{ "type": "bundle", "id": "bundle--5bb61071-d0ac-4b8a-8bba-4dc8950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:15:09.000Z", "modified": "2018-10-04T19:15:09.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5bb61071-d0ac-4b8a-8bba-4dc8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:15:09.000Z", "modified": "2018-10-04T19:15:09.000Z", "name": "OSINT - Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras", "published": "2018-10-04T19:15:15Z", "object_refs": [ "observed-data--5bb610da-7840-4316-b213-4905950d210f", "url--5bb610da-7840-4316-b213-4905950d210f", "x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f", "indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f", "indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f", "indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f", "indicator--5bb61740-c0f8-4087-9811-4f8b950d210f", "indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f", "indicator--5bb61a04-0544-461d-9635-46d1950d210f", "indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f", "indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f", "indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f", "indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f", "indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f", "indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f", "indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f", "indicator--5bb61a0e-500c-4155-825b-452b950d210f", "indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f", "indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f", "indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f", "indicator--5bb61a10-ab00-4133-8296-4a96950d210f", "indicator--5bb61a10-469c-473e-ba93-459b950d210f", "indicator--f309283e-f9b3-4936-9534-ef6866f23c40", "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7", "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930", "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5", "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0", "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd", "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9", "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b", "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8", "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7", "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435", "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa", "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0", "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96", "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb", "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175", "indicator--ed841816-818e-4245-b6dd-f2309f700681", "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d", "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8", "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b", "relationship--2a00db68-d0a0-43b9-bfa2-70fced7b439c", "relationship--a6bdc7f1-2692-4ad4-aa7b-1888fdf4a3ae", "relationship--83d98ede-bfa6-44e7-b16a-e8420ce02ba7", "relationship--b934a33f-b6e7-4251-86d9-0200a1982534", "relationship--38231b46-cc2d-4b0f-bf04-b27c947bc542", "relationship--ecce8a6e-d10e-48ed-9101-5a680bc8c6b3", "relationship--88cff23a-3f74-49c6-9354-af30c2378795", "relationship--dd433e06-89e7-4170-bf8e-5beed3b3b617", "relationship--5a573c96-2547-4f14-9e08-e9618697402f", "relationship--8ef2120f-2bc8-4a86-bf96-f5022d78ad23" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "malware_classification:malware-category=\"Botnet\"", "\tmalware_classification:malware-category=\"Botnet\"", "misp-galaxy:botnet=\"Persirai\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5bb610da-7840-4316-b213-4905950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:11:09.000Z", "modified": "2018-10-04T13:11:09.000Z", "first_observed": "2018-10-04T13:11:09Z", "last_observed": "2018-10-04T13:11:09Z", "number_observed": 1, "object_refs": [ "url--5bb610da-7840-4316-b213-4905950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5bb610da-7840-4316-b213-4905950d210f", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:17:07.000Z", "modified": "2018-10-04T13:17:07.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai\u00e2\u20ac\u201dan open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras\u00e2\u20ac\u201das well as the Hajime botnet.\r\n\r\nWe detected approximately 120,000 IP cameras that are vulnerable to ELF_PERSIRAI.A via Shodan. Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:35:53.000Z", "modified": "2018-10-04T13:35:53.000Z", "description": "C&C server", "pattern": "[domain-name:value = 'load.gtpnet.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:35:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:35:54.000Z", "modified": "2018-10-04T13:35:54.000Z", "description": "C&C server", "pattern": "[domain-name:value = 'ntp.gtpnet.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:35:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:35:59.000Z", "modified": "2018-10-04T13:35:59.000Z", "description": "C&C server", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.189.232']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:35:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61740-c0f8-4087-9811-4f8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:36:00.000Z", "modified": "2018-10-04T13:36:00.000Z", "description": "C&C server", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.85.38.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:36:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:47.000Z", "modified": "2018-10-04T13:47:47.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a04-0544-461d-9635-46d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:48.000Z", "modified": "2018-10-04T13:47:48.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:48.000Z", "modified": "2018-10-04T13:47:48.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:49.000Z", "modified": "2018-10-04T13:47:49.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:49.000Z", "modified": "2018-10-04T13:47:49.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:53.000Z", "modified": "2018-10-04T13:47:53.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:56.000Z", "modified": "2018-10-04T13:47:56.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:57.000Z", "modified": "2018-10-04T13:47:57.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:57.000Z", "modified": "2018-10-04T13:47:57.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0e-500c-4155-825b-452b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:58.000Z", "modified": "2018-10-04T13:47:58.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:58.000Z", "modified": "2018-10-04T13:47:58.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'ff5db7bdb4de17a77bd4a552f50f0e5488281cedc934fc3707833f90484ef66c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:59.000Z", "modified": "2018-10-04T13:47:59.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'ec2c39f1dfb75e7b33daceaeda4dbadb8efd9015a9b7e41d595bb28d2cd0180f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:47:59.000Z", "modified": "2018-10-04T13:47:59.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'f736948bb4575c10a3175f0078a2b5d36cce1aa4cd635307d03c826e305a7489']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:47:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a10-ab00-4133-8296-4a96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:48:00.000Z", "modified": "2018-10-04T13:48:00.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = 'e0b5c9f874f260c840766eb23c1f69828545d7820f959c8601c41c024044f02c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:48:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5bb61a10-469c-473e-ba93-459b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T13:48:00.000Z", "modified": "2018-10-04T13:48:00.000Z", "description": "Hash detected as ELF_PERSIRAI.A:", "pattern": "[file:hashes.SHA256 = '35317971e346e5b2a8401b2e66b9e62e371ce9532f816cb313216c3647973c32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T13:48:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f309283e-f9b3-4936-9534-ef6866f23c40", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:11:58.000Z", "modified": "2018-10-04T19:11:58.000Z", "pattern": "[file:hashes.MD5 = '2f6e964b3f63b13831314c28185bb51a' AND file:hashes.SHA1 = 'a63417b889491466c912dfbb6d2a34ad27f2bcfe' AND file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:11:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:11:56.000Z", "modified": "2018-10-04T19:11:56.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-04T00:29:01", "category": "Other", "uuid": "7815ca32-703b-430e-a06f-dfb802b2617c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0/analysis/1538612941/", "category": "External analysis", "uuid": "b872dfe2-e6a4-46be-93cb-d2d39c54e961" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/57", "category": "Other", "uuid": "b977ae27-2ed8-42ea-af35-31fa7d975feb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:00.000Z", "modified": "2018-10-04T19:12:00.000Z", "pattern": "[file:hashes.MD5 = '428111c22627e1d4ee87705251704422' AND file:hashes.SHA1 = 'ccc90bd76af9d4b538aa88715027dd062f7c946d' AND file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:11:59.000Z", "modified": "2018-10-04T19:11:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-04T00:35:09", "category": "Other", "uuid": "836c2dac-1246-4175-a7ac-ad7a3246570e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc/analysis/1538613309/", "category": "External analysis", "uuid": "34afc7f8-f731-4458-bea0-0a620d0b2948" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "42f732a2-5783-4fe1-bf28-a299f63a6f65" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:03.000Z", "modified": "2018-10-04T19:12:03.000Z", "pattern": "[file:hashes.MD5 = '9584b6aec418a2af4efac24867a8c7ec' AND file:hashes.SHA1 = '22a8faf351768596500dbe6e27c05ad55744da1d' AND file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:01.000Z", "modified": "2018-10-04T19:12:01.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-08-28T00:22:07", "category": "Other", "uuid": "28299833-823a-4fae-9d26-936806282829" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb/analysis/1535415727/", "category": "External analysis", "uuid": "a8b600ec-a940-4775-8d5a-da5e6fb40637" }, { "type": "text", "object_relation": "detection-ratio", "value": "31/59", "category": "Other", "uuid": "6ab72e91-286a-4e59-aed6-7ba109b77661" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:05.000Z", "modified": "2018-10-04T19:12:05.000Z", "pattern": "[file:hashes.MD5 = '5ebeff1f005804bb8afef91095aac1d9' AND file:hashes.SHA1 = 'c92e07faaad26b4ac98f9cc0c5a24e60dcb25b8a' AND file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:04.000Z", "modified": "2018-10-04T19:12:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-04T00:40:15", "category": "Other", "uuid": "8f277ab7-05c6-46f8-909c-f3381f65afbc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b/analysis/1538613615/", "category": "External analysis", "uuid": "656ad417-eede-4da8-b924-d1ac777d5cbe" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "6b003f1f-e035-40ad-8331-3e79a4f9ed2e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:11.000Z", "modified": "2018-10-04T19:12:11.000Z", "pattern": "[file:hashes.MD5 = 'f620fb57352e6f393477a65101a4612e' AND file:hashes.SHA1 = '93515d7442d0240272b8d813b300219c53e88dfd' AND file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:10.000Z", "modified": "2018-10-04T19:12:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-08-19T23:46:42", "category": "Other", "uuid": "3feaaa6c-1944-4d54-b928-151e02b9ba75" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92/analysis/1534722402/", "category": "External analysis", "uuid": "4456021c-dde7-45e4-bb39-a42c628b0d31" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/58", "category": "Other", "uuid": "e23bb428-95e6-414a-a60f-e666d298495e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:17.000Z", "modified": "2018-10-04T19:12:17.000Z", "pattern": "[file:hashes.MD5 = '912681f6be51afa8c5ab36e691b88e74' AND file:hashes.SHA1 = '227d1aa69da8250ddbf8898863799e59bdfeb516' AND file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:15.000Z", "modified": "2018-10-04T19:12:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-08-28T00:21:20", "category": "Other", "uuid": "9da3df4d-2a97-4c0f-b9a8-4ee1e3bf41fa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a/analysis/1535415680/", "category": "External analysis", "uuid": "791bd56a-7de3-419e-9984-b3b8f1126ec6" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "620bf26e-ce72-408a-a9fb-29c061e257be" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:19.000Z", "modified": "2018-10-04T19:12:19.000Z", "pattern": "[file:hashes.MD5 = '7e1c3834c38984c34b6fd4c741ae3a21' AND file:hashes.SHA1 = '02b850450fcbcdd6b13f03b2121f124543480d62' AND file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:18.000Z", "modified": "2018-10-04T19:12:18.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-04T00:51:35", "category": "Other", "uuid": "50679951-11f3-4163-bca3-c1a71fc25d9f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45/analysis/1538614295/", "category": "External analysis", "uuid": "6a957d87-5bf5-4e47-9901-533d3be74a57" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/58", "category": "Other", "uuid": "b95271c3-bd73-4a19-ac07-58509fbe8fc6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:22.000Z", "modified": "2018-10-04T19:12:22.000Z", "pattern": "[file:hashes.MD5 = 'b2b129d84723d0ba2f803a546c8b19ae' AND file:hashes.SHA1 = '7a0485e52aa09f63d41e471fd736584c06c3dab6' AND file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:20.000Z", "modified": "2018-10-04T19:12:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-18T19:47:01", "category": "Other", "uuid": "a6d21e1e-4762-45a8-8397-1e40b79d6f0a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778/analysis/1537300021/", "category": "External analysis", "uuid": "25405b32-6b81-42dc-a247-ebc03f770730" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/58", "category": "Other", "uuid": "85bba342-833d-452d-ae52-93ca69be210c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed841816-818e-4245-b6dd-f2309f700681", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:24.000Z", "modified": "2018-10-04T19:12:24.000Z", "pattern": "[file:hashes.MD5 = 'cfb80e0b1e3927ebc1069b8fdc468072' AND file:hashes.SHA1 = '64bd5ba88d7e7104dc1a5586171e83825815362d' AND file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:24.000Z", "modified": "2018-10-04T19:12:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-01T16:00:37", "category": "Other", "uuid": "960ff2ae-bf7a-49c3-ab42-4134855d21d9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a/analysis/1538409637/", "category": "External analysis", "uuid": "146485a6-71f5-41d8-800b-4ac4f679f33b" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/58", "category": "Other", "uuid": "b5bc8306-34a2-4eb6-9dd5-893115f7c124" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "pattern": "[file:hashes.MD5 = '10d899e46e0df86ba6e6a4754de331d9' AND file:hashes.SHA1 = '29aabf21557507699503251e8e19ff77ee61f1bc' AND file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-10-04T19:12:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-04T19:12:26.000Z", "modified": "2018-10-04T19:12:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-10-04T00:21:25", "category": "Other", "uuid": "0911b7f8-578a-470b-a17b-1d302ea16696" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61/analysis/1538612485/", "category": "External analysis", "uuid": "b3cc844b-5bf3-4cb8-b122-eee753b95a86" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/58", "category": "Other", "uuid": "dd676758-854f-4bee-b4b2-4942e2c6efc7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2a00db68-d0a0-43b9-bfa2-70fced7b439c", "created": "2018-10-04T19:12:27.000Z", "modified": "2018-10-04T19:12:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f309283e-f9b3-4936-9534-ef6866f23c40", "target_ref": "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a6bdc7f1-2692-4ad4-aa7b-1888fdf4a3ae", "created": "2018-10-04T19:12:27.000Z", "modified": "2018-10-04T19:12:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930", "target_ref": "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--83d98ede-bfa6-44e7-b16a-e8420ce02ba7", "created": "2018-10-04T19:12:27.000Z", "modified": "2018-10-04T19:12:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0", "target_ref": "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b934a33f-b6e7-4251-86d9-0200a1982534", "created": "2018-10-04T19:12:27.000Z", "modified": "2018-10-04T19:12:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9", "target_ref": "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--38231b46-cc2d-4b0f-bf04-b27c947bc542", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8", "target_ref": "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecce8a6e-d10e-48ed-9101-5a680bc8c6b3", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435", "target_ref": "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--88cff23a-3f74-49c6-9354-af30c2378795", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0", "target_ref": "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--dd433e06-89e7-4170-bf8e-5beed3b3b617", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb", "target_ref": "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5a573c96-2547-4f14-9e08-e9618697402f", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ed841816-818e-4245-b6dd-f2309f700681", "target_ref": "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8ef2120f-2bc8-4a86-bf96-f5022d78ad23", "created": "2018-10-04T19:12:28.000Z", "modified": "2018-10-04T19:12:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8", "target_ref": "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }