{ "type": "bundle", "id": "bundle--5d2cae34-7564-4049-b9c4-4ae902de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d2cae34-7564-4049-b9c4-4ae902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "name": "OSINT - SWEED: Exposing years of Agent Tesla campaigns", "published": "2019-07-15T17:08:58Z", "object_refs": [ "observed-data--5d2cae46-6b2c-4405-84c0-aac302de0b81", "url--5d2cae46-6b2c-4405-84c0-aac302de0b81", "x-misp-attribute--5d2cae5f-c280-4f19-8954-40d702de0b81", "indicator--5d2cae94-23d0-4a7e-8786-44ee02de0b81", "indicator--5d2cae9b-a984-4d8f-bff3-4f8f02de0b81", "indicator--5d2cae9b-f470-4a85-86f7-415a02de0b81", "indicator--5d2cae9b-6494-4e1b-85bc-4bfd02de0b81", "indicator--5d2cae9b-fe6c-438e-b707-427202de0b81", "indicator--5d2cae9b-5870-4176-a210-4b6202de0b81", "indicator--5d2cae9b-1e90-4e41-b3a1-407f02de0b81", "indicator--5d2cae9b-70e4-4321-ad36-4e3102de0b81", "indicator--5d2cae9c-6690-4d02-a56e-46f102de0b81", "indicator--5d2cae9c-666c-4919-a174-4f5b02de0b81", "indicator--5d2cae9c-2630-4021-82aa-426c02de0b81", "indicator--5d2cae9c-f094-437b-9d54-4e9202de0b81", "indicator--5d2cae9c-383c-4889-9c11-48bd02de0b81", "indicator--5d2cae9c-3d7c-4b9a-80c4-476a02de0b81", "indicator--5d2cae9c-e9ec-4029-86f3-4d6502de0b81", "indicator--5d2cae9c-0c4c-41e8-abc2-49f902de0b81", "indicator--5d2cae9c-e824-4946-afd5-44d602de0b81", "indicator--5d2cae9c-e01c-4903-99ef-45f102de0b81", "indicator--5d2cae9c-1524-4fdf-9b0f-4eea02de0b81", "indicator--5d2cae9c-b44c-4332-9357-4b9b02de0b81", "indicator--5d2cae9c-e814-4e45-b039-471702de0b81", "indicator--5d2cae9c-fc78-48ff-a437-49ac02de0b81", "indicator--5d2cae9c-6c04-483c-ad36-43cd02de0b81", "indicator--5d2cae9c-ca7c-4bf3-8693-4c6a02de0b81", "indicator--5d2cae9c-617c-4f4d-afbb-468002de0b81", "indicator--5d2cae9c-b554-47fb-a7ca-4e0c02de0b81", "indicator--5d2cae9c-616c-437e-a2ac-443002de0b81", "indicator--5d2cae9c-dd0c-4390-a52b-40ab02de0b81", "indicator--5d2cae9c-5934-4948-8ff3-4d4702de0b81", "indicator--5d2cae9c-fadc-4eb9-9144-4c5c02de0b81", "indicator--5d2cae9c-ab64-4869-a410-4d9402de0b81", "indicator--5d2cae9c-2744-4ce8-9f5a-493902de0b81", "indicator--5d2cae9c-5dbc-41c0-9f73-428802de0b81", "indicator--5d2cae9c-4ed4-48cd-a0f2-4c3c02de0b81", "indicator--5d2cae9c-ee10-46ac-a202-403702de0b81", "indicator--5d2cae9c-a6e8-40a5-8b80-4f1902de0b81", "indicator--5d2cae9c-73d0-4b36-88a7-4bba02de0b81", "indicator--5d2cae9c-4b40-4b91-8181-496802de0b81", "indicator--5d2cae9c-f5e4-49a0-80db-405802de0b81", "indicator--5d2cae9c-40f0-4b2c-8258-422302de0b81", "indicator--5d2cae9c-f494-42ad-83cf-4ea002de0b81", "indicator--5d2cae9c-d1f8-4f4c-9f7a-477f02de0b81", "indicator--5d2cae9c-1620-4928-9e19-4e4002de0b81", "indicator--5d2cae9c-1588-4f6c-8060-436302de0b81", "indicator--5d2cae9c-4d0c-483a-b9d8-4c2c02de0b81", "indicator--5d2cae9c-f130-492c-92f9-464f02de0b81", "indicator--5d2cae9c-1e40-4218-9feb-45cd02de0b81", "indicator--5d2cae9c-3474-4e94-977c-4c0302de0b81", "indicator--5d2cae9c-c488-45f0-8cfd-438702de0b81", "indicator--5d2cae9c-fffc-4d13-813c-445f02de0b81", "indicator--5d2cae9d-9a5c-46b2-a8d5-433602de0b81", "indicator--5d2cae9d-ba14-4774-bef4-44ba02de0b81", "indicator--5d2cae9d-b4e8-4287-ba31-414d02de0b81", "indicator--5d2cae9d-bba0-4b0c-ad26-44b302de0b81", "indicator--5d2cae9d-608c-4017-87be-481a02de0b81", "indicator--5d2cae9d-7bd4-4df5-8bdf-4c0802de0b81", "indicator--5d2cae9d-fd18-4adb-8a21-4eee02de0b81", "indicator--5d2cae9d-c658-4335-a822-407e02de0b81", "indicator--5d2caf91-ddb0-4d8f-8152-4bbf02de0b81", "observed-data--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "observed-data--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "observed-data--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "observed-data--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "observed-data--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "observed-data--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "observed-data--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "observed-data--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "observed-data--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "indicator--5d2cb25b-18e4-4b9b-9dff-4dbe02de0b81", "x-misp-attribute--5d2cb281-9ea8-457e-b4fd-4ada02de0b81", "indicator--5d2cb2b1-63bc-457a-9f3b-429a02de0b81", "indicator--5d2cb2b2-2b08-458c-a55f-443d02de0b81", "indicator--5d2cb2b2-327c-4bc3-907c-404602de0b81", "indicator--5d2cb2d2-ea6c-4c3d-9789-48ff02de0b81", "indicator--5d2cb2d2-85f0-46c2-aa47-4fdf02de0b81", "indicator--5d2cb2d2-251c-44ac-a8ff-482202de0b81", "indicator--5d2cb2d2-8c98-448e-8f6b-451802de0b81", "indicator--5d2cb2d2-f618-4373-936d-4e5002de0b81", "indicator--5d2cb2d2-15ac-4588-87e0-481702de0b81", "indicator--5d2cb2d2-76e0-4b97-a41f-497502de0b81", "indicator--5d2cb2ec-8c84-4ac2-a0fc-4c1a02de0b81", "indicator--5d2cb2ec-0554-4b04-b70f-46e402de0b81", "indicator--5d2cb2ec-fcc8-4890-85bc-49ba02de0b81", "indicator--5d2cb2ec-11b4-46cc-8f66-426d02de0b81", "indicator--5d2cb2ec-86c8-4d2e-8f25-44b202de0b81", "indicator--5d2cb2ec-e324-4981-bae1-495b02de0b81", "indicator--5d2cb2ec-ea9c-4004-bfb5-4ef902de0b81", "indicator--5d2cb2ec-561c-4376-b159-46e102de0b81", "indicator--5d2cb2ec-55e8-474c-bf23-492e02de0b81", "indicator--5d2cb2ec-e784-4aa2-83df-456402de0b81", "indicator--5d2cb2ec-bcf8-414e-b7bf-409502de0b81", "indicator--5d2cb2ec-0100-4c07-902f-484302de0b81", "indicator--5d2caf42-e134-4c02-8eda-45d702de0b81", "indicator--5d2caf6c-a478-4dd2-a816-4a5e02de0b81", "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf", "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b", "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3", "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65", "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47", "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad", "indicator--5d2cb00d-a38c-4241-9ae1-40db02de0b81", "indicator--5d2cb071-13f4-4927-b73c-409902de0b81", "indicator--5d2cb0ad-7148-479f-b5ea-97a202de0b81", "indicator--5d2cb145-d424-4c65-8ff4-401b02de0b81", "indicator--5d2cb17f-e3a8-4d42-84c0-4cee02de0b81", "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63", "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1", "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a", "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde", "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7", "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5", "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9", "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf", "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6", "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e", "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4", "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c", "relationship--32b99377-8a8f-4f65-b889-6dd29be237ec", "relationship--ecba49bb-b847-462b-af23-14908e21a38a", "relationship--f6c8b7ad-a2c4-4d55-bb09-4520753a2064", "relationship--5d8b5fe6-4df7-482f-99f8-9c9d04bfbdad", "relationship--d88bd946-5232-4dac-ad4a-be902d94a631", "relationship--2a4df8f1-28ce-4a3b-90f6-e70768838250", "relationship--9c180c10-dc1b-4dc5-9f39-74356c265465", "relationship--88f15950-caf3-4875-9e2b-61350491247c", "relationship--3835bed8-f8ba-4a3c-8ec6-988cf257a444", "relationship--c4ce625d-61e5-4085-b46c-7a6bad17222c" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"75\"", "misp-galaxy:malpedia=\"Agent Tesla\"", "misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"", "misp-galaxy:tool=\"Agent Tesla\"", "workflow:todo=\"create-missing-misp-galaxy-cluster\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cae46-6b2c-4405-84c0-aac302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:48:06.000Z", "modified": "2019-07-15T16:48:06.000Z", "first_observed": "2019-07-15T16:48:06Z", "last_observed": "2019-07-15T16:48:06Z", "number_observed": 1, "object_refs": [ "url--5d2cae46-6b2c-4405-84c0-aac302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d2cae46-6b2c-4405-84c0-aac302de0b81", "value": "https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d2cae5f-c280-4f19-8954-40d702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:48:31.000Z", "modified": "2019-07-15T16:48:31.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling \"SWEED,\" including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our research, SWEED \u00e2\u20ac\u201d which has been operating since at least 2017 \u00e2\u20ac\u201d primarily targets their victims with stealers and remote access trojans.\r\n\r\nSWEED remains consistent across most of their campaigns in their use of spear-phishing emails with malicious attachments. While these campaigns have featured a myriad of different types of malicious documents, the actor primarily tries to infect its victims with a packed version of Agent Tesla \u00e2\u20ac\u201d an information stealer that's been around since at least 2014. The version of Agent Tesla that SWEED is using differs slightly from what we've seen in the past in the way that it is packed, as well as how it infects the system. In this post, we'll run down each campaign we're able to connect to SWEED, and talk about some of the actor's tactics, techniques and procedures (TTPs)." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae94-23d0-4a7e-8786-44ee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:24.000Z", "modified": "2019-07-15T16:49:24.000Z", "pattern": "[domain-name:value = 'sweeddehacklord.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-a984-4d8f-bff3-4f8f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweed-office.comie.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-f470-4a85-86f7-415a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweed-viki.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-6494-4e1b-85bc-4bfd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweedoffice.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-fe6c-438e-b707-427202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweedoffice-olamide.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-5870-4176-a210-4b6202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweedoffice-chuks.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-1e90-4e41-b3a1-407f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'www.sweedoffice-kc.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9b-70e4-4321-ad36-4e3102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweedoffice-kc.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-6690-4d02-a56e-46f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:31.000Z", "modified": "2019-07-15T16:49:31.000Z", "pattern": "[domain-name:value = 'sweedoffice-goodman.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-666c-4919-a174-4f5b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'sweedoffice-bosskobi.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-2630-4021-82aa-426c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'www.sweedoffice-olamide.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-f094-437b-9d54-4e9202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'www.sweedoffice-chuks.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-383c-4889-9c11-48bd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'aelna.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-3d7c-4b9a-80c4-476a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'candqre.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-e9ec-4029-86f3-4d6502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'spedaqinterfreight.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-0c4c-41e8-abc2-49f902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'worldjaquar.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-e824-4946-afd5-44d602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'zurieh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-e01c-4903-99ef-45f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'aiaininsurance.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-1524-4fdf-9b0f-4eea02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'aidanube.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-b44c-4332-9357-4b9b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'anernostat.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-e814-4e45-b039-471702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'blssleel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-fc78-48ff-a437-49ac02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'bwayachtng.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-6c04-483c-ad36-43cd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'cablsol.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-ca7c-4bf3-8693-4c6a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'catalanoshpping.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-617c-4f4d-afbb-468002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'cawus-coskunsu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-b554-47fb-a7ca-4e0c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'crosspoiimeri.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-616c-437e-a2ac-443002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'dougiasbarwick.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-dd0c-4390-a52b-40ab02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'erieil.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-5934-4948-8ff3-4d4702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'etqworld.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-fadc-4eb9-9144-4c5c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'evegreen-shipping.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-ab64-4869-a410-4d9402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'gufageneys.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-2744-4ce8-9f5a-493902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'hybru.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-5dbc-41c0-9f73-428802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'intermodaishipping.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-4ed4-48cd-a0f2-4c3c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'jltqroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-ee10-46ac-a202-403702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'jyexports.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-a6e8-40a5-8b80-4f1902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'kayneslnterconnection.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-73d0-4b36-88a7-4bba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'kn-habour.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-4b40-4b91-8181-496802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'leocouriercompany.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-f5e4-49a0-80db-405802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'lnnovalues.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-40f0-4b2c-8258-422302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'mglt-mea.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-f494-42ad-83cf-4ea002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'mti-transt.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-d1f8-4f4c-9f7a-477f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'profbuiiders.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-1620-4928-9e19-4e4002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'quycarp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-1588-4f6c-8060-436302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'regionaitradeinspections.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-4d0c-483a-b9d8-4c2c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'repotc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-f130-492c-92f9-464f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'rsaqencies.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-1e40-4218-9feb-45cd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'samhwansleel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-3474-4e94-977c-4c0302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'serec.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-c488-45f0-8cfd-438702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'snapqata.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9c-fffc-4d13-813c-445f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:32.000Z", "modified": "2019-07-15T16:49:32.000Z", "pattern": "[domain-name:value = 'sukrltiv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-9a5c-46b2-a8d5-433602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'supe-lab.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-ba14-4774-bef4-44ba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'usarmy-mill.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-b4e8-4287-ba31-414d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'virdtech.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-bba0-4b0c-ad26-44b302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'willistoweswatson.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-608c-4017-87be-481a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'xlnya-cn.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-7bd4-4df5-8bdf-4c0802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'zarpac.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-fd18-4adb-8a21-4eee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'oralbdentaltreatment.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cae9d-c658-4335-a822-407e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:49:33.000Z", "modified": "2019-07-15T16:49:33.000Z", "pattern": "[domain-name:value = 'wlttraco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:49:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2caf91-ddb0-4d8f-8152-4bbf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:53:37.000Z", "modified": "2019-07-15T16:53:37.000Z", "description": "Agent Tesla - Campaign #1", "pattern": "[file:hashes.SHA256 = '8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:53:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:37.000Z", "modified": "2019-07-15T17:02:37.000Z", "first_observed": "2019-07-15T17:02:37Z", "last_observed": "2019-07-15T17:02:37Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "src_ref": "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9", "value": "198.54.125.61" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:38.000Z", "modified": "2019-07-15T17:02:38.000Z", "first_observed": "2019-07-15T17:02:38Z", "last_observed": "2019-07-15T17:02:38Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "src_ref": "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9", "value": "84.38.134.121" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:40.000Z", "modified": "2019-07-15T17:02:40.000Z", "first_observed": "2019-07-15T17:02:40Z", "last_observed": "2019-07-15T17:02:40Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "src_ref": "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9", "value": "185.26.122.68" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:41.000Z", "modified": "2019-07-15T17:02:41.000Z", "first_observed": "2019-07-15T17:02:41Z", "last_observed": "2019-07-15T17:02:41Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "src_ref": "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9", "value": "208.91.197.91" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:42.000Z", "modified": "2019-07-15T17:02:42.000Z", "first_observed": "2019-07-15T17:02:42Z", "last_observed": "2019-07-15T17:02:42Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "src_ref": "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9", "value": "154.80.172.212" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:43.000Z", "modified": "2019-07-15T17:02:43.000Z", "first_observed": "2019-07-15T17:02:43Z", "last_observed": "2019-07-15T17:02:43Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "src_ref": "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9", "value": "46.21.144.100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:46.000Z", "modified": "2019-07-15T17:02:46.000Z", "first_observed": "2019-07-15T17:02:46Z", "last_observed": "2019-07-15T17:02:46Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "src_ref": "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9", "value": "151.80.88.242" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:47.000Z", "modified": "2019-07-15T17:02:47.000Z", "first_observed": "2019-07-15T17:02:47Z", "last_observed": "2019-07-15T17:02:47Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "src_ref": "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9", "value": "209.99.40.222" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:52.000Z", "modified": "2019-07-15T17:02:52.000Z", "first_observed": "2019-07-15T17:02:52Z", "last_observed": "2019-07-15T17:02:52Z", "number_observed": 1, "object_refs": [ "network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "src_ref": "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9", "value": "209.99.40.223" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb25b-18e4-4b9b-9dff-4dbe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:05:31.000Z", "modified": "2019-07-15T17:05:31.000Z", "pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Classes\\\\ms-settings\\\\shell\\\\open\\\\command']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:05:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d2cb281-9ea8-457e-b4fd-4ada02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:06:09.000Z", "modified": "2019-07-15T17:06:09.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_type": "whois-registrant-email", "x_misp_value": "aaras480@gmail.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2b1-63bc-457a-9f3b-429a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:06:57.000Z", "modified": "2019-07-15T17:06:57.000Z", "description": "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:", "pattern": "[url:value = 'http://aelna.com/file/chuks.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:06:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2b2-2b08-458c-a55f-443d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:06:58.000Z", "modified": "2019-07-15T17:06:58.000Z", "description": "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:", "pattern": "[url:value = 'http://aelna.com/file/sweed.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2b2-327c-4bc3-907c-404602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:06:58.000Z", "modified": "2019-07-15T17:06:58.000Z", "description": "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:", "pattern": "[url:value = 'http://aelna.com/file/duke.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:06:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-ea6c-4c3d-9789-48ff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/2/chuks.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-85f0-46c2-aa47-4fdf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/6/chuks.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-251c-44ac-a8ff-482202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/5/goodman.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-8c98-448e-8f6b-451802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/1/chuks.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-f618-4373-936d-4e5002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/1/hipkid.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-15ac-4588-87e0-481702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/5/sweed.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2d2-76e0-4b97-a41f-497502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:30.000Z", "modified": "2019-07-15T17:07:30.000Z", "description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf", "pattern": "[url:value = 'sodimodisfrance.cf/2/duke.boys.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-8c84-4ac2-a0fc-4c1a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'sweed-office.comie.ru/goodman/panel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-0554-4b04-b70f-46e402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'sweed-office.comie.ru/kc/panel/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-fcc8-4890-85bc-49ba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-office/omee/panel/login.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-11b4-46cc-8f66-426d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-client/humble1/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-86c8-4d2e-8f25-44b202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-client/sima/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-e324-4981-bae1-495b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-office/omee/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-ea9c-4004-bfb5-4ef902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-office/kc/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-561c-4376-b159-46e102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-office/olamide/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-55e8-474c-bf23-492e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-office/jamil/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-e784-4aa2-83df-456402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-client/niggab/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-bcf8-414e-b7bf-409502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-client/humble2/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb2ec-0100-4c07-902f-484302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:07:56.000Z", "modified": "2019-07-15T17:07:56.000Z", "description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:", "pattern": "[url:value = 'wlttraco.com/sweed-office/harry/panel/post.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2caf42-e134-4c02-8eda-45d702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:52:18.000Z", "modified": "2019-07-15T16:52:18.000Z", "description": " Campaign #1", "pattern": "[file:hashes.SHA256 = '59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd' AND file:name = 'Java_Updater.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:52:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2caf6c-a478-4dd2-a816-4a5e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:53:00.000Z", "modified": "2019-07-15T16:53:00.000Z", "description": " Campaign #1", "pattern": "[file:hashes.SHA256 = 'e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08' AND file:name = 'P-O of Jun2017.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:53:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:54:12.000Z", "modified": "2019-07-15T16:54:12.000Z", "pattern": "[file:hashes.MD5 = '1be08ed45c512f6daab34519995dda63' AND file:hashes.SHA1 = '4a4fa608ccdbae42ef3ed708b08b6bbacda20908' AND file:hashes.SHA256 = '8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:54:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:54:13.000Z", "modified": "2019-07-15T16:54:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-03-26T19:06:29", "category": "Other", "comment": "Agent Tesla - Campaign #1", "uuid": "af28189f-7f1d-41a8-8c73-c9ea120555ca" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f/analysis/1522091189/", "category": "External analysis", "comment": "Agent Tesla - Campaign #1", "uuid": "80f8f1b1-1a11-44ca-9efa-a09ab8cc83d5" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/66", "category": "Payload installation", "comment": "Agent Tesla - Campaign #1", "uuid": "eea81aef-999f-4df6-8f60-eec0e32da997" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:03.000Z", "modified": "2019-07-15T17:02:03.000Z", "pattern": "[file:hashes.MD5 = 'bf58485904f69fb91b11cd802f6d76ca' AND file:hashes.SHA1 = 'ae8f8bb3e7cfdeed7317b6eea7ef0cec4113b519' AND file:hashes.SHA256 = 'e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:54:13.000Z", "modified": "2019-07-15T16:54:13.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-06-22T12:36:27", "category": "Other", "uuid": "65f4da1c-0f6c-4b4a-a272-75e00434483e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08/analysis/1498134987/", "category": "Payload delivery", "uuid": "842578a7-27e5-4718-bb4c-479b7cb369ac" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/59", "category": "Payload delivery", "uuid": "5df2aec9-e3a5-48b2-a5f6-bd1ac1a30d9e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:03.000Z", "modified": "2019-07-15T17:02:03.000Z", "pattern": "[file:hashes.MD5 = 'a313f809b1faf1643e0201e29cb4cbc0' AND file:hashes.SHA1 = '2dd851466760b8b35226e83b2bfa36a379c03db6' AND file:hashes.SHA256 = '59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:54:14.000Z", "modified": "2019-07-15T16:54:14.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-12T13:33:10", "category": "Other", "uuid": "553d5faf-a8ce-445a-82a9-3e17363cd1da" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd/analysis/1507815190/", "category": "Payload delivery", "uuid": "c14e58b2-77a5-46d7-ab6d-9afbf6ab18c7" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/66", "category": "Payload delivery", "uuid": "0161d30e-d327-4df9-a166-658673b5b49a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb00d-a38c-4241-9ae1-40db02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:55:41.000Z", "modified": "2019-07-15T16:55:41.000Z", "description": " Campaign #2", "pattern": "[file:hashes.SHA256 = 'd27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97' AND file:name = 'Java sample']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:55:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb071-13f4-4927-b73c-409902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:57:21.000Z", "modified": "2019-07-15T16:57:21.000Z", "description": " Campaign #3", "pattern": "[file:hashes.SHA256 = '65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b' AND file:name = 'New Order For Quotation.ppsx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:57:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb0ad-7148-479f-b5ea-97a202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T16:58:21.000Z", "modified": "2019-07-15T16:58:21.000Z", "description": " Campaign #4", "pattern": "[file:hashes.SHA256 = '111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671' AND file:name = 'SETTLEMENT OF OUTSTANDING.xlsx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T16:58:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb145-d424-4c65-8ff4-401b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:00:53.000Z", "modified": "2019-07-15T17:00:53.000Z", "description": " Campaign #5", "pattern": "[file:hashes.SHA256 = '1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075' AND file:name = 'Request and specification of our new order.xls']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:00:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d2cb17f-e3a8-4d42-84c0-4cee02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:01:51.000Z", "modified": "2019-07-15T17:01:51.000Z", "description": " Campaign #5", "pattern": "[file:hashes.SHA256 = 'fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f' AND file:name = 'Agent Tesla']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:01:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:03.000Z", "modified": "2019-07-15T17:02:03.000Z", "pattern": "[file:hashes.MD5 = '8e0b8b5200e879d7a4a62df5ea30253a' AND file:hashes.SHA1 = '50c9dea7c3b2f396f22612f14dae00880ceffa9a' AND file:hashes.SHA256 = '1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:03.000Z", "modified": "2019-07-15T17:02:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-07-15T06:00:54", "category": "Other", "uuid": "dabea056-538d-4442-b633-26c8a44edf75" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075/analysis/1563170454/", "category": "Payload delivery", "uuid": "f41b268d-f903-4aa4-b5ba-1e19066d5e42" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/60", "category": "Payload delivery", "uuid": "4cc2f15c-563f-4209-9583-41628ba52ea3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:03.000Z", "modified": "2019-07-15T17:02:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-10-12T13:33:10", "category": "Other", "uuid": "5f522c75-9e97-494d-9194-a6b93776287a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd/analysis/1507815190/", "category": "Payload delivery", "uuid": "ad0b5f4e-0fff-4f75-be53-6265f58c29c1" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/66", "category": "Payload delivery", "uuid": "356ef8ff-0235-4e8f-bb33-8249a5caf79e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:03.000Z", "modified": "2019-07-15T17:02:03.000Z", "pattern": "[file:hashes.MD5 = '675b17eed5c3c5e0bb5ab937753672bb' AND file:hashes.SHA1 = '72d382cbf08d3f3fe2429eceed8a706b1b44fd65' AND file:hashes.SHA256 = '65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:04.000Z", "modified": "2019-07-15T17:02:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-18T19:17:10", "category": "Other", "uuid": "aa822b4a-e563-4929-b1ba-7bf06ac4c469" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b/analysis/1542568630/", "category": "Payload delivery", "uuid": "4c438a43-6d73-412c-b2d0-0c36ee8a04c0" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/56", "category": "Payload delivery", "uuid": "e4e98012-9f66-4620-a3a9-2d899b277a8e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:04.000Z", "modified": "2019-07-15T17:02:04.000Z", "pattern": "[file:hashes.MD5 = 'f082f44b0f4e52c44a6116e34ecb2a78' AND file:hashes.SHA1 = 'a2b75fce3fc2baf11eae550d05aa1fbe170be546' AND file:hashes.SHA256 = '111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:04.000Z", "modified": "2019-07-15T17:02:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-18T19:12:47", "category": "Other", "uuid": "d0b8bb66-599a-448b-a8b5-674d8fdb2cb2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671/analysis/1542568367/", "category": "Payload delivery", "uuid": "e872a407-273f-4376-a8a1-49e69b57e6e7" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/59", "category": "Payload delivery", "uuid": "934ba945-fbe4-4884-ad0d-dc8fa9cd8a20" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:04.000Z", "modified": "2019-07-15T17:02:04.000Z", "pattern": "[file:hashes.MD5 = 'fc23bd61f8af13293fd960e6cb202145' AND file:hashes.SHA1 = 'd3e1421263a60abd5e58a49c3f02282710917210' AND file:hashes.SHA256 = 'fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:04.000Z", "modified": "2019-07-15T17:02:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-18T02:08:00", "category": "Other", "uuid": "89006026-47b7-45f8-ac3c-64326ebbe3ca" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f/analysis/1560823680/", "category": "Payload delivery", "uuid": "9cbf73dd-b749-4402-9737-395a241e805d" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/66", "category": "Payload delivery", "uuid": "d602cb8b-f80f-4839-aab8-eaadae303222" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:05.000Z", "modified": "2019-07-15T17:02:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-06-22T12:36:27", "category": "Other", "uuid": "5cbc4dea-fefe-4d73-ac3a-99c822b7118b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08/analysis/1498134987/", "category": "Payload delivery", "uuid": "8c6cfdd3-0eff-4938-a5d3-1ae36045c254" }, { "type": "text", "object_relation": "detection-ratio", "value": "9/59", "category": "Payload delivery", "uuid": "2cf448aa-f7c9-48a8-825e-4a5ee6733ec5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:05.000Z", "modified": "2019-07-15T17:02:05.000Z", "pattern": "[file:hashes.MD5 = 'bcfe2c56500d6f58e8e3f4b5a35fb155' AND file:hashes.SHA1 = 'f36b3a4353cddc2909f534a5dbf4f631c4c941a9' AND file:hashes.SHA256 = 'd27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-07-15T17:02:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-07-15T17:02:05.000Z", "modified": "2019-07-15T17:02:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-15T07:22:45", "category": "Other", "uuid": "ba91dac5-b7af-42b4-a351-b43c4cb949ea" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97/analysis/1542266565/", "category": "Payload delivery", "uuid": "891da064-eda3-4824-94a3-6d7950aedd8c" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/58", "category": "Payload delivery", "uuid": "b2320be1-2302-421d-8aa1-07110023f45a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--32b99377-8a8f-4f65-b889-6dd29be237ec", "created": "2019-07-15T16:54:14.000Z", "modified": "2019-07-15T16:54:14.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf", "target_ref": "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecba49bb-b847-462b-af23-14908e21a38a", "created": "2019-07-15T16:54:15.000Z", "modified": "2019-07-15T16:54:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3", "target_ref": "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f6c8b7ad-a2c4-4d55-bb09-4520753a2064", "created": "2019-07-15T17:02:05.000Z", "modified": "2019-07-15T17:02:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3", "target_ref": "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d8b5fe6-4df7-482f-99f8-9c9d04bfbdad", "created": "2019-07-15T16:54:15.000Z", "modified": "2019-07-15T16:54:15.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47", "target_ref": "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d88bd946-5232-4dac-ad4a-be902d94a631", "created": "2019-07-15T17:02:06.000Z", "modified": "2019-07-15T17:02:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47", "target_ref": "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a4df8f1-28ce-4a3b-90f6-e70768838250", "created": "2019-07-15T17:02:06.000Z", "modified": "2019-07-15T17:02:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63", "target_ref": "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9c180c10-dc1b-4dc5-9f39-74356c265465", "created": "2019-07-15T17:02:06.000Z", "modified": "2019-07-15T17:02:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde", "target_ref": "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88f15950-caf3-4875-9e2b-61350491247c", "created": "2019-07-15T17:02:06.000Z", "modified": "2019-07-15T17:02:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5", "target_ref": "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3835bed8-f8ba-4a3c-8ec6-988cf257a444", "created": "2019-07-15T17:02:06.000Z", "modified": "2019-07-15T17:02:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf", "target_ref": "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c4ce625d-61e5-4085-b46c-7a6bad17222c", "created": "2019-07-15T17:02:06.000Z", "modified": "2019-07-15T17:02:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4", "target_ref": "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }