{ "type": "bundle", "id": "bundle--5c9b46dc-f354-4e45-b44a-4966950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:49.000Z", "modified": "2019-04-04T10:59:49.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5c9b46dc-f354-4e45-b44a-4966950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:49.000Z", "modified": "2019-04-04T10:59:49.000Z", "name": "OSINT- WinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns", "published": "2019-04-04T11:00:18Z", "object_refs": [ "x-misp-attribute--5ca334cd-3c38-4206-b4bd-44f8950d210f", "indicator--5ca34188-a4c0-4be1-a512-4809950d210f", "indicator--5ca34486-c174-4835-a726-43cf950d210f", "indicator--5ca35e81-e368-425f-9334-4c26950d210f", "indicator--5ca36ae4-99c8-4929-8075-472a950d210f", "indicator--5ca47533-79f4-4c4a-b7a3-4c9e950d210f", "indicator--5ca47536-ecbc-43b5-9e7c-474a950d210f", "indicator--5ca47536-1d78-46c4-bcea-491c950d210f", "indicator--5ca47536-e118-4430-a1bc-4eba950d210f", "indicator--5ca486cf-f20c-40e1-acd4-4be7950d210f", "indicator--5ca486cf-e3c4-4378-a2bf-4429950d210f", "indicator--5ca5ba6d-a63c-4e1b-8207-4c96950d210f", "indicator--5ca5ba6e-c3d4-4e66-bc47-4b73950d210f", "indicator--5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f", "indicator--5ca5ba6e-35a8-484e-b044-4986950d210f", "indicator--5ca5ba6e-01fc-4117-8ff6-4d6f950d210f", "indicator--5ca5ba6e-be44-4314-b8e5-4c12950d210f", "x-misp-object--5c9b8bf4-11d4-4450-882b-4d83950d210f", "indicator--5ca3352d-5220-47a1-acbf-4da1950d210f", "indicator--5ca33543-c790-4983-b1bb-4663950d210f", "indicator--5ca3355c-383c-4caa-be6c-4c46950d210f", "indicator--5ca35df4-911c-46d0-a997-43f9950d210f", "indicator--5ca36c3a-433c-4a6f-a46e-4084950d210f", "indicator--5ca36f41-1ccc-4fd2-82b8-4062950d210f", "indicator--5ca46a07-81c0-4819-91b2-d709950d210f", "indicator--5ca46dd0-955c-47b9-9511-ced9950d210f", "indicator--5ca474c5-95f8-435f-aff2-8a88950d210f", "indicator--5ca484d5-7b60-46fe-851d-41f7950d210f", "indicator--5ca4866f-f878-4e2d-84dc-4095950d210f", "indicator--5ca490a8-46c0-4464-8d48-456d950d210f", "indicator--5ca4a4b1-b8cc-40d3-95a9-4090950d210f", "indicator--5ca4a60b-9d04-4f5c-93f2-4d91950d210f", "indicator--5ca4a7ec-7f2c-437a-a124-4b84950d210f", "indicator--5ca4a80c-2170-4c49-b18e-4018950d210f", "indicator--5ca4a82d-0f6c-4877-b8a4-4073950d210f", "indicator--5ca4aef5-a100-4a27-bc1d-43b1950d210f", "indicator--5ca4bd25-7734-4740-bac3-4cab950d210f", "indicator--5ca4bd3d-3320-411a-86ce-48fc950d210f", "indicator--5ca4bd58-9274-4fc3-9eae-424e950d210f", "indicator--5ca4bd74-949c-45b2-9290-4e09950d210f", "indicator--5ca4bd8f-6bac-4726-87b5-49ef950d210f", "indicator--5ca4c5dc-542c-48e1-91be-4b39950d210f", "indicator--5ca5c948-d538-4f46-850c-4867950d210f", "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf", "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace", "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be", "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674", "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97", "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422", "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7", "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda", "indicator--c945a6c0-c445-4c44-be12-83436bcfd415", "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c", "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b", "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc", "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3", "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a", "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb", "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0", "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9", "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a", "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9", "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb", "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559", "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743", "indicator--996e8502-42f2-46ce-a819-264bd1c0374e", "x-misp-object--5508860a-3775-4c49-a97c-234666b38510", "indicator--ffebb241-ef81-48b2-91e3-fe715182f904", "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753", "indicator--5565b852-a761-4c28-b520-91f0eac10203", "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722", "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed", "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d", "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7", "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8", "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba", "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589", "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9", "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c", "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f", "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc", "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067", "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803", "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d", "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409", "indicator--631d6673-b540-4d35-891c-0583af76d3cc", "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44", "relationship--57e2c10f-6501-4a4e-9ba9-f828576dfc33", "relationship--832387c0-241d-4266-b58d-337992c6f284", "relationship--a878928c-347e-41fb-9434-00720d413ea6", "relationship--b49e99d9-b692-4b06-9db7-b9dd61c03642", "relationship--e9618ce1-64f9-4d93-84c5-66eb02af9838", "relationship--043de55a-1ecb-4017-b938-1d67ca182375", "relationship--42d0d8a5-f7fd-46e5-884d-78658a23f643", "relationship--7d375b45-c673-43a0-881d-2a64b0fc9bec", "relationship--82f13e23-7838-4460-83e3-9ca9fcf60f2b", "relationship--b27f5f12-d4e1-4a36-b67a-770d686e47ad", "relationship--40d8406b-1fe4-48f9-bf3d-93f7bda7c543", "relationship--ff1fdf76-73cc-4d23-ba1d-347fefe2f03a", "relationship--0cc29856-228a-419b-b8c4-d3dd83a5cc48", "relationship--72edd82f-bf8e-4f27-adb4-456ae2fd4811", "relationship--05ad90bf-0fe9-41db-9083-64a32feb7d3c", "relationship--0d360a33-5a40-4625-b8cb-1447e779d484", "relationship--4f7f9465-04be-4962-9e5a-99a171030587", "relationship--2024dc63-cf14-424d-b35c-6ff22091a356", "relationship--e019ce68-457a-44be-87d7-40e017b1d788", "relationship--0238a367-40d8-4e7a-9e79-a9ca344a8d36", "relationship--4c8a30e2-3203-476a-bb58-3c9d51043331", "relationship--fc7a080f-747f-4290-9642-f8f483e40f9b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:malpedia=\"Azorult\"", "misp-galaxy:malpedia=\"Quasar RAT\"", "misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"", "misp-galaxy:mitre-malware=\"NETWIRE - S0198\"", "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"", "misp-galaxy:ransomware=\"Razy\"", "misp-galaxy:rat=\"Netwire\"", "misp-galaxy:rat=\"Quasar RAT\"", "misp-galaxy:stealer=\"AZORult\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ca334cd-3c38-4206-b4bd-44f8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T10:09:36.000Z", "modified": "2019-04-02T10:09:36.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to specify arbitrary destinations during file extraction of \u00e2\u20ac\u02dcACE\u00e2\u20ac\u2122 formatted files, regardless of user input. Attackers can easily achieve persistence and code execution by creating malicious archives that extract files to sensitive locations, like the Windows \u00e2\u20ac\u0153Startup\u00e2\u20ac\u009d Start Menu folder. While this vulnerability has been fixed in the latest version of WinRAR (5.70), WinRAR itself does not contain auto-update features, increasing the likelihood that many existing users remain running out-of-date versions." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca34188-a4c0-4be1-a512-4809950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T13:06:43.000Z", "modified": "2019-04-02T13:06:43.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.162.131.92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T13:06:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca34486-c174-4835-a726-43cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T11:16:22.000Z", "modified": "2019-04-02T11:16:22.000Z", "description": "Payload download", "pattern": "[url:value = 'http://185.49.71.101/i/pwi_crs.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T11:16:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca35e81-e368-425f-9334-4c26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T13:07:13.000Z", "modified": "2019-04-02T13:07:13.000Z", "description": "Netwire C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T13:07:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca36ae4-99c8-4929-8075-472a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T14:00:04.000Z", "modified": "2019-04-02T14:00:04.000Z", "pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Desktop\\\\100m.bat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T14:00:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca47533-79f4-4c4a-b7a3-4c9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:56:19.000Z", "modified": "2019-04-03T08:56:19.000Z", "pattern": "[url:value = 'www.alahbabgroup.com/bakala/verify.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:56:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca47536-ecbc-43b5-9e7c-474a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:56:22.000Z", "modified": "2019-04-03T08:56:22.000Z", "pattern": "[url:value = '103.225.168.159/admin/verify.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca47536-1d78-46c4-bcea-491c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:56:22.000Z", "modified": "2019-04-03T08:56:22.000Z", "pattern": "[url:value = 'www.khuyay.org/odin_backup/public/loggoff.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca47536-e118-4430-a1bc-4eba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:56:22.000Z", "modified": "2019-04-03T08:56:22.000Z", "pattern": "[url:value = '47.91.56.21/verify.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca486cf-f20c-40e1-acd4-4be7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T10:11:27.000Z", "modified": "2019-04-03T10:11:27.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.148.220.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T10:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca486cf-e3c4-4378-a2bf-4429950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T10:11:27.000Z", "modified": "2019-04-03T10:11:27.000Z", "pattern": "[url:value = 'http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T10:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5ba6d-a63c-4e1b-8207-4c96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T08:03:57.000Z", "modified": "2019-04-04T08:03:57.000Z", "pattern": "[url:value = 'http://103.225.168.159/admin/verify.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T08:03:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5ba6e-c3d4-4e66-bc47-4b73950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T08:03:58.000Z", "modified": "2019-04-04T08:03:58.000Z", "pattern": "[url:value = 'http://185.162.131.92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T08:03:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T08:03:58.000Z", "modified": "2019-04-04T08:03:58.000Z", "pattern": "[url:value = 'http://47.91.56.21/verify.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T08:03:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5ba6e-35a8-484e-b044-4986950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T08:03:58.000Z", "modified": "2019-04-04T08:03:58.000Z", "pattern": "[url:value = 'http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T08:03:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5ba6e-01fc-4117-8ff6-4d6f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T08:03:58.000Z", "modified": "2019-04-04T08:03:58.000Z", "pattern": "[url:value = 'http://www.alahbabgroup.com/bakala/verify.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T08:03:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5ba6e-be44-4314-b8e5-4c12950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T08:03:58.000Z", "modified": "2019-04-04T08:03:58.000Z", "pattern": "[url:value = 'http://www.khuyay.org/odin_backup/public/loggoff.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T08:03:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c9b8bf4-11d4-4450-882b-4d83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T14:43:00.000Z", "modified": "2019-03-27T14:43:00.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"", "osint:certainty=\"50\"", "type:OSINT", "osint:lifetime=\"perpetual\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "\u00e2\u0161\u00a0\r\n WARNING \r\n\u00e2\u0161\u00a0\r\n\r\nWinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns\r\n(link: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html) fireeye.com/blog/threat-re\u00e2\u20ac\u00a6\r\nAll IOCs:\r\n(link: https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a) otx.alienvault.com/pulse/5c9a4ff3\u00e2\u20ac\u00a6\r\nExploit Details:\r\n(link: https://research.checkpoint.com/extracting-code-execution-from-winrar/) research.checkpoint.com/extracting-cod\u00e2\u20ac\u00a6", "category": "Other", "uuid": "5c9b8bf4-81a0-484a-94aa-4524950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5c9b8bf4-b480-4cf3-80c3-4e97950d210f" }, { "type": "url", "object_relation": "url", "value": "https://mobile.twitter.com/Bank_Security/status/1110795166762307585", "category": "Network activity", "to_ids": true, "uuid": "5c9b8bf4-0bfc-4d15-9eca-4640950d210f" }, { "type": "link", "object_relation": "link", "value": "https://t.co/WXbZ8UEIUY?amp=1", "category": "External analysis", "to_ids": true, "uuid": "5c9b8bf4-b578-4b65-ab12-4f46950d210f" }, { "type": "link", "object_relation": "link", "value": "https://t.co/4QpF7PmDLH?amp=1", "category": "External analysis", "to_ids": true, "uuid": "5c9b8bf4-daa4-45d3-949e-4814950d210f" }, { "type": "link", "object_relation": "link", "value": "https://t.co/arJH9cqHID?amp=1", "category": "External analysis", "to_ids": true, "uuid": "5c9b8bf4-da6c-4fd2-a520-4e67950d210f" }, { "type": "link", "object_relation": "link", "value": "https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html", "category": "External analysis", "to_ids": true, "uuid": "5c9b8bf4-f79c-4eab-8203-4699950d210f" }, { "type": "link", "object_relation": "link", "value": "https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a", "category": "External analysis", "to_ids": true, "uuid": "5c9b8bf4-a76c-4085-914a-4fa0950d210f" }, { "type": "link", "object_relation": "link", "value": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "category": "External analysis", "to_ids": true, "uuid": "5c9b8bf4-7c20-48fc-9447-4dd3950d210f" }, { "type": "datetime", "object_relation": "creation-date", "value": "2019-03-27T07:46:00", "category": "Other", "uuid": "5c9b8bf4-aa90-4700-8335-43c2950d210f" }, { "type": "text", "object_relation": "username", "value": "Bank_Security", "category": "Other", "uuid": "5c9b8bf4-f9d0-4d81-8a45-4059950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca3352d-5220-47a1-acbf-4da1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T11:27:09.000Z", "modified": "2019-04-02T11:27:09.000Z", "pattern": "[file:hashes.MD5 = '8e067e4cda99299b0bf2481cc1fd8e12' AND file:name = 'Scan_Letter_of_Approval.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T11:27:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca33543-c790-4983-b1bb-4663950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T12:16:03.000Z", "modified": "2019-04-02T12:16:03.000Z", "pattern": "[file:hashes.MD5 = '3aabc9767d02c75ef44df6305bc6a41f' AND file:name = 'winSrvHost.vbs' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T12:16:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca3355c-383c-4caa-be6c-4c46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T12:39:50.000Z", "modified": "2019-04-02T12:39:50.000Z", "description": "decoy document", "pattern": "[file:hashes.MD5 = 'dc63d5affde0db95128dac52f9d19578' AND file:name = 'Letter of Approval.pdf' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T12:39:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca35df4-911c-46d0-a997-43f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T13:04:52.000Z", "modified": "2019-04-02T13:04:52.000Z", "pattern": "[file:hashes.MD5 = '12def981952667740eb06ee91168e643' AND file:name = 'pwi_crs.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T13:04:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca36c3a-433c-4a6f-a46e-4084950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T14:05:46.000Z", "modified": "2019-04-02T14:05:46.000Z", "pattern": "[file:hashes.MD5 = '062801f6fdbda4dd67b77834c62e82a4' AND file:name = 'SysAid-Documentation.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T14:05:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca36f41-1ccc-4fd2-82b8-4062950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-02T14:18:41.000Z", "modified": "2019-04-02T14:18:41.000Z", "pattern": "[file:hashes.MD5 = '49419d84076b13e96540fdd911f1c2f0' AND file:name = 'SysAid-Documentation.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-02T14:18:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca46a07-81c0-4819-91b2-d709950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:08:39.000Z", "modified": "2019-04-03T08:08:39.000Z", "pattern": "[file:hashes.MD5 = '96986b18a8470f4020ea78df0b3db7d4' AND file:name = 'ekrnview.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:08:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca46dd0-955c-47b9-9511-ced9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:24:48.000Z", "modified": "2019-04-03T08:24:48.000Z", "pattern": "[file:hashes.MD5 = '31718d7b9b3261688688bdc4e026db99' AND file:name = 'Thumbs.db.lnk' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:24:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca474c5-95f8-435f-aff2-8a88950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T08:54:29.000Z", "modified": "2019-04-03T08:54:29.000Z", "description": "Email", "pattern": "[file:hashes.MD5 = '8c93e024fc194f520e4e72e761c0942d' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T08:54:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca484d5-7b60-46fe-851d-41f7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T10:03:01.000Z", "modified": "2019-04-03T10:03:01.000Z", "pattern": "[file:hashes.MD5 = '9b19753369b6ed1187159b95fc8a81cd' AND file:name = 'zakon.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T10:03:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4866f-f878-4e2d-84dc-4095950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T10:09:51.000Z", "modified": "2019-04-03T10:09:51.000Z", "pattern": "[file:hashes.MD5 = '79b53b4555c1fb39ba3c7b8ce9a4287e' AND file:name = 'mssconf.bat' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T10:09:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca490a8-46c0-4464-8d48-456d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T10:53:28.000Z", "modified": "2019-04-03T10:53:28.000Z", "pattern": "[file:hashes.MD5 = 'e9815dfb90776ab449539a2be7c16de5' AND file:name = 'leaks copy.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T10:53:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4a4b1-b8cc-40d3-95a9-4090950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T12:18:57.000Z", "modified": "2019-04-03T12:18:57.000Z", "pattern": "[file:hashes.MD5 = '9b81b3174c9b699f594d725cf89ffaa4' AND file:name = 'cc.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T12:18:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4a60b-9d04-4f5c-93f2-4d91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T12:24:43.000Z", "modified": "2019-04-03T12:24:43.000Z", "pattern": "[file:hashes.MD5 = '914ac7ecf2557d5836f26a151c1b9b62' AND file:name = 'zabugor.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T12:24:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4a7ec-7f2c-437a-a124-4b84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T12:32:44.000Z", "modified": "2019-04-03T12:32:44.000Z", "pattern": "[file:hashes.MD5 = 'eca09fe8dcbc9d1c097277f2b3ef1081' AND file:name = 'zabugorV.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T12:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4a80c-2170-4c49-b18e-4018950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T12:33:16.000Z", "modified": "2019-04-03T12:33:16.000Z", "pattern": "[file:hashes.MD5 = '1f5fa51ac9517d70f136e187d45f69de' AND file:name = 'Combolist.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T12:33:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4a82d-0f6c-4877-b8a4-4073950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T12:33:49.000Z", "modified": "2019-04-03T12:33:49.000Z", "pattern": "[file:hashes.MD5 = 'f36404fb24a640b40e2d43c72c18e66b' AND file:name = 'Nulled2019.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T12:33:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4aef5-a100-4a27-bc1d-43b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T13:02:45.000Z", "modified": "2019-04-03T13:02:45.000Z", "pattern": "[file:hashes.MD5 = '0f56b04a4e9a0df94c7f89c1bccf830c' AND file:name = 'IT.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T13:02:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4bd25-7734-4740-bac3-4cab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T14:03:17.000Z", "modified": "2019-04-03T14:03:17.000Z", "description": "QuasarRAT", "pattern": "[file:hashes.MD5 = '1ba398b0a14328b9604eeb5ebf139b40' AND file:name = 'explorer.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T14:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4bd3d-3320-411a-86ce-48fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T14:03:41.000Z", "modified": "2019-04-03T14:03:41.000Z", "description": "Azorult", "pattern": "[file:hashes.MD5 = 'aac00312a961e81c4af4664c49b4a2b2' AND file:name = 'explorer.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T14:03:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4bd58-9274-4fc3-9eae-424e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T14:04:08.000Z", "modified": "2019-04-03T14:04:08.000Z", "description": "Netwire", "pattern": "[file:hashes.MD5 = '2961c52f04b7fdf7ccf6c01ac259d767' AND file:name = 'IntelAudio.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T14:04:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4bd74-949c-45b2-9290-4e09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T14:04:36.000Z", "modified": "2019-04-03T14:04:36.000Z", "description": "Razy", "pattern": "[file:hashes.MD5 = '97d74671d0489071baa21f38f456eb74' AND file:name = 'Discord.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T14:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4bd8f-6bac-4726-87b5-49ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T14:05:03.000Z", "modified": "2019-04-03T14:05:03.000Z", "description": "Buzy", "pattern": "[file:hashes.MD5 = 'bcc49643833a4d8545ed4145fb6fdfd2' AND file:name = 'Discord.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T14:05:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca4c5dc-542c-48e1-91be-4b39950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-03T14:40:28.000Z", "modified": "2019-04-03T14:40:28.000Z", "description": "Azorult", "pattern": "[file:hashes.MD5 = '119a0fd733bc1a013b0d4399112b8626' AND file:name = 'old.exe' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-03T14:40:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ca5c948-d538-4f46-850c-4867950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T09:07:20.000Z", "modified": "2019-04-04T09:07:20.000Z", "pattern": "[file:hashes.MD5 = '7dae2d144dae4447a152bef586520ef8' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T09:07:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:18.000Z", "modified": "2019-04-04T10:59:18.000Z", "pattern": "[file:hashes.MD5 = '119a0fd733bc1a013b0d4399112b8626' AND file:hashes.SHA1 = '092e7d2aa0c518a499e8cc5aaf3e827ad3b66512' AND file:hashes.SHA256 = '87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:18.000Z", "modified": "2019-04-04T10:59:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:41:06", "category": "Other", "uuid": "9beab9c9-b030-42d5-963a-07948cc15406" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0/analysis/1553722866/", "category": "Payload delivery", "uuid": "96552c73-8407-4a1b-b581-1d8a1f67e8bc" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "uuid": "6229267a-31f2-4c37-a98f-fcad7f56d641" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "pattern": "[file:hashes.MD5 = '1f5fa51ac9517d70f136e187d45f69de' AND file:hashes.SHA1 = 'fddc26459a6c6055a320f282a5ac51d1b74f2fd3' AND file:hashes.SHA256 = '6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:40:58", "category": "Other", "uuid": "fcc179d9-1bd5-410d-99fa-718daee19a8d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f/analysis/1553722858/", "category": "Payload delivery", "uuid": "f29a7f37-dd60-4a5d-8591-8b002722574c" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/56", "category": "Payload delivery", "uuid": "c6e43a6d-edf5-48a5-b634-1c79b8ff11b1" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "pattern": "[file:hashes.MD5 = '12def981952667740eb06ee91168e643' AND file:hashes.SHA1 = '1df08806e39ed6f9f3a5cb228f3be744936e201e' AND file:hashes.SHA256 = 'c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04T06:32:35", "category": "Other", "uuid": "565b6568-d456-4e2e-acf6-5d67b8b522f5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b/analysis/1554359555/", "category": "Payload delivery", "uuid": "c4b3f8ec-089e-4ea0-8c3f-c9da23acd89e" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/67", "category": "Payload delivery", "uuid": "76664654-df97-4498-997b-dd21a0e35b7e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "pattern": "[file:hashes.MD5 = 'eca09fe8dcbc9d1c097277f2b3ef1081' AND file:hashes.SHA1 = 'a4185a50ccac29056e2e56ad85b8d74adc8ec7ac' AND file:hashes.SHA256 = '83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:41:05", "category": "Other", "uuid": "ca8a2227-5e14-449f-992f-103c90818e66" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce/analysis/1553722865/", "category": "Payload delivery", "uuid": "4bde1856-53a3-4a92-a62a-e087a5257d82" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/55", "category": "Payload delivery", "uuid": "cc548348-c570-441e-aacb-63ce091ad1a8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c945a6c0-c445-4c44-be12-83436bcfd415", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "pattern": "[file:hashes.MD5 = '97d74671d0489071baa21f38f456eb74' AND file:hashes.SHA1 = '3bb63aa0b92cc1bde8d027112e5b037cc65ca9cb' AND file:hashes.SHA256 = '73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:19.000Z", "modified": "2019-04-04T10:59:19.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-02T04:08:58", "category": "Other", "uuid": "bb8a1c29-37ad-4712-8597-af71d8026d8f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9/analysis/1554178138/", "category": "Payload delivery", "uuid": "f77ff9ca-1dbc-4c38-be3b-8825ba4b08e9" }, { "type": "text", "object_relation": "detection-ratio", "value": "51/70", "category": "Payload delivery", "uuid": "dbe53327-a8b6-4672-b914-156659f88f9e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "pattern": "[file:hashes.MD5 = '8e067e4cda99299b0bf2481cc1fd8e12' AND file:hashes.SHA1 = '3a92a121201c209d3e091b795274c22a4ea71963' AND file:hashes.SHA256 = 'e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-29T05:20:01", "category": "Other", "uuid": "cda7e557-6ee3-4683-81fe-b8720b5b641b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649/analysis/1553836801/", "category": "Payload delivery", "uuid": "e24d4bfd-ae1d-4397-a389-8645acbf8d90" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/56", "category": "Payload delivery", "uuid": "942e32c4-826a-4e1c-b527-aed28d14a14f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "pattern": "[file:hashes.MD5 = 'e9815dfb90776ab449539a2be7c16de5' AND file:hashes.SHA1 = '178b02f21efd10a7c98f654fc68c88468738042e' AND file:hashes.SHA256 = 'c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:41:31", "category": "Other", "uuid": "e7dec0a9-afee-44ae-823c-12179dc2ad7e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c/analysis/1553722891/", "category": "Payload delivery", "uuid": "3e484ad3-5997-4ccf-b1a6-3a5d891365be" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/55", "category": "Payload delivery", "uuid": "e82b82e1-cc43-4eb8-bf51-b1158a1cc0ec" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "pattern": "[file:hashes.MD5 = 'dc63d5affde0db95128dac52f9d19578' AND file:hashes.SHA1 = '539efdad458cf6563d1735632df1fb2c39acfedd' AND file:hashes.SHA256 = '17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-29T12:43:20", "category": "Other", "uuid": "d4e3ba49-f61e-4e67-8187-7474cc86df81" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6/analysis/1553863400/", "category": "Payload delivery", "uuid": "0e086d43-d432-448f-b93f-a3b9837cba45" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/61", "category": "Payload delivery", "uuid": "712ff8c6-b9e0-4729-91fc-ff6ccab2a2a0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "pattern": "[file:hashes.MD5 = '8c93e024fc194f520e4e72e761c0942d' AND file:hashes.SHA1 = 'b7dd83d96a480e2f8c653f5339764dd3fe38ce81' AND file:hashes.SHA256 = '5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-29T05:29:07", "category": "Other", "uuid": "350bd5bd-90e5-4b64-b8f3-7c854166a4a2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c/analysis/1553837347/", "category": "Payload delivery", "uuid": "05677bc0-97e1-4004-8169-6db4587a5b4e" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/59", "category": "Payload delivery", "uuid": "e6f88c2a-7758-4953-a88b-1ee84a1e99d4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "pattern": "[file:hashes.MD5 = '3aabc9767d02c75ef44df6305bc6a41f' AND file:hashes.SHA1 = '1210766d7137be26f84d1882357559841b698cef' AND file:hashes.SHA256 = 'e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:20.000Z", "modified": "2019-04-04T10:59:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-01T20:02:27", "category": "Other", "uuid": "109fdc32-8735-4b87-a3d2-503b63da577b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967/analysis/1554148947/", "category": "Payload delivery", "uuid": "36eb457b-417a-44cd-a001-d228d29c6b6f" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/58", "category": "Payload delivery", "uuid": "2829ad9f-6b97-4d49-92e0-68243c3d4bd0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "pattern": "[file:hashes.MD5 = '79b53b4555c1fb39ba3c7b8ce9a4287e' AND file:hashes.SHA1 = '90764c28ce62b6ea005dd7e616f7ada4fcd170ad' AND file:hashes.SHA256 = '08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-29T05:35:29", "category": "Other", "uuid": "14e0668a-3a17-4bf4-b32d-3ba02a2049ac" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf/analysis/1553837729/", "category": "Payload delivery", "uuid": "20e3fd93-1dd9-4456-9948-f99675ea9dd3" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Payload delivery", "uuid": "dcd9fa6f-0f51-4a76-835c-be1653c74242" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--996e8502-42f2-46ce-a819-264bd1c0374e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "pattern": "[file:hashes.MD5 = 'f36404fb24a640b40e2d43c72c18e66b' AND file:hashes.SHA1 = 'ed6b9c876a8a4fe01623972e8733ec2a90177ad1' AND file:hashes.SHA256 = '6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5508860a-3775-4c49-a97c-234666b38510", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:40:57", "category": "Other", "uuid": "192f5431-d8c0-430a-a04b-bb1afbb10f4d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2/analysis/1553722857/", "category": "Payload delivery", "uuid": "494ad934-586f-49c7-9fe4-1cb4b357a506" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/57", "category": "Payload delivery", "uuid": "e0cce08c-a0d6-4eaf-aad6-7c377cc0e74f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ffebb241-ef81-48b2-91e3-fe715182f904", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "pattern": "[file:hashes.MD5 = '96986b18a8470f4020ea78df0b3db7d4' AND file:hashes.SHA1 = '431c792fcc8ba9b58f0ffde5c8fe6fd93066ec45' AND file:hashes.SHA256 = '2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-02T15:27:29", "category": "Other", "uuid": "cf481ea6-dd65-435c-8e37-e4554834e0e1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e/analysis/1554218849/", "category": "Payload delivery", "uuid": "1c745f93-920c-44e0-9d4e-f226b5351a46" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/69", "category": "Payload delivery", "uuid": "026dd833-b81e-4428-8adc-145c79c1a7d2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5565b852-a761-4c28-b520-91f0eac10203", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "pattern": "[file:hashes.MD5 = '2961c52f04b7fdf7ccf6c01ac259d767' AND file:hashes.SHA1 = '2c1ff2f2d463fd66bb630e02a4596e42f73f3ea9' AND file:hashes.SHA256 = 'bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-01T15:09:35", "category": "Other", "uuid": "ae154983-4c39-4a58-aa86-95e0573452df" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283/analysis/1554131375/", "category": "Payload delivery", "uuid": "9731d4df-bede-4c7b-a84f-e3409931ef31" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/67", "category": "Payload delivery", "uuid": "13d3e396-14a1-4642-9dea-e61e30a2c7bf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "pattern": "[file:hashes.MD5 = '0f56b04a4e9a0df94c7f89c1bccf830c' AND file:hashes.SHA1 = '73895da7b3f1780eeca9750172e1a9545fa63782' AND file:hashes.SHA256 = 'd5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:21.000Z", "modified": "2019-04-04T10:59:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:41:37", "category": "Other", "uuid": "9c7704c6-2d0d-44e5-9a55-f7a5459016dc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c/analysis/1553722897/", "category": "Payload delivery", "uuid": "6a2896ea-9cdf-4461-b8cc-b02fa1353e37" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/54", "category": "Payload delivery", "uuid": "f45ebe03-d435-4aef-a6ae-8b4a83142f23" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "pattern": "[file:hashes.MD5 = '914ac7ecf2557d5836f26a151c1b9b62' AND file:hashes.SHA1 = '49b7c035cead28573b793b3947621a330b216b2b' AND file:hashes.SHA256 = '245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-26T01:43:50", "category": "Other", "uuid": "f04f4c69-06c2-4ae6-b54c-103f2ea7b273" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc/analysis/1553564630/", "category": "Payload delivery", "uuid": "74ab99c3-0e96-43f9-b286-6058716bd1e5" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/59", "category": "Payload delivery", "uuid": "75cff71b-ee95-4f7a-aae1-06e70db035f8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "pattern": "[file:hashes.MD5 = 'aac00312a961e81c4af4664c49b4a2b2' AND file:hashes.SHA1 = 'ab4fb9d8f917d2c45f3792c05c29799bf27cdd9f' AND file:hashes.SHA256 = 'a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-27T21:41:15", "category": "Other", "uuid": "f5b5ee0e-d5ea-48b9-bbd6-b7ca034d1926" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14/analysis/1553722875/", "category": "Payload delivery", "uuid": "02fc2be9-9f6a-4e0f-bfde-4d104ce30909" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/68", "category": "Payload delivery", "uuid": "e13fd81b-0e00-4ede-83e3-d81894abf9e5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "pattern": "[file:hashes.MD5 = 'bcc49643833a4d8545ed4145fb6fdfd2' AND file:hashes.SHA1 = 'a88113c715c8ee254057bc7926d3535ab841e122' AND file:hashes.SHA256 = '98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-02T03:51:02", "category": "Other", "uuid": "c84221c1-2109-44be-80bb-c2ba345a8982" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad/analysis/1554177062/", "category": "Payload delivery", "uuid": "1bf2ee69-ee15-46ba-bdd4-50bd88c487c5" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/68", "category": "Payload delivery", "uuid": "96e1c7d8-951a-4d53-9c3d-3a63867a2545" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "pattern": "[file:hashes.MD5 = '9b19753369b6ed1187159b95fc8a81cd' AND file:hashes.SHA1 = 'cafb67eeb2de076e7e6b0143dac87bb11f7134ac' AND file:hashes.SHA256 = '6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:22.000Z", "modified": "2019-04-04T10:59:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-03T06:46:43", "category": "Other", "uuid": "3ece6471-807f-4c4d-b89c-79398038f291" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c/analysis/1554274003/", "category": "Payload delivery", "uuid": "d09276c9-1ad3-45d7-8c11-ce53d55b1260" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/51", "category": "Payload delivery", "uuid": "85c82a65-c099-4c8b-925c-86dccbcb56c4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:23.000Z", "modified": "2019-04-04T10:59:23.000Z", "pattern": "[file:hashes.MD5 = '062801f6fdbda4dd67b77834c62e82a4' AND file:hashes.SHA1 = 'c02e298f63acb20246683c302f0a71bfd7081f88' AND file:hashes.SHA256 = 'eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:23.000Z", "modified": "2019-04-04T10:59:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-04T01:15:33", "category": "Other", "uuid": "27d9d610-e0f2-4341-b907-c0c9f30cba10" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0/analysis/1554340533/", "category": "Payload delivery", "uuid": "4720cca9-9ec5-4768-b5ae-212af40fe5e0" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/61", "category": "Payload delivery", "uuid": "4e900f7c-0a63-48f0-8b15-ad1f62b94084" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:23.000Z", "modified": "2019-04-04T10:59:23.000Z", "pattern": "[file:hashes.MD5 = '9b81b3174c9b699f594d725cf89ffaa4' AND file:hashes.SHA1 = 'c9967af445a3416d0ff3701555e83529ff482ff9' AND file:hashes.SHA256 = '4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:23.000Z", "modified": "2019-04-04T10:59:23.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-29T05:33:11", "category": "Other", "uuid": "2ed2edb7-aaa6-4812-9244-fd3fc3919580" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22/analysis/1553837591/", "category": "Payload delivery", "uuid": "a77aacfd-49a3-4eaf-8962-ff0fae0b7eea" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/59", "category": "Payload delivery", "uuid": "488706c1-fcfa-4db9-af64-9e79cc1748e8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--631d6673-b540-4d35-891c-0583af76d3cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:23.000Z", "modified": "2019-04-04T10:59:23.000Z", "pattern": "[file:hashes.MD5 = '49419d84076b13e96540fdd911f1c2f0' AND file:hashes.SHA1 = '35749e82cd605e07b4145b48ef677721a113ae20' AND file:hashes.SHA256 = 'e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-04-04T10:59:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-29T03:27:04", "category": "Other", "uuid": "e7fd965e-5fbe-4d19-8861-6bb7aecad60e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b/analysis/1553830024/", "category": "Payload delivery", "uuid": "b65b97c1-4007-41e6-a420-eb82e6db6754" }, { "type": "text", "object_relation": "detection-ratio", "value": "29/58", "category": "Payload delivery", "uuid": "9eb24880-f920-444d-963e-624562a666d9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--57e2c10f-6501-4a4e-9ba9-f828576dfc33", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf", "target_ref": "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--832387c0-241d-4266-b58d-337992c6f284", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be", "target_ref": "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a878928c-347e-41fb-9434-00720d413ea6", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97", "target_ref": "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b49e99d9-b692-4b06-9db7-b9dd61c03642", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7", "target_ref": "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e9618ce1-64f9-4d93-84c5-66eb02af9838", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c945a6c0-c445-4c44-be12-83436bcfd415", "target_ref": "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--043de55a-1ecb-4017-b938-1d67ca182375", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b", "target_ref": "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42d0d8a5-f7fd-46e5-884d-78658a23f643", "created": "2019-04-04T10:59:24.000Z", "modified": "2019-04-04T10:59:24.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3", "target_ref": "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7d375b45-c673-43a0-881d-2a64b0fc9bec", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb", "target_ref": "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82f13e23-7838-4460-83e3-9ca9fcf60f2b", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9", "target_ref": "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b27f5f12-d4e1-4a36-b67a-770d686e47ad", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9", "target_ref": "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--40d8406b-1fe4-48f9-bf3d-93f7bda7c543", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559", "target_ref": "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ff1fdf76-73cc-4d23-ba1d-347fefe2f03a", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--996e8502-42f2-46ce-a819-264bd1c0374e", "target_ref": "x-misp-object--5508860a-3775-4c49-a97c-234666b38510" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cc29856-228a-419b-b8c4-d3dd83a5cc48", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ffebb241-ef81-48b2-91e3-fe715182f904", "target_ref": "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--72edd82f-bf8e-4f27-adb4-456ae2fd4811", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5565b852-a761-4c28-b520-91f0eac10203", "target_ref": "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--05ad90bf-0fe9-41db-9083-64a32feb7d3c", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed", "target_ref": "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d360a33-5a40-4625-b8cb-1447e779d484", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7", "target_ref": "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4f7f9465-04be-4962-9e5a-99a171030587", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba", "target_ref": "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2024dc63-cf14-424d-b35c-6ff22091a356", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9", "target_ref": "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e019ce68-457a-44be-87d7-40e017b1d788", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f", "target_ref": "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0238a367-40d8-4e7a-9e79-a9ca344a8d36", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067", "target_ref": "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c8a30e2-3203-476a-bb58-3c9d51043331", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d", "target_ref": "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fc7a080f-747f-4290-9642-f8f483e40f9b", "created": "2019-04-04T10:59:25.000Z", "modified": "2019-04-04T10:59:25.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--631d6673-b540-4d35-891c-0583af76d3cc", "target_ref": "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }