-4bb9950d210f", "indicator--5b3390f7-4030-4aa5-b421-3027950d210f", "indicator--5b339125-37a4-4213-bc65-4e4c950d210f", "indicator--5b33913d-8114-4770-a12b-68df950d210f", "indicator--5b339151-0254-4c6c-a8a6-44fb950d210f", "indicator--5b339163-3204-4054-bb53-4e3d950d210f", "indicator--5b339174-eafc-4de2-873a-da6b950d210f", "indicator--5b339189-bcf4-44cc-908a-6911950d210f", "indicator--5b33919b-c95c-4f0b-ac98-689c950d210f", "indicator--5b3391b7-53c8-4a3a-aceb-dee7950d210f", "indicator--5b3391c8-0bf4-4091-bff9-da6b950d210f", "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321", "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7", "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b", "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606", "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511", "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9", "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40", "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c", "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942", "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5", "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6", "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81", "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3", "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16", "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724", "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba", "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01", "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4", "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8", "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f", "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb", "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8", "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019", "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c", "relationship--44fdf83b-59eb-495b-a3f2-66dbd1a6195f", "relationship--3dd8b44d-d27d-438b-a887-163e98501cf9", "relationship--a394be21-14bb-410b-bb16-f51e6c0ce5c5", "relationship--4cba05be-f9ad-436c-a8c4-3fd25e2b1d22", "relationship--b02cc8be-d6c3-4a8c-8bc5-a75736c2a087", "relationship--3c17cfdd-869b-4d87-b494-9c00c880e3be", "relationship--a9e84b20-3385-4c37-9c28-df5ca5bc8bd2", "relationship--b7c9b7a0-78aa-4648-9839-e811d58c5cd5", "relationship--e22ab3ee-df42-4aa4-a7fd-706118e0184c", "relationship--cdf50762-ac61-4d7c-acf1-1fba7e8c072d", "relationship--39942ae0-4cf4-4780-9058-aac6e14280e3", "relationship--5a83b43b-f7a5-4755-8529-5fb486da3284", "relationship--f07976c9-b92f-4de6-bf55-30494409717f", "relationship--769a5720-3aa5-41bc-ba2b-40cafb37deec", "relationship--4a54d345-a680-4a05-8d0d-9086e6146fa0", "relationship--d7bde494-6d26-433a-93ad-ffd7e39fd258", "relationship--6616f422-48d6-4915-9173-031cb6c67d61", "relationship--25cafb2a-328f-42fb-95d3-c1dbda79371b", "relationship--f7d9f4ce-be42-42a2-9d0b-814f424f1ec4", "relationship--2ae825eb-fd10-428a-a0b5-3d7bc8ace3d7", "relationship--2469fb6f-48c1-4243-b1b9-6e841fbb4b80", "relationship--e44116a7-611f-4b81-b99c-d74b436befd0", "relationship--ddaf9543-1ff5-47bb-a009-74c16b1caa6f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"KHRAT\"", "misp-galaxy:rat=\"KhRAT\"", "circl:incident-classification=\"malware\"", "osint:source-type=\"blog-post\"", "misp-galaxy:threat-actor=\"RANCOR\"", "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5b325dc2-90c0-4944-9e86-4072950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T10:03:40.000Z", "modified": "2018-06-27T10:03:40.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Throughout 2017 and 2018 Unit 42 has been tracking and observing a series of highly targeted attacks focused in South East Asia, building on our research into the KHRAT Trojan. Based on the evidence, these attacks appear to be conducted by the same set of attackers using previously unknown malware families. In addition, these attacks appear to be highly targeted in their distribution of the malware used, as well as the targets chosen. Based on these factors, Unit 42 believes the attackers behind these attacks are conducting their campaigns for espionage purposes.\r\n\r\nWe believe this group is previously unidentified and therefore have we have dubbed it \u00e2\u20ac\u0153RANCOR\u00e2\u20ac\u009d. The Rancor group\u00e2\u20ac\u2122s attacks use two primary malware families which we describe in depth later in this blog and are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears to be new addition to these attackers\u00e2\u20ac\u2122 toolkit. Countries Unit 42 has identified as targeted by Rancor with these malware families include, but are not limited to:\r\n\r\n Singapore\r\n Cambodia\r\n\r\nWe identified decoy files which indicate these attacks began with spear phishing messages but have not observed the actual messages. These decoys contain details from public news articles focused primarily on political news and events. Based on this, we believe the Rancor attackers were targeting political entities. Additionally, these decoy documents are hosted on legitimate websites including a government website belonging to the Cambodia Government and in at least once case, Facebook.\r\n\r\nThe malware and infrastructure used in these attacks falls into two distinct clusters, which we are labeling A and B, that are linked through their use of the PLAINTEE malware and several \u00e2\u20ac\u0153softer\u00e2\u20ac\u009d linkages." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b325dd5-5a74-419b-bc1a-41d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T10:03:51.000Z", "modified": "2018-06-27T10:03:51.000Z", "first_observed": "2018-06-27T10:03:51Z", "last_observed": "2018-06-27T10:03:51Z", "number_observed": 1, "object_refs": [ "url--5b325dd5-5a74-419b-bc1a-41d7950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b325dd5-5a74-419b-bc1a-41d7950d210f", "value": "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3344db-0f88-4bec-b454-422a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:03:39.000Z", "modified": "2018-06-27T08:03:39.000Z", "description": "Loader", "pattern": "[domain-name:value = 'www.facebook-apps.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T08:03:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3344dc-bedc-4624-8b60-4f7b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:03:40.000Z", "modified": "2018-06-27T08:03:40.000Z", "description": "Loader", "pattern": "[domain-name:value = 'dlj40s.jdanief.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T08:03:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b334872-9e80-4ce8-80c8-49df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:18:58.000Z", "modified": "2018-06-27T08:18:58.000Z", "description": "Loader", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.46.222.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T08:18:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b334b13-a7cc-48de-9517-4db9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:30:11.000Z", "modified": "2018-06-27T08:30:11.000Z", "first_observed": "2018-06-27T08:30:11Z", "last_observed": "2018-06-27T08:30:11Z", "number_observed": 1, "object_refs": [ "mutex--5b334b13-a7cc-48de-9517-4db9950d210f" ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--5b334b13-a7cc-48de-9517-4db9950d210f", "name": "microsoftfuckedupb" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b334b5e-3568-42d1-98f3-4f63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:31:26.000Z", "modified": "2018-06-27T08:31:26.000Z", "first_observed": "2018-06-27T08:31:26Z", "last_observed": "2018-06-27T08:31:26Z", "number_observed": 1, "object_refs": [ "mutex--5b334b5e-3568-42d1-98f3-4f63950d210f" ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--5b334b5e-3568-42d1-98f3-4f63950d210f", "name": "Microsoftfuckedup" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33515d-58b4-42bd-9440-4d80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:57:01.000Z", "modified": "2018-06-27T08:57:01.000Z", "description": "PLAINTEE", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.247.6.253']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T08:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33515e-eef0-41af-82e3-4542950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:57:02.000Z", "modified": "2018-06-27T08:57:02.000Z", "description": "PLAINTEE", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.176.236']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T08:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33515f-86a4-4d15-81eb-4878950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:08:00.000Z", "modified": "2018-06-27T09:08:00.000Z", "description": "PLAINTEE - DDKONG", "pattern": "[domain-name:value = 'goole.authorizeddns.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:08:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33515f-a7e4-455a-83e1-41af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:08:20.000Z", "modified": "2018-06-27T09:08:20.000Z", "description": "PLAINTEE - DDKONG", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.189.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b335160-6560-4bbf-b10a-47c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T08:57:04.000Z", "modified": "2018-06-27T08:57:04.000Z", "description": "PLAINTEE", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.153.48.146']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T08:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b3-0db4-4cbf-a6a8-4578950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:07:48.000Z", "modified": "2018-06-27T09:07:48.000Z", "description": "DDKONG", "pattern": "[domain-name:value = 'microsoft.authorizeddns.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:07:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b4-8968-45b6-9874-4b21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:08:03.000Z", "modified": "2018-06-27T09:08:03.000Z", "description": "DDKONG", "pattern": "[file:name = 'www.google_ssl.onmypc.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:08:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b5-a744-4a97-99f1-4219950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:07:26.000Z", "modified": "2018-06-27T09:07:26.000Z", "description": "DDKONG", "pattern": "[domain-name:value = 'ftp.chinhphu.ddns.ms']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:07:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b5-c0b8-468f-b5b7-4156950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:07:52.000Z", "modified": "2018-06-27T09:07:52.000Z", "description": "DDKONG", "pattern": "[domain-name:value = 'www.microsoft.https443.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:07:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b6-6d70-4c7d-ad9e-40bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:07:44.000Z", "modified": "2018-06-27T09:07:44.000Z", "description": "DDKONG", "pattern": "[domain-name:value = 'msdns.otzo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:07:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b6-ea54-49bb-8b4d-42bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:08:35.000Z", "modified": "2018-06-27T09:08:35.000Z", "description": "DDKONG", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.191.177']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:08:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b6-d9c4-4e9a-bfbf-41ad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:08:28.000Z", "modified": "2018-06-27T09:08:28.000Z", "description": "DDKONG", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.191.75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3353b7-7b08-4e4c-9806-4b78950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:08:32.000Z", "modified": "2018-06-27T09:08:32.000Z", "description": "DDKONG", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.121.146.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:08:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b333f9d-538c-44ae-af71-405a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T07:41:17.000Z", "modified": "2018-06-27T07:41:17.000Z", "description": "PLAINTEE older variant", "pattern": "[file:hashes.SHA256 = 'bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T07:41:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b333fcb-7060-4d26-8dc5-4970950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T07:42:03.000Z", "modified": "2018-06-27T07:42:03.000Z", "description": "PLAINTEE older variant", "pattern": "[file:hashes.SHA256 = '6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T07:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b334422-f2f8-4b4e-8873-47b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:29:00.000Z", "modified": "2018-06-27T09:29:00.000Z", "description": "Loader - Delivery via HTA Loader", "pattern": "[file:hashes.SHA256 = '1dc5966572e94afc2fbcf8e93e3382eef4e4d7b5bc02f24069c403a28fa6a458' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:29:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3349f9-6a74-42cd-a80f-4c15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:18:15.000Z", "modified": "2018-06-27T09:18:15.000Z", "description": "Loader - Delivery via document property macro", "pattern": "[file:hashes.SHA256 = 'a789a282e0d65a050cccae66c56632245af1c8a589ace2ca5ca79572289fd483' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:18:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b335268-0f64-4354-a783-4b2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:01:28.000Z", "modified": "2018-06-27T09:01:28.000Z", "description": "PLAINTEE", "pattern": "[file:hashes.SHA256 = '863a9199decf36895d5d7d148ce9fd622e825f393d7ebe7591b4d37ef3f5f677' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:01:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b335279-2d7c-47dd-a880-40af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:01:45.000Z", "modified": "2018-06-27T09:01:45.000Z", "description": "PLAINTEE", "pattern": "[file:hashes.SHA256 = '22a5bd54f15f33f4218454e53679d7cfae32c03ddb6ec186fb5e6f8b7f7c098b' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:01:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3352a3-669c-429e-93c5-4079950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T10:00:49.000Z", "modified": "2018-06-27T10:00:49.000Z", "description": "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", "pattern": "[file:hashes.MD5 = 'd5679158937ce288837efe62bc1d9693' AND file:hashes.SHA1 = '0bdb44255e9472d80ee0197d0bfad7d8eb4a18e9' AND file:hashes.SHA256 = 'c35609822e6239934606a99cb3dbc925f4768f0b0654d6a2adc35eca473c505d' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T10:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3352bb-b844-43d1-ad06-4b7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:02:51.000Z", "modified": "2018-06-27T09:02:51.000Z", "description": "PLAINTEE", "pattern": "[file:hashes.SHA256 = '6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:02:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3352e8-2f2c-4dbd-9eff-457f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T10:01:35.000Z", "modified": "2018-06-27T10:01:35.000Z", "description": "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", "pattern": "[file:hashes.MD5 = '7c65565dcf5b40bd8358472d032bc8fb' AND file:hashes.SHA1 = 'ac3f20ddc2567af0b050c672ecd59dddab1fe55e' AND file:hashes.SHA256 = 'b099c31515947f0e86eed0c26c76805b13ca2d47ecbdb61fd07917732e38ae78' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T10:01:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3352f9-5c88-4d97-b859-4b93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:03:53.000Z", "modified": "2018-06-27T09:03:53.000Z", "description": "PLAINTEE", "pattern": "[file:hashes.SHA256 = 'bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:03:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33530d-aa10-4f2b-b024-449f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:04:13.000Z", "modified": "2018-06-27T09:04:13.000Z", "description": "PLAINTEE", "pattern": "[file:hashes.SHA256 = '9f779d920443d50ef48d4abfa40b43f5cb2c4eb769205b973b115e04f3b978f5' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:04:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3354cd-2058-4b73-9df3-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:37:33.000Z", "modified": "2018-06-27T09:37:33.000Z", "description": "Loader - Delivery via DLL Loader", "pattern": "[file:hashes.SHA256 = '0bb20a9570a9b1e3a72203951268ffe83af6dcae7342a790fe195a2ef109d855' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:37:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:12:29.000Z", "modified": "2018-06-27T09:12:29.000Z", "description": "C2", "pattern": "[domain-name:value = 'facebook-apps.com' AND domain-name:resolves_to_refs[*].value = '89.46.222.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b335b27-0e54-43fb-970a-4c73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:38:47.000Z", "modified": "2018-06-27T09:38:47.000Z", "description": "DDKONg - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", "pattern": "[file:hashes.MD5 = '6fa5bcedaf124cdaccfa5548eed7f4b0' AND file:hashes.SHA1 = '25ba920cb440b4a1c127c8eb0fb23ee783c9e01a' AND file:hashes.SHA256 = '119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:38:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b335c5b-9a8c-4f72-a350-4591950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T09:43:55.000Z", "modified": "2018-06-27T09:43:55.000Z", "description": "Plugin downloaded during runtime for DDKong sample.DDKong sample - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", "pattern": "[file:hashes.MD5 = 'a5164c686c405734b7362bc6b02488cb' AND file:hashes.SHA1 = '03defdda9397e7536cf39951246483a0339ccd35' AND file:hashes.SHA256 = '0517b62233c9574cb24b78fb533f6e92d35bc6451770f9f6001487ff9c154ad7' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T09:43:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b338cf5-09c4-49a2-9488-6911950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:11:17.000Z", "modified": "2018-06-27T13:11:17.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = 'c78fef9ef931ffc559ea416d45dc6f43574f524ba073713fddb79e4f8ec1a319' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:11:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b338d23-d4e0-4283-b2a1-6911950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:12:03.000Z", "modified": "2018-06-27T13:12:03.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '0f102e66bc2df4d14dc493ba8b93a88f6b622c168e0c2b63d0ceb7589910999d' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:12:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b338d3d-b4a8-4b78-9ec1-6911950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:12:29.000Z", "modified": "2018-06-27T13:12:29.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '82e1e296403be99129aced295e1c12fbb23f871c6fa2acafab9e08d9a728cb96' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:46.000Z", "modified": "2018-07-03T09:11:46.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:02.000Z", "modified": "2018-06-27T13:18:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:46.000Z", "modified": "2018-07-03T09:11:46.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:07.000Z", "modified": "2018-06-27T13:18:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:46.000Z", "modified": "2018-07-03T09:11:46.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:11.000Z", "modified": "2018-06-27T13:18:11.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:46.000Z", "modified": "2018-07-03T09:11:46.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:14.000Z", "modified": "2018-06-27T13:18:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:47.000Z", "modified": "2018-07-03T09:11:47.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:17.000Z", "modified": "2018-06-27T13:18:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:47.000Z", "modified": "2018-07-03T09:11:47.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:21.000Z", "modified": "2018-06-27T13:18:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:47.000Z", "modified": "2018-07-03T09:11:47.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:30.000Z", "modified": "2018-06-27T13:18:30.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:47.000Z", "modified": "2018-07-03T09:11:47.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:36.000Z", "modified": "2018-06-27T13:18:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:47.000Z", "modified": "2018-07-03T09:11:47.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:18:39.000Z", "modified": "2018-06-27T13:18:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3390c0-6268-40af-9ab0-68df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:27:28.000Z", "modified": "2018-06-27T13:27:28.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '84607a2abfd64d61299b0313337e85dd371642e9654b12288c8a1fc7c8c1cf0a' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:27:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3390d6-42fc-46d2-b142-6861950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:27:50.000Z", "modified": "2018-06-27T13:27:50.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = 'a725abb8fe76939f0e0532978eacd7d4afb4459bb6797ec32a7a9f670778bd7e' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:27:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3390e7-57f0-4f04-879a-4bb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:28:07.000Z", "modified": "2018-06-27T13:28:07.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '15f4c0a589dff62200fd7c885f1e7aa8863b8efa91e23c020de271061f4918eb' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3390f7-4030-4aa5-b421-3027950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:28:23.000Z", "modified": "2018-06-27T13:28:23.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '9996e108ade2ef3911d5d38e9f3c1deb0300aa0a82d33e36d376c6927e3ee5af' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:28:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b339125-37a4-4213-bc65-4e4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:29:09.000Z", "modified": "2018-06-27T13:29:09.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '18e102201409237547ab2754daa212cc1454f32c993b6e10a0297b0e6a980823' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:29:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33913d-8114-4770-a12b-68df950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:29:33.000Z", "modified": "2018-06-27T13:29:33.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = 'b8528c8e325db76b139d46e9f29835382a1b48d8941c47060076f367539c2559' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:29:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b339151-0254-4c6c-a8a6-44fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:29:53.000Z", "modified": "2018-06-27T13:29:53.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '01315e211bac543195f2c703033ba31b229001f844854b147c4b2a0973a7d17b' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b339163-3204-4054-bb53-4e3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:30:11.000Z", "modified": "2018-06-27T13:30:11.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = 'df14de6b43f902ac8c35ecf0582ddb33e12e682700eb55dc4706b73f5aed40f6' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:30:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b339174-eafc-4de2-873a-da6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:30:28.000Z", "modified": "2018-06-27T13:30:28.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '177906cb9170adc26082e44d9ad1b3fbdcba7c0b57e28b614c1b66cc4a99f906' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:30:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b339189-bcf4-44cc-908a-6911950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:30:49.000Z", "modified": "2018-06-27T13:30:49.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '113ae6f4d6a2963d5c9a7f42f782b176da096d17296f5a546433f7f27f260895' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:30:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b33919b-c95c-4f0b-ac98-689c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:31:07.000Z", "modified": "2018-06-27T13:31:07.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:31:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3391b7-53c8-4a3a-aceb-dee7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:31:35.000Z", "modified": "2018-06-27T13:31:35.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '5afbee76af2a09c173cf782fd5e51b5076b87f19b709577ddae1c8e5455fc642' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:31:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3391c8-0bf4-4091-bff9-da6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-27T13:31:52.000Z", "modified": "2018-06-27T13:31:52.000Z", "description": "DDKONG", "pattern": "[file:hashes.SHA256 = '128adaba3e6251d1af305a85ebfaafb2a8028eed3b9b031c54176ca7cef539d2' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-06-27T13:31:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:47.000Z", "modified": "2018-07-03T09:11:47.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:45.000Z", "modified": "2018-07-03T09:11:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:54.000Z", "modified": "2018-07-03T09:11:54.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:53.000Z", "modified": "2018-07-03T09:11:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:57.000Z", "modified": "2018-07-03T09:11:57.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:55.000Z", "modified": "2018-07-03T09:11:55.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:00.000Z", "modified": "2018-07-03T09:12:00.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:11:58.000Z", "modified": "2018-07-03T09:11:58.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:03.000Z", "modified": "2018-07-03T09:12:03.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:01.000Z", "modified": "2018-07-03T09:12:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:06.000Z", "modified": "2018-07-03T09:12:06.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:05.000Z", "modified": "2018-07-03T09:12:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:10.000Z", "modified": "2018-07-03T09:12:10.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:08.000Z", "modified": "2018-07-03T09:12:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:12.000Z", "modified": "2018-07-03T09:12:12.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:10.000Z", "modified": "2018-07-03T09:12:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:15.000Z", "modified": "2018-07-03T09:12:15.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:13.000Z", "modified": "2018-07-03T09:12:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:17.000Z", "modified": "2018-07-03T09:12:17.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:15.000Z", "modified": "2018-07-03T09:12:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:19.000Z", "modified": "2018-07-03T09:12:19.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:18.000Z", "modified": "2018-07-03T09:12:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:22.000Z", "modified": "2018-07-03T09:12:22.000Z", "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ], "x_misp_meta_category": "file", "x_misp_name": "file" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-07-03T09:12:20.000Z", "modified": "2018-07-03T09:12:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--44fdf83b-59eb-495b-a3f2-66dbd1a6195f", "created": "2018-06-27T09:17:36.000Z", "modified": "2018-06-27T09:17:36.000Z", "relationship_type": "connected-to", "source_ref": "indicator--5b3352a3-669c-429e-93c5-4079950d210f", "target_ref": "indicator--5b334872-9e80-4ce8-80c8-49df950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3dd8b44d-d27d-438b-a887-163e98501cf9", "created": "2018-06-27T09:12:49.000Z", "modified": "2018-06-27T09:12:49.000Z", "relationship_type": "connected-to", "source_ref": "indicator--5b3354cd-2058-4b73-9df3-4133950d210f", "target_ref": "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a394be21-14bb-410b-bb16-f51e6c0ce5c5", "created": "2018-06-27T13:18:42.000Z", "modified": "2018-06-27T13:18:42.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7", "target_ref": "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4cba05be-f9ad-436c-a8c4-3fd25e2b1d22", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8", "target_ref": "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b02cc8be-d6c3-4a8c-8bc5-a75736c2a087", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa", "target_ref": "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3c17cfdd-869b-4d87-b494-9c00c880e3be", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce", "target_ref": "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a9e84b20-3385-4c37-9c28-df5ca5bc8bd2", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d", "target_ref": "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b7c9b7a0-78aa-4648-9839-e811d58c5cd5", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101", "target_ref": "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e22ab3ee-df42-4aa4-a7fd-706118e0184c", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8", "target_ref": "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cdf50762-ac61-4d7c-acf1-1fba7e8c072d", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f", "target_ref": "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--39942ae0-4cf4-4780-9058-aac6e14280e3", "created": "2018-06-27T13:18:43.000Z", "modified": "2018-06-27T13:18:43.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135", "target_ref": "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a83b43b-f7a5-4755-8529-5fb486da3284", "created": "2018-07-03T09:12:23.000Z", "modified": "2018-07-03T09:12:23.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321", "target_ref": "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f07976c9-b92f-4de6-bf55-30494409717f", "created": "2018-07-03T09:12:23.000Z", "modified": "2018-07-03T09:12:23.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b", "target_ref": "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--769a5720-3aa5-41bc-ba2b-40cafb37deec", "created": "2018-07-03T09:12:23.000Z", "modified": "2018-07-03T09:12:23.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511", "target_ref": "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4a54d345-a680-4a05-8d0d-9086e6146fa0", "created": "2018-07-03T09:12:23.000Z", "modified": "2018-07-03T09:12:23.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40", "target_ref": "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d7bde494-6d26-433a-93ad-ffd7e39fd258", "created": "2018-07-03T09:12:23.000Z", "modified": "2018-07-03T09:12:23.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942", "target_ref": "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6616f422-48d6-4915-9173-031cb6c67d61", "created": "2018-07-03T09:12:23.000Z", "modified": "2018-07-03T09:12:23.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6", "target_ref": "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--25cafb2a-328f-42fb-95d3-c1dbda79371b", "created": "2018-07-03T09:12:24.000Z", "modified": "2018-07-03T09:12:24.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3", "target_ref": "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7d9f4ce-be42-42a2-9d0b-814f424f1ec4", "created": "2018-07-03T09:12:24.000Z", "modified": "2018-07-03T09:12:24.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724", "target_ref": "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2ae825eb-fd10-428a-a0b5-3d7bc8ace3d7", "created": "2018-07-03T09:12:24.000Z", "modified": "2018-07-03T09:12:24.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01", "target_ref": "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2469fb6f-48c1-4243-b1b9-6e841fbb4b80", "created": "2018-07-03T09:12:24.000Z", "modified": "2018-07-03T09:12:24.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8", "target_ref": "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e44116a7-611f-4b81-b99c-d74b436befd0", "created": "2018-07-03T09:12:24.000Z", "modified": "2018-07-03T09:12:24.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb", "target_ref": "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ddaf9543-1ff5-47bb-a009-74c16b1caa6f", "created": "2018-07-03T09:12:24.000Z", "modified": "2018-07-03T09:12:24.000Z", "relationship_type": "analysed-with", "source_ref": "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019", "target_ref": "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }