adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b337e5f-4810-4cbe-bb0e-4b79950d210f.json

4832 lines
No EOL
219 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5b337e5f-4810-4cbe-bb0e-4b79950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:38:23.000Z",
"modified": "2018-08-14T12:38:23.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b337e5f-4810-4cbe-bb0e-4b79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:38:23.000Z",
"modified": "2018-08-14T12:38:23.000Z",
"name": "OSINT - RedAlpha: New Campaigns Discovered Targeting the Tibetan Community",
"published": "2018-08-14T12:39:56Z",
"object_refs": [
"observed-data--5b337e8c-cee4-4d6d-b810-4276950d210f",
"url--5b337e8c-cee4-4d6d-b810-4276950d210f",
"observed-data--5b337edb-8318-4ec6-a18f-48db950d210f",
"url--5b337edb-8318-4ec6-a18f-48db950d210f",
"x-misp-attribute--5b337fa8-09a0-4771-b1cc-2f80950d210f",
"indicator--5b605b1e-d01c-4031-8026-4d1e950d210f",
"indicator--5b606297-aa30-4385-853f-41f9950d210f",
"indicator--5b606297-8378-4d8c-8df2-4705950d210f",
"indicator--5b6062db-b7c4-4424-a0cc-40fa950d210f",
"indicator--5b61896c-d2a0-4f40-94a5-4215950d210f",
"indicator--5b61896c-cc28-4b71-be77-4c17950d210f",
"indicator--5b6195cb-7940-40be-ba96-46b1950d210f",
"indicator--5b61a5d7-5810-45cb-a80d-4a7d950d210f",
"indicator--5b61bc3b-c298-44cf-85f7-4624950d210f",
"indicator--5b68544e-a118-4b18-a3a1-8674950d210f",
"indicator--5b696185-abd8-4c4a-a7c0-4d3c950d210f",
"indicator--5b696186-2ba0-4bdb-8835-4fa4950d210f",
"indicator--5b696187-3674-4d2b-af94-40c7950d210f",
"indicator--5b696816-b788-4c94-ad87-4f9d950d210f",
"indicator--5b696816-05d4-4748-8410-46d8950d210f",
"indicator--5b696817-66d0-439e-b619-4269950d210f",
"indicator--5b696817-0fa0-4020-bf22-4a1a950d210f",
"indicator--5b696818-c060-4f3c-9a48-4054950d210f",
"indicator--5b696818-0924-4d39-847b-4a71950d210f",
"indicator--5b697d88-0db0-4536-a89e-436d950d210f",
"indicator--5b697d89-1520-42cb-a2cc-4ad1950d210f",
"indicator--5b697d8a-3054-4ae5-9c06-4b72950d210f",
"indicator--5b697f5f-3324-436c-93e1-4532950d210f",
"indicator--5b69801a-f90c-4c6e-952e-41fb950d210f",
"x-misp-object--5b33808f-c060-4227-891c-2f80950d210f",
"indicator--5b605571-86c8-4306-806d-495f950d210f",
"indicator--5b6063f0-5f28-4309-9719-4bf1950d210f",
"indicator--951dbf05-efee-46a0-b2aa-89e5c6d0c898",
"x-misp-object--4d6cc362-fb2b-4576-919d-8d66294873be",
"x-misp-object--af9cbff4-9e65-4a79-a1ec-e88133cdfb98",
"indicator--5b61631b-a13c-4dc0-b949-4342950d210f",
"indicator--5b618e15-2084-466a-8f5c-44df950d210f",
"indicator--5b619ae6-dff0-4f29-bc32-471a950d210f",
"indicator--5b619c3f-9644-4d94-a4ac-4d40950d210f",
"indicator--5b619eb3-4dac-4efa-b562-43ab950d210f",
"indicator--5b61a1be-f9ec-428a-aede-468e950d210f",
"indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f",
"indicator--5b61b964-b078-4a41-9a1e-48e3950d210f",
"indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"indicator--5b62c621-9d58-40e1-9105-4272950d210f",
"indicator--5b62c650-8358-49b9-9064-4ce8950d210f",
"indicator--5b62cb24-ebc0-4131-aa65-425b950d210f",
"indicator--b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0",
"x-misp-object--a51ea5b5-2181-4905-bda3-b2b1698c7c27",
"indicator--d2ec20b7-d689-47e6-9228-01a281f3ad02",
"x-misp-object--100f1a8d-1bc3-4000-92fe-bce0b793b222",
"indicator--5510fbf8-41c8-4a11-bcf0-42aa4303742e",
"x-misp-object--578b25b7-97b8-4d39-8537-323e64ffc399",
"indicator--db3a215c-d9b8-4d91-952a-af20cfe86d4a",
"x-misp-object--bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6",
"indicator--3ec440df-26e1-4883-94d8-cf5a44d48bbd",
"x-misp-object--c4f40e78-f5a3-449f-b8e0-bcb250e3da27",
"x-misp-object--c0793ff5-50a6-4817-8df9-8c28ab90f3d1",
"indicator--03b1be01-e7f1-41d2-bbeb-8c965ddd63d5",
"x-misp-object--62a6d635-11fb-43df-b01e-c38b5a08489f",
"x-misp-object--ab089f9c-349f-46f0-a2b2-ecfb3da24370",
"x-misp-object--db693d26-2826-4534-9718-84cf465571bc",
"x-misp-object--bc18676c-a419-4493-882b-dbffc94fae97",
"x-misp-object--4c400be1-7bc4-4c3e-ad25-0c0056e9a6da",
"x-misp-object--90f35bd9-30a9-467b-9f6e-7ed7648b7119",
"x-misp-object--2e9f7a81-d071-4fa8-bb22-eae520f03d51",
"indicator--5b67f371-c338-4728-8972-40ad950d210f",
"indicator--5b67f468-6ce0-48a4-9f9e-4e4f950d210f",
"indicator--5b67f49b-b550-450a-aabc-4439950d210f",
"indicator--5b67f783-02e0-44e8-8d8f-493f950d210f",
"indicator--5b67fc1a-9a38-404f-adcb-4b3a950d210f",
"indicator--5b67fc4f-381c-4dbd-b49e-4e8b950d210f",
"indicator--5b67fc62-4c2c-4fd6-b2a3-410e950d210f",
"indicator--5b680069-22b0-45f4-aba4-427d950d210f",
"indicator--5b68016d-a668-4301-8f51-4c52950d210f",
"indicator--5b680c7c-77a0-4e19-814b-4245950d210f",
"indicator--5b681333-943c-4633-9a90-45cd950d210f",
"indicator--5b681452-d5fc-45b4-af6f-4457950d210f",
"indicator--5b681a0a-4ab0-4f37-a19f-4726950d210f",
"indicator--5b681a2a-0324-4910-a7eb-415d950d210f",
"indicator--5b681a4c-0d40-4247-8c55-45c7950d210f",
"indicator--5b681d2e-bd1c-4726-882d-406e950d210f",
"indicator--5b681e31-67a8-4296-8fb7-433c950d210f",
"indicator--5b681f1f-e07c-416a-8a29-4057950d210f",
"indicator--5b682066-abf8-46ca-9b9b-484d950d210f",
"indicator--5b6820cb-7730-4294-af2c-4a2f950d210f",
"indicator--5b6821e7-aad4-4228-910a-4d8a950d210f",
"indicator--5b6822a7-f514-4918-a494-4246950d210f",
"indicator--5b6826c5-14a8-476f-9cf6-4867950d210f",
"indicator--5b6826e4-a924-400b-b8e4-44d5950d210f",
"indicator--5b682945-f85c-4fce-a9a0-45ef950d210f",
"indicator--5b682ab7-6624-450d-8b75-46cc950d210f",
"indicator--5b682b68-c684-4e35-9dd8-4f73950d210f",
"indicator--5b683107-e504-49db-9aed-4ce8950d210f",
"indicator--5b68311f-a2b0-440f-b8c9-446e950d210f",
"indicator--5b683145-03a4-424b-bae8-4737950d210f",
"indicator--5b68315c-a318-4645-86cb-448f950d210f",
"indicator--5b683b3b-9bd8-4fa9-8352-4e8b950d210f",
"indicator--5b683c0c-ef74-4489-a7b6-5955950d210f",
"indicator--5b683cd5-0a60-4246-8575-4fd1950d210f",
"indicator--5b68462b-45c4-4b41-9f65-41b2950d210f",
"indicator--5b6852b5-70f4-475c-8caa-8673950d210f",
"indicator--5b68552f-fc28-4fb4-b80b-c103950d210f",
"indicator--5b6855be-76a8-40dc-bfe2-494e950d210f",
"indicator--5b68564a-409c-43d2-a63b-c086950d210f",
"indicator--5b694c8d-d2d0-4373-83a1-4223950d210f",
"indicator--5b6950dc-d308-4352-ab07-474b950d210f",
"indicator--5b6951da-54fc-4427-a661-4464950d210f",
"indicator--5b6957dc-9424-494b-964a-49ed950d210f",
"x-misp-object--5b695c81-e640-449a-a7c7-4a0e950d210f",
"x-misp-object--5b695d6f-e188-4826-9b69-4ecb950d210f",
"indicator--5b695fae-b2a4-4cf6-8334-4e93950d210f",
"indicator--5b695fe3-aadc-45f7-ac2b-4416950d210f",
"indicator--5b696006-2e38-4f9f-a314-480f950d210f",
"indicator--5b69602f-90e8-466d-aa74-4a12950d210f",
"indicator--5b696072-e840-4ab7-8f2b-4eec950d210f",
"indicator--5b6960a5-8d20-405e-a193-4e1d950d210f",
"indicator--5b6960bf-e118-455d-a813-0b55950d210f",
"indicator--5b6960dc-86ec-4f89-b8dd-4088950d210f",
"indicator--5b6960f7-3ba8-42cc-a2f7-402d950d210f",
"indicator--5b696124-92cc-4823-9c30-40ab950d210f",
"indicator--5b69613b-db30-4ec1-852f-44bc950d210f",
"indicator--5b696150-9900-466c-8b82-45a8950d210f",
"indicator--5b69642b-02cc-49b3-b97c-44f5950d210f",
"indicator--5b6965c9-39b4-47c1-9084-46f2950d210f",
"x-misp-object--5b69670b-b290-44f4-a9fc-42e4950d210f",
"x-misp-object--5b6968ac-71ec-4a55-887d-47b7950d210f",
"x-misp-object--5b696957-9e2c-49d6-8bdb-4ffa950d210f",
"x-misp-object--5b69698a-8dd8-4aab-95b3-444e950d210f",
"indicator--5b697015-cc1c-4720-8f44-442a950d210f",
"indicator--5b697026-b170-41b0-937d-48cb950d210f",
"x-misp-object--8f903648-f534-497c-8096-7eba34dfcdd4",
"x-misp-object--280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63",
"x-misp-object--e0407f5c-72da-4b58-8ae9-627189b8808d",
"x-misp-object--5c696617-e214-4531-a91a-45aee2b893ed",
"indicator--b0e324d4-65be-418a-a8f8-735564d00606",
"x-misp-object--a9c8e203-1200-4950-8f13-6732275ea6ad",
"indicator--6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8",
"x-misp-object--21992a3f-2d25-4b0d-847d-154ab2829796",
"x-misp-object--8b4dbb0e-58a1-4630-be3d-83e95966a6cf",
"indicator--d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f",
"x-misp-object--7771644b-6de2-4a18-bc5f-c30dad0bd508",
"indicator--304084df-e41e-4456-88e4-353baeb7d839",
"x-misp-object--40e4d320-c62e-4322-ae15-b20e3369832d",
"x-misp-object--589e9254-4f90-490a-bc8c-fdea36be01b3",
"x-misp-object--71e73500-e019-4027-8696-5f48e8e0fd38",
"x-misp-object--7e3abe32-cfe8-485f-a22b-7e2989d16ffa",
"x-misp-object--6c1f2aee-af3d-4af0-a272-8aef0d5da562",
"x-misp-object--4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e",
"x-misp-object--bf7d4471-6524-4cdd-821d-63b550a8d3c7",
"x-misp-object--b5a9119a-4fae-4d63-8679-c0fcbe967f1c",
"x-misp-object--3ed9a824-86f6-44c8-addb-00ba19e4b915",
"indicator--5b605736-14d8-416e-beb0-4c30950d210f",
"indicator--5b605b02-8624-40ab-99a1-4f5c950d210f",
"indicator--5b6165b7-2d18-4189-bffe-4096950d210f",
"indicator--5b6182d4-67b8-4785-ba0e-4d23950d210f",
"indicator--5b618916-06bc-4a4b-971e-49dc950d210f",
"indicator--5b61a522-1fe8-431f-8471-4467950d210f",
"indicator--5b61bc26-8bb0-4860-8e09-4e88950d210f",
"indicator--5b62cb45-8260-4632-b14e-4a07950d210f",
"relationship--1071c15b-8c4b-4728-bfc7-ea5b9510b47f",
"relationship--c13a1d6a-5e6b-4d2c-a297-0138f3bbe802",
"relationship--1e835fa7-6e2e-45f2-94bd-037b2f979e70",
"relationship--f4c3f495-c730-4582-b7fe-4bc250d0bbbe",
"relationship--0e72c303-4b33-43b1-8d66-8956b14c7780",
"relationship--d6b7512b-9e03-4503-9cda-abe14e1f848a",
"relationship--3e68d24e-4ca7-485f-a340-2fa4d4f78e2b",
"relationship--fb09e0c6-2900-4327-8ab3-de756f4509d5",
"relationship--a87c5fb2-af89-401b-b0ec-5dfc1bb2dbe7",
"relationship--a9fbbf9c-185f-4ed4-afd0-5aee9bc7df7c",
"relationship--bab453b1-1e03-4a61-8dd4-ebe41de2905c",
"relationship--010a43fb-7fa8-412f-b17d-59d84b98e2c6",
"relationship--8f1967e6-0bdb-4c4a-96b1-c65816aa9411",
"relationship--7f42056c-f75e-4034-8564-df7782078297",
"relationship--8f9d8a82-50e3-4bce-b387-adf4998698d4",
"relationship--aefac089-c20c-4330-96db-f29ac5715439",
"relationship--7d70b0eb-a76a-4023-9b75-110023be7ff3",
"relationship--1d5097e7-9b37-4c2e-a85b-bca5bd557ab3",
"relationship--9c04cf51-ff35-4414-80c5-e44483bafade",
"relationship--c49b059b-86ee-4b44-a628-6cfa81d143ff",
"relationship--14deb0f7-1d63-49c5-9ee0-97993089a720",
"relationship--909ef439-c2cf-46a4-91a7-fce833300d05",
"relationship--df44c2ce-5a6c-4033-910f-547df75f010e",
"relationship--43700251-5d8d-4cad-bfcc-e3199ba4cdd6",
"relationship--d955b31a-37bb-49ea-b59c-98fd31b4eaaf",
"relationship--b002c9b3-96ae-4b27-90a5-aa3aa6eacc31",
"relationship--fb5756e4-b12c-43d3-a176-11d4b514c0dc",
"relationship--a0ac6845-2bd5-45c1-952e-9163f7e42748",
"relationship--edc5adaf-83ac-4a31-964f-d63c36ec2d82",
"relationship--8ab5eee6-0db7-4ba5-8b00-4d85c227216a",
"relationship--e6c6414f-c0dd-4bd9-981d-8a7f40c423c5",
"relationship--7c1c02df-1334-4e2b-a439-2448d31654f4",
"relationship--2e90d79c-1b32-4a9b-80e8-2807a53ea525"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:rat=\"NJRat\"",
"misp-galaxy:tool=\"njRAT\"",
"misp-galaxy:threat-actor=\"RedAlpha\"",
"misp-galaxy:sector=\"NGO\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b337e8c-cee4-4d6d-b810-4276950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T12:09:48.000Z",
"modified": "2018-06-27T12:09:48.000Z",
"first_observed": "2018-06-27T12:09:48Z",
"last_observed": "2018-06-27T12:09:48Z",
"number_observed": 1,
"object_refs": [
"url--5b337e8c-cee4-4d6d-b810-4276950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b337e8c-cee4-4d6d-b810-4276950d210f",
"value": "https://www.recordedfuture.com/redalpha-cyber-campaigns/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b337edb-8318-4ec6-a18f-48db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T12:11:07.000Z",
"modified": "2018-06-27T12:11:07.000Z",
"first_observed": "2018-06-27T12:11:07Z",
"last_observed": "2018-06-27T12:11:07Z",
"number_observed": 1,
"object_refs": [
"url--5b337edb-8318-4ec6-a18f-48db950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b337edb-8318-4ec6-a18f-48db950d210f",
"value": "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b337fa8-09a0-4771-b1cc-2f80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T12:14:32.000Z",
"modified": "2018-06-27T12:14:32.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Scope Note: Recorded Future analyzed new malware targeting the Tibetan community. This report includes a detailed analysis of the malware itself and associated infrastructure. Sources include Recorded Future\u00e2\u20ac\u2122s platform, VirusTotal, ReversingLabs, and third-party metadata, as well as common OSINT and network metadata enrichments, such as DomainTools Iris and PassiveTotal, and researcher collaboration.1 The impetus of this research is twofold: to provide indicators to leverage for protection for likely victims and to raise awareness of a possible shift in adversary TTPs."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b605b1e-d01c-4031-8026-4d1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T12:50:38.000Z",
"modified": "2018-07-31T12:50:38.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'doc.internetdocss.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T12:50:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b606297-aa30-4385-853f-41f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T13:22:31.000Z",
"modified": "2018-07-31T13:22:31.000Z",
"pattern": "[url:value = 'http://doc.internetdocss.com/nethelpx86.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T13:22:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b606297-8378-4d8c-8df2-4705950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T13:22:31.000Z",
"modified": "2018-07-31T13:22:31.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\nethelp.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T13:22:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6062db-b7c4-4424-a0cc-40fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T13:23:39.000Z",
"modified": "2018-07-31T13:23:39.000Z",
"pattern": "[url:value = 'http://doc.internetdocss.com/audiox86.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T13:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61896c-d2a0-4f40-94a5-4215950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T10:20:28.000Z",
"modified": "2018-08-01T10:20:28.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'www.hktechy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T10:20:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61896c-cc28-4b71-be77-4c17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T10:20:28.000Z",
"modified": "2018-08-01T10:20:28.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'index.ackques.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T10:20:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6195cb-7940-40be-ba96-46b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T11:13:15.000Z",
"modified": "2018-08-01T11:13:15.000Z",
"pattern": "[url:value = 'index.acques.com/index.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T11:13:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61a5d7-5810-45cb-a80d-4a7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T12:21:43.000Z",
"modified": "2018-08-01T12:21:43.000Z",
"pattern": "[domain-name:value = 'striker.internetdocss.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T12:21:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61bc3b-c298-44cf-85f7-4624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T13:57:15.000Z",
"modified": "2018-08-01T13:57:15.000Z",
"pattern": "[url:value = 'http://doc.internetdocss.com/index?']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T13:57:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68544e-a118-4b18-a3a1-8674950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T13:59:42.000Z",
"modified": "2018-08-06T13:59:42.000Z",
"description": "C2",
"pattern": "[url:value = 'http://220.218.70.160/sec.hta']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T13:59:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696185-abd8-4c4a-a7c0-4d3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:08:21.000Z",
"modified": "2018-08-07T09:08:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.84.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:08:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696186-2ba0-4bdb-8835-4fa4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:08:22.000Z",
"modified": "2018-08-07T09:08:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.245.22.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:08:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696187-3674-4d2b-af94-40c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:08:23.000Z",
"modified": "2018-08-07T09:08:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.245.22.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:08:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696816-b788-4c94-ad87-4f9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:36:22.000Z",
"modified": "2018-08-07T09:36:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.30.7.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696816-05d4-4748-8410-46d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:36:22.000Z",
"modified": "2018-08-07T09:36:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.30.7.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696817-66d0-439e-b619-4269950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:36:23.000Z",
"modified": "2018-08-07T09:36:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.192.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696817-0fa0-4020-bf22-4a1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:36:23.000Z",
"modified": "2018-08-07T09:36:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.195.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696818-c060-4f3c-9a48-4054950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:36:24.000Z",
"modified": "2018-08-07T09:36:24.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.192.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696818-0924-4d39-847b-4a71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:36:24.000Z",
"modified": "2018-08-07T09:36:24.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.20.192.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b697d88-0db0-4536-a89e-436d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T11:07:52.000Z",
"modified": "2018-08-07T11:07:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.62.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T11:07:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b697d89-1520-42cb-a2cc-4ad1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T11:07:53.000Z",
"modified": "2018-08-07T11:07:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.126.179.156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T11:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b697d8a-3054-4ae5-9c06-4b72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T11:07:54.000Z",
"modified": "2018-08-07T11:07:54.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.126.179.160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T11:07:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b697f5f-3324-436c-93e1-4532950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T11:15:43.000Z",
"modified": "2018-08-07T11:15:43.000Z",
"description": "2017 Campaign",
"pattern": "[import \"pe\"\r\nrule apt_ZZ_RedAlpha_2017Campaign_Dropper\r\n{\r\n meta:\r\n desc = \"RedAlpha 2017 Campaign, Dropper\"\r\n author = \"JAG-S, Insikt Group, RecordedFuture\"\r\n TLP = \"White\"\r\n md5_x86 = \"cb71f3b4f08eba58857532ac90bac77d\"\r\n md5_x64 = \"1412102eda0c2e5a5a85cb193dbb1524\"\r\n strings:\r\n $drops1 = \"http://doc.internetdocss.com/nethelp x86.dll\" ascii wide\r\n $drops2 = \"http://doc.internetdocss.com/audio x86.exe\" ascii wide\r\n $drops3 = \"http://doc.internetdocss.com/nethelp x64.dll\" ascii wide\r\n $drops4 = \"http://doc.internetdocss.com/audio x64.exe\" ascii wide\r\n $source1 = \"http://doc.internetdocss.com/word x86.exe\" ascii wide\r\n $source2 = \"http://doc.internetdocss.com/word x64.exe\" ascii wide\r\n $path1 = \"\\\\Programs\\\\Startup\\\\audio.exe\" ascii wide\r\n $path2 = \"c:\\\\Windows\\\\nethelp.dll\" ascii wide\r\n $persistence1 = \"SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\svchost\" ascii\r\nwide\r\n $persistence2 = \"%SystemRoot%\\\\system32\\\\svchost.exe -k \" ascii wide\r\n $persistence3 = \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\\" ascii wide\r\n $persistence4 = \"Parameters\" ascii wide\r\n $persistence5 = \"ServiceDll\" ascii wide\r\n $persistence6 = \"NetHelp\" ascii wide\r\n $persistence7 = \"Windows Internet Help\" ascii wide\r\n condition:\r\n uint16(0)==0x5A4D\r\n and\r\n filesize < 500KB\r\n and\r\n (\r\n (pe.imphash() == \"3697a1f9150de181026ce089c10657c3\" or pe.imphash() ==\r\n\"e6e566fc8a1dee3019821e84c5ad58cc\")\r\n or\r\n (\r\n any of ($drops*)\r\n or\r\n any of ($source*)\r\n or\r\n any of ($path*)\r\n or\r\n 6 of ($persistence*)\r\n )\r\n )\r\n}\r\n\r\nrule apt_ZZ_RedAlpha_2017Campaign_nethelp\r\n{\r\nmeta:\r\ndesc = \"RedAlpha 2017 Campaign, NetHelp Drop\"\r\nauthor = \"JAG-S, Insikt Group, RecordedFuture\"\r\nTLP = \"White\"\r\nmd5_x86 = \"42256b4753724f7feb411bc9912155fd\"\r\nmd5_x86 = \"6d1d6987d0677f40e473befab121ab1b\"\r\nmd5_x64 = \"8f0fe2620f8dadf93eee285834e35655\"\r\nmd5_x64 = \"cd32ce54ed94dfbde7fb85930a16597d\"\r\nmd5_x64_striker = \"6dd1be1e491d5bf9cd14686c185c3009\"\r\nstrings:\r\n$postreq1 = \"POST /index.html HTTP/1.1\" ascii wide\r\n$postreq2 = \"Host: index.ackques.com\" ascii wide\r\n$postreq3 = \"User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101\r\nChrome /53.0\" ascii wide\r\n$postreq4 = \"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*\" ascii\r\nwide\r\n$postreq5 = \"Accept-Language: en-US;q=0.5,en;q=0.3\" ascii wide\r\n$postreq6 = \"Accept-Encoding: gzip, deflate\" ascii wide\r\n$postreq7 = \"Content-Type: application/x-www-form-urlencoded\" ascii wide\r\n$postreq8 = \"Content-Length: %d\" ascii wide\r\n$postreq9 = \"Connection: keep-alive\" ascii wide\r\n$postreq10 = \"Upgrade-Insecure-Requests: 1\" ascii wide\r\n$cnc1 = \"index.ackques.com\" ascii wide\r\n$cnc2 = \"www.hktechy.com\" ascii wide\r\n $cnc3 = \"striker.internetdocss.com\" ascii wide\r\n$service1 = \"Windows Internet Help\" ascii wide\r\n$service2 = \"Client.dll\" ascii wide\r\n$service3 = \"ServiceMain\" ascii wide\r\ncondition:\r\nuint16(0)==0x5A4D\r\nand\r\nfilesize < 500KB\r\nand\r\n(\r\n(pe.imphash() == \"bc902a5e56cbbaa82f4af26cf9f4567e\"\r\nor pe.imphash() == \"af5487e77c16d987ca02d59bdcf38489\"\r\nor pe.imphash() == \"6e109cbbd181ad567b90463d48302c72\"\r\nor pe.imphash() == \"df09df6d5ae774f280c43e3cc0e4a142\"\r\n)\r\nor\r\n(\r\nall of ($postreq*)\r\nor\r\nany of ($cnc*)\r\nor\r\nall of ($service*)\r\n)\r\n)\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2018-08-07T11:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b69801a-f90c-4c6e-952e-41fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T11:18:50.000Z",
"modified": "2018-08-07T11:18:50.000Z",
"description": "2018 Campaign",
"pattern": "[import \"pe\"\r\nrule apt_ZZ_RedAlpha_Dropper\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n tlp = \"White\"\r\n md5 = \"e6c0ac26b473d1e0fa9f74fdf1d01af8\"\r\n md5 = \"e28db08b2326a34958f00d68dfb034b0\"\r\n md5 = \"c94a39d58450b81087b4f1f5fd304add\"\r\n md5 = \"3a2b1a98c0a31ed32759f48df34b4bc8\"\r\n desc = \"RedAlpha Dropper\"\r\n version = \"1.0\"\r\n strings:\r\n $cnc = \"http://doc.internetdocss.com/index?\"\r\n condition:\r\n uint16(0) == 0x5A4D\r\n and filesize < 500KB\r\n and\r\n (pe.imphash() == \"17030637d18335c7267d09ec0ebc637c\" or pe.imphash() ==\r\n\"617fd4619e215a00dae98de5980a4210\")\r\n and\r\n all of them\r\n}\r\nrule apt_ZZ_RedAlpha_njRat\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n TLP = \"White\"\r\n md5 = \"c74608c70a59371cbf016316bebfab06\"\r\n date = \"04-14-2018\"\r\n desc = \"Second-stage njRAT, RedAlpha config\"\r\n version = \"1.1\"\r\n strings:\r\n $installName = \"serverdo.exe\" wide\r\n $port = \"9527\" wide\r\n $version = \"0.7d\" wide\r\n $c2 = \"doc.internetdocss.com\" wide\r\n condition:\r\n uint16(0) == 0x5A4D and filesize < 50KB\r\n and\r\n pe.imphash() == \"f34d5f2d4577ed6d9ceec516c1f5a744\"\r\n and\r\n all of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2018-08-07T11:18:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b33808f-c060-4227-891c-2f80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T12:20:09.000Z",
"modified": "2018-06-27T12:20:09.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Based on links to #malware used by Chinese APTs, our research team makes assessments about who exactly is behind the newly discovered RedAlpha campaigns: (link: http://bit.ly/2KaCeS0) bit.ly/2KaCeS0 #Analysis",
"category": "Other",
"uuid": "5b33808f-96b0-4315-aceb-2f80950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5b338090-97ac-4266-af6a-2f80950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/RecordedFuture/status/1011675584198529024",
"category": "Network activity",
"to_ids": true,
"uuid": "5b338090-7bc0-4dc3-8e93-2f80950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://t.co/D1MIxdpuBK?amp=1",
"category": "External analysis",
"to_ids": true,
"uuid": "5b338092-51b8-45b2-b1f6-2f80950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://www.recordedfuture.com/redalpha-cyber-campaigns/",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5b338092-8fdc-46a8-91f2-2f80950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2018-06-26T20:20:00",
"category": "Other",
"uuid": "5b338093-a724-4628-9d75-2f80950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "@RecordedFuture",
"category": "Other",
"uuid": "5b338093-7b6c-4274-9555-2f80950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b605571-86c8-4306-806d-495f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"description": "PE32 executable (GUI) Intel 80386, for MS Windows\r\n2017 Audio dropper. Also observed being\r\ndeployed from Japanese IP\r\n220.218.70.160",
"pattern": "[file:hashes.MD5 = 'cb71f3b4f08eba58857532ac90bac77d' AND file:hashes.SHA1 = '3142029872c39f393e765d59d68cf4f912170629' AND file:hashes.SHA256 = 'e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e' AND file:name = 'wordx86.exe\u00e2\u20ac\u009d' AND file:name = 'audiox86.exe\u00e2\u20ac\u009d' AND file:size = '93000' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6063f0-5f28-4309-9719-4bf1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:08.000Z",
"modified": "2018-08-02T10:03:08.000Z",
"description": "PE32+ executable (GUI) x86-64, for MS Windows",
"pattern": "[file:hashes.MD5 = '1412102eda0c2e5a5a85cb193dbb1524' AND file:name = 'wordx64.exe' AND file:name = 'audiox64.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--951dbf05-efee-46a0-b2aa-89e5c6d0c898",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T14:57:38.000Z",
"modified": "2018-07-31T14:57:38.000Z",
"pattern": "[file:hashes.MD5 = '1412102eda0c2e5a5a85cb193dbb1524' AND file:hashes.SHA1 = 'f243d9d60dbae71ef36c0200372835f5093e954c' AND file:hashes.SHA256 = 'da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T14:57:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4d6cc362-fb2b-4576-919d-8d66294873be",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T14:57:36.000Z",
"modified": "2018-07-31T14:57:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:21",
"category": "Other",
"uuid": "cdc06ac9-6db1-4e66-afc7-5f284c4b0d71"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/",
"category": "External analysis",
"uuid": "f625803b-9836-40a9-8fc4-badb7641d32a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "39deaf89-4d50-41f0-94a8-231614288d89"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--af9cbff4-9e65-4a79-a1ec-e88133cdfb98",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T14:57:37.000Z",
"modified": "2018-07-31T14:57:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:55:00",
"category": "Other",
"uuid": "c07ff68e-441d-4c99-95ef-3442a02573da"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/",
"category": "External analysis",
"uuid": "fb7703c7-c989-4040-9e80-20cbefe11bad"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/67",
"category": "Other",
"uuid": "cbecb56f-21ab-4fa0-8932-db8eeee8f165"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61631b-a13c-4dc0-b949-4342950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"description": "NetHelp Infostealer",
"pattern": "[file:hashes.MD5 = '42256b4753724f7feb411bc9912155fd' AND file:hashes.SHA1 = '7e7d38b1687c5949528d35d8e405d995ac15d1b2' AND file:hashes.SHA256 = '293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3' AND file:name = 'nethelpx86.dll' AND file:name = 'nethelp.dll' AND file:name = 'audiox86.exe' AND file:size = '198000' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b618e15-2084-466a-8f5c-44df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T10:40:21.000Z",
"modified": "2018-08-01T10:40:21.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'www.hktechy.com') AND network-traffic:dst_port = '80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T10:40:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b619ae6-dff0-4f29-bc32-471a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T11:35:02.000Z",
"modified": "2018-08-01T11:35:02.000Z",
"description": "PE32 executable (GUI) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = '6d1d6987d0677f40e473befab121ab1b' AND file:name = 'audiox86' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T11:35:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b619c3f-9644-4d94-a4ac-4d40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"description": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"pattern": "[file:hashes.MD5 = '8f0fe2620f8dadf93eee285834e35655' AND file:name = 'nethelp\\\\%20x64.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b619eb3-4dac-4efa-b562-43ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"description": "PE32+ executable (GUI) x86-64, for MS Windows",
"pattern": "[file:hashes.MD5 = 'cd32ce54ed94dfbde7fb85930a16597d' AND file:name = 'audio\\\\%20x64.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61a1be-f9ec-428a-aede-468e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"description": "PE32+ executable (DLL) (console) x86-64, for MS Windows",
"pattern": "[file:hashes.MD5 = '6dd1be1e491d5bf9cd14686c185c3009' AND file:hashes.SHA1 = '1e9a0a147198b8dfb4a33fc5bb1406635bfbe514' AND file:hashes.SHA256 = 'd0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec' AND file:name = 'nethelp.dll' AND file:size = '254000' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"pattern": "[file:hashes.MD5 = '5228914b534a437eb7985702e78772be' AND file:hashes.SHA1 = '83d7ceb2e55ae3d6bbf0936376e82fe5bc97a963' AND file:hashes.SHA256 = '02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef' AND file:size = '798000' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61b964-b078-4a41-9a1e-48e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"pattern": "[file:hashes.MD5 = 'e6c0ac26b473d1e0fa9f74fdf1d01af8' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"pattern": "[file:hashes.MD5 = 'e28db08b2326a34958f00d68dfb034b0' AND file:hashes.SHA1 = '28bc84813b9dec660fe95d590ef33e574fe16254' AND file:hashes.SHA256 = '50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81' AND file:name = 'winlogon.exe' AND file:size = '274000' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62c621-9d58-40e1-9105-4272950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"description": "PE32 executable (GUI) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = 'c94a39d58450b81087b4f1f5fd304add' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62c650-8358-49b9-9064-4ce8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"description": "PE32 executable (console) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = '3a2b1a98c0a31ed32759f48df34b4bc8' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62cb24-ebc0-4131-aa65-425b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:08.000Z",
"modified": "2018-08-02T10:03:08.000Z",
"pattern": "[file:hashes.MD5 = 'c74608c70a59371cbf016316bebfab06' AND file:hashes.SHA1 = 'e781aa54be06e010f1096fcc39a95df144659bd3' AND file:hashes.SHA256 = '1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c' AND file:name = 'serverdo.exe' AND file:size = '24000' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:08.000Z",
"modified": "2018-08-02T10:03:08.000Z",
"pattern": "[file:hashes.MD5 = 'cd32ce54ed94dfbde7fb85930a16597d' AND file:hashes.SHA1 = 'da9c4aad7e38b904106a059b9b6318746fa6175d' AND file:hashes.SHA256 = 'b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a51ea5b5-2181-4905-bda3-b2b1698c7c27",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:07.000Z",
"modified": "2018-08-02T10:03:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:06",
"category": "Other",
"uuid": "4b9cdbc3-8039-4f5f-a5d8-0c044c4db001"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/",
"category": "External analysis",
"uuid": "01bc974e-812b-4c2a-aff4-6edd4e5fe0db"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/68",
"category": "Other",
"uuid": "c6aed43c-f6d9-4dec-948e-0a007f83ae47"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d2ec20b7-d689-47e6-9228-01a281f3ad02",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:11.000Z",
"modified": "2018-08-02T10:03:11.000Z",
"pattern": "[file:hashes.MD5 = '8f0fe2620f8dadf93eee285834e35655' AND file:hashes.SHA1 = '84b80f942683d1b29180861664ec31d56321b975' AND file:hashes.SHA256 = '25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--100f1a8d-1bc3-4000-92fe-bce0b793b222",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:10.000Z",
"modified": "2018-08-02T10:03:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:46",
"category": "Other",
"uuid": "03525361-029b-45e1-901d-d638b67da8d0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/",
"category": "External analysis",
"uuid": "c20c3051-7431-47f5-8e07-9f8cb38f4503"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/66",
"category": "Other",
"uuid": "c48f0741-4780-4a4a-9228-e16aa95cdcb2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5510fbf8-41c8-4a11-bcf0-42aa4303742e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:14.000Z",
"modified": "2018-08-02T10:03:14.000Z",
"pattern": "[file:hashes.MD5 = '6d1d6987d0677f40e473befab121ab1b' AND file:hashes.SHA1 = 'ba977849cde0836a10da99cbb952f672b360a311' AND file:hashes.SHA256 = 'e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--578b25b7-97b8-4d39-8537-323e64ffc399",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:12.000Z",
"modified": "2018-08-02T10:03:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:53:56",
"category": "Other",
"uuid": "39d6d6c8-ce32-4e70-9f88-a969ff043882"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/",
"category": "External analysis",
"uuid": "1b5c3a81-7820-4538-98eb-3e4805a6d9bb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/67",
"category": "Other",
"uuid": "684a278f-7203-49ac-981d-e5fe53e016d2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--db3a215c-d9b8-4d91-952a-af20cfe86d4a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:16.000Z",
"modified": "2018-08-02T10:03:16.000Z",
"pattern": "[file:hashes.MD5 = '3a2b1a98c0a31ed32759f48df34b4bc8' AND file:hashes.SHA1 = 'e86204a1c55448eb61c1d03895cf1aecf6c4ce07' AND file:hashes.SHA256 = '30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:15.000Z",
"modified": "2018-08-02T10:03:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-01T23:46:03",
"category": "Other",
"uuid": "1521fa81-70ac-4209-8ac0-020efaaf2b5c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533167163/",
"category": "External analysis",
"uuid": "be25cd41-41af-469a-ab3a-72b7edd67d5e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/67",
"category": "Other",
"uuid": "ee0ba7fa-de9b-4ed1-9dc1-4a7b1ade08f0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3ec440df-26e1-4883-94d8-cf5a44d48bbd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:19.000Z",
"modified": "2018-08-02T10:03:19.000Z",
"pattern": "[file:hashes.MD5 = 'c94a39d58450b81087b4f1f5fd304add' AND file:hashes.SHA1 = 'e15ed8a83c9e1745497fbf33aa9af3b19b2ecbda' AND file:hashes.SHA256 = 'd4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c4f40e78-f5a3-449f-b8e0-bcb250e3da27",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:17.000Z",
"modified": "2018-08-02T10:03:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-02T00:06:12",
"category": "Other",
"uuid": "f949f8be-c2c5-4941-a83c-e59cfb47047a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533168372/",
"category": "External analysis",
"uuid": "41e31e37-9f2e-4fe9-9753-79101bd04941"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/66",
"category": "Other",
"uuid": "9d3bc97d-e36a-4746-ac96-c0a60d5e503f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c0793ff5-50a6-4817-8df9-8c28ab90f3d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:18.000Z",
"modified": "2018-08-02T10:03:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:21",
"category": "Other",
"uuid": "7daa5c0a-a5aa-4e39-a7c2-9cb774d3f09a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/",
"category": "External analysis",
"uuid": "eb42bd66-492e-4c88-893a-09743596dbb6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "bf156d11-ec98-4904-9dbf-60d340f38d3c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--03b1be01-e7f1-41d2-bbeb-8c965ddd63d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:22.000Z",
"modified": "2018-08-02T10:03:22.000Z",
"pattern": "[file:hashes.MD5 = 'e6c0ac26b473d1e0fa9f74fdf1d01af8' AND file:hashes.SHA1 = 'acf58d62cdee49cacd253bc759b043d883aad30a' AND file:hashes.SHA256 = 'd5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T10:03:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--62a6d635-11fb-43df-b01e-c38b5a08489f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:21.000Z",
"modified": "2018-08-02T10:03:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-31T23:56:41",
"category": "Other",
"uuid": "a38f4d5e-021b-42cc-90bc-bb3e8532c5cf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533081401/",
"category": "External analysis",
"uuid": "867b2ea8-5a62-4fa1-a78c-749209dd6e40"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/66",
"category": "Other",
"uuid": "730bccdd-09f3-49be-9abc-151632bee2ee"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ab089f9c-349f-46f0-a2b2-ecfb3da24370",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:22.000Z",
"modified": "2018-08-02T10:03:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:55:00",
"category": "Other",
"uuid": "b040a225-fc25-4c02-b728-f603912b7697"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/",
"category": "External analysis",
"uuid": "88fb41f1-a0d8-4613-a27c-127fdd79f71b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/67",
"category": "Other",
"uuid": "5c49008c-9f4f-46be-936b-b3e89bcedefa"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--db693d26-2826-4534-9718-84cf465571bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:23.000Z",
"modified": "2018-08-02T10:03:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-01T23:49:09",
"category": "Other",
"uuid": "a6f08c8a-389b-443f-8392-d683577b8359"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533167349/",
"category": "External analysis",
"uuid": "23854605-57d3-4c4c-b52e-e0f76fcc54b0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/59",
"category": "Other",
"uuid": "46b9e96e-856d-4886-b317-f31a71f1e201"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bc18676c-a419-4493-882b-dbffc94fae97",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:25.000Z",
"modified": "2018-08-02T10:03:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-31T23:56:33",
"category": "Other",
"uuid": "4b3fd073-64b5-4d98-88b3-9b10f1b6a899"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533081393/",
"category": "External analysis",
"uuid": "8f213639-c885-4015-9237-dcb58587a00d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/68",
"category": "Other",
"uuid": "5a1325fe-8172-4afc-8a53-9a6fcb44c68e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4c400be1-7bc4-4c3e-ad25-0c0056e9a6da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:26.000Z",
"modified": "2018-08-02T10:03:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-02T00:05:39",
"category": "Other",
"uuid": "815bce8f-9090-45ec-9b75-d1d992b21665"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533168339/",
"category": "External analysis",
"uuid": "f729015f-82c7-4ce3-82ca-29c870f12df8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "61/68",
"category": "Other",
"uuid": "c058fdbf-c051-4377-9a58-e99faff08177"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--90f35bd9-30a9-467b-9f6e-7ed7648b7119",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:27.000Z",
"modified": "2018-08-02T10:03:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:53:51",
"category": "Other",
"uuid": "d5f94bd5-fc5a-4aee-a7d6-f51eeda67291"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/",
"category": "External analysis",
"uuid": "1ffceaf7-f028-4f96-bf93-a2e29e09a4a0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/66",
"category": "Other",
"uuid": "7eb90641-2c5d-4785-b834-92e79e6fa703"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2e9f7a81-d071-4fa8-bb22-eae520f03d51",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T10:03:28.000Z",
"modified": "2018-08-02T10:03:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:11",
"category": "Other",
"uuid": "fefb306a-a08f-44c8-b831-2f868d3d74da"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/",
"category": "External analysis",
"uuid": "07a85360-c323-45e7-aeac-b520d8ac5626"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/67",
"category": "Other",
"uuid": "21dc7abb-a099-458c-9512-a670a6a4f220"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67f371-c338-4728-8972-40ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T08:02:14.000Z",
"modified": "2018-08-06T08:02:14.000Z",
"description": "Japanese IP (Ucom-Corp)",
"pattern": "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2017-06-28T00:00:00' AND domain-name:x_misp_last_seen = '2017-09-14T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T08:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67f468-6ce0-48a4-9f9e-4e4f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T07:20:52.000Z",
"modified": "2018-08-06T07:20:52.000Z",
"description": "Japanese IP",
"pattern": "[domain-name:value = '220x218x70x160.ap220.ftth.ucom.ne.jp' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2016-10-27T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T07:20:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67f49b-b550-450a-aabc-4439950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T07:21:13.000Z",
"modified": "2018-08-06T07:21:13.000Z",
"description": "Japanese IP",
"pattern": "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2017-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-08T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T07:21:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67f783-02e0-44e8-8d8f-493f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T07:23:47.000Z",
"modified": "2018-08-06T07:23:47.000Z",
"description": "Chinese IP belonging to Chinese VPS provider VPSQuan LLC.",
"pattern": "[domain-name:value = 'hktechy.com' AND domain-name:resolves_to_refs[*].value = '198.44.172.97' AND domain-name:x_misp_first_seen = '2017-06-19T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T07:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67fc1a-9a38-404f-adcb-4b3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"description": "2017 campaign dropper variant. Also\r\nobserved being deployed from Japanese IP\r\n220.218.70[.]160",
"pattern": "[file:hashes.MD5 = '1412102eda0c2e5a5a85cb193dbb1524' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67fc4f-381c-4dbd-b49e-4e8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T07:44:15.000Z",
"modified": "2018-08-06T07:44:15.000Z",
"description": "Observed being deployed from Japanese IP\r\n220.218.70[.]160. Sample not available at\r\ntime of research in malware multiscanner\r\nrepositories. Possible variant of 2017\r\ninfostealer or dropper.",
"pattern": "[file:hashes.MD5 = '1b67183acc18d7641917f4fe07c1b053' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T07:44:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67fc62-4c2c-4fd6-b2a3-410e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"description": "2017 NetHelp infostealer variant",
"pattern": "[file:hashes.MD5 = '6d1d6987d0677f40e473befab121ab1b' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b680069-22b0-45f4-aba4-427d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T08:01:45.000Z",
"modified": "2018-08-06T08:01:45.000Z",
"description": "SG IP (Choopa LLC)",
"pattern": "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-30T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-25T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T08:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68016d-a668-4301-8f51-4c52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T08:06:05.000Z",
"modified": "2018-08-06T08:06:05.000Z",
"description": "HK IP (Cloudie Limited)",
"pattern": "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '122.10.84.146' AND domain-name:x_misp_first_seen = '2018-02-08T00:00:00' AND domain-name:x_misp_last_seen = '2018-03-27T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T08:06:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b680c7c-77a0-4e19-814b-4245950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T08:53:16.000Z",
"modified": "2018-08-06T08:53:16.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'item.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-23T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-01T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T08:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681333-943c-4633-9a90-45cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T09:21:55.000Z",
"modified": "2018-08-06T09:21:55.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'cfr.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-17T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T09:21:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681452-d5fc-45b4-af6f-4457950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T09:26:42.000Z",
"modified": "2018-08-06T09:26:42.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'tootopia.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-23T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T09:26:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681a0a-4ab0-4f37-a19f-4726950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T09:51:06.000Z",
"modified": "2018-08-06T09:51:06.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'oc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-06T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T09:51:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681a2a-0324-4910-a7eb-415d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T09:51:38.000Z",
"modified": "2018-08-06T09:51:38.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'thewire.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-02-05T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T09:51:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681a4c-0d40-4247-8c55-45c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T09:52:12.000Z",
"modified": "2018-08-06T09:52:12.000Z",
"description": "SG IP",
"pattern": "[domain-name:value = 'tibet.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T09:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681d2e-bd1c-4726-882d-406e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:04:30.000Z",
"modified": "2018-08-06T10:04:30.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'savetibet.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:04:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681e31-67a8-4296-8fb7-433c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:08:49.000Z",
"modified": "2018-08-06T10:08:49.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'blog.tibetcul.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:08:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b681f1f-e07c-416a-8a29-4057950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:12:47.000Z",
"modified": "2018-08-06T10:12:47.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'rediff.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:12:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b682066-abf8-46ca-9b9b-484d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:18:14.000Z",
"modified": "2018-08-06T10:18:14.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'ndtv.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:18:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6820cb-7730-4294-af2c-4a2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:19:55.000Z",
"modified": "2018-08-06T10:19:55.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'business.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6821e7-aad4-4228-910a-4d8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:24:39.000Z",
"modified": "2018-08-06T10:24:39.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'apple.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-03-19T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6822a7-f514-4918-a494-4246950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:27:51.000Z",
"modified": "2018-08-06T10:27:51.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'chinaaid.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-25T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6826c5-14a8-476f-9cf6-4867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:45:25.000Z",
"modified": "2018-08-06T10:45:25.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'epochtimes.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-21T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-16T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:45:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6826e4-a924-400b-b8e4-44d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:45:56.000Z",
"modified": "2018-08-06T10:45:56.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'artvoice.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-17T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-16T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:45:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b682945-f85c-4fce-a9a0-45ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T10:56:05.000Z",
"modified": "2018-08-06T10:56:05.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'docs.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-02-05T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-16T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T10:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b682ab7-6624-450d-8b75-46cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T11:02:15.000Z",
"modified": "2018-08-06T11:02:15.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'www.apple.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-25T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-25T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T11:02:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b682b68-c684-4e35-9dd8-4f73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T11:05:12.000Z",
"modified": "2018-08-06T11:05:12.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'www.doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-23T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-23T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T11:05:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b683107-e504-49db-9aed-4ce8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T11:29:11.000Z",
"modified": "2018-08-06T11:29:11.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'doc.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-04-16T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T11:29:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68311f-a2b0-440f-b8c9-446e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T11:29:35.000Z",
"modified": "2018-08-06T11:29:35.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'vot.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-01-14T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T11:29:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b683145-03a4-424b-bae8-4737950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T11:30:13.000Z",
"modified": "2018-08-06T11:30:13.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'video.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2018-01-10T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-18T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T11:30:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68315c-a318-4645-86cb-448f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T11:30:36.000Z",
"modified": "2018-08-06T11:30:36.000Z",
"description": "SG IP ",
"pattern": "[domain-name:value = 'my.anti-spammail.services' AND domain-name:resolves_to_refs[*].value = '45.77.250.80' AND domain-name:x_misp_first_seen = '2017-12-28T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-07T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T11:30:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b683b3b-9bd8-4fa9-8352-4e8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T12:12:43.000Z",
"modified": "2018-08-06T12:12:43.000Z",
"description": "China IP (Shenzhen Katherine Heng Technology Information Co., Ltd.)",
"pattern": "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '144.48.220.167' AND domain-name:x_misp_first_seen = '2107-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2017-09-07T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T12:12:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b683c0c-ef74-4489-a7b6-5955950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T12:16:12.000Z",
"modified": "2018-08-06T12:16:12.000Z",
"description": "Hong Kong IP (Forewin Telecom Group Isp)",
"pattern": "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '27.126.179.158' AND domain-name:x_misp_first_seen = '2017-09-07T00:00:00' AND domain-name:x_misp_last_seen = '2017-09-07T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T12:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b683cd5-0a60-4246-8575-4fd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T12:19:33.000Z",
"modified": "2018-08-06T12:19:33.000Z",
"description": "Japan IP (UCom Corp)",
"pattern": "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '220.218.70.160' AND domain-name:x_misp_first_seen = '2017-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2018-04-08T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T12:19:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68462b-45c4-4b41-9f65-41b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T12:59:23.000Z",
"modified": "2018-08-06T12:59:23.000Z",
"description": "South Korean IP (Korea Telecom)",
"pattern": "[domain-name:value = 'u2xu2.com' AND domain-name:resolves_to_refs[*].value = '211.44.63.39' AND domain-name:x_misp_first_seen = '2017-08-20T00:00:00' AND domain-name:x_misp_last_seen = '2018-05-27T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T12:59:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6852b5-70f4-475c-8caa-8673950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T13:52:53.000Z",
"modified": "2018-08-06T13:52:53.000Z",
"pattern": "[file:hashes.MD5 = '1929db297c9d7d88a6427b8603a7145b' AND file:name = 'Microsoft_Word_97_-_2003___1.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T13:52:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68552f-fc28-4fb4-b80b-c103950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T14:03:27.000Z",
"modified": "2018-08-06T14:03:27.000Z",
"description": "HK IP (Forewin Telecom Group Limited).",
"pattern": "[domain-name:value = 'striker.internetdocss.com' AND domain-name:resolves_to_refs[*].value = '27.126.179.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T14:03:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6855be-76a8-40dc-bfe2-494e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T14:05:50.000Z",
"modified": "2018-08-06T14:05:50.000Z",
"description": "SSL cert was observed on all Forewin Telecom registered IPs in the range 27.126.179[.]156 \u00e2\u20ac\u201d 27.126.179[.]160.",
"pattern": "[file:hashes.SHA1 = 'c8e61a4282589c93774be2cddc109599316087b7' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T14:05:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b68564a-409c-43d2-a63b-c086950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-06T14:08:10.000Z",
"modified": "2018-08-06T14:08:10.000Z",
"description": "SSL cert was active on the 27.126.179[.]159 Forewin IP when it had tk.u2xu2[.]com pointing to it",
"pattern": "[file:hashes.SHA1 = 'dd3f4da890fa00b0b6032d1141f54490c093c297' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-06T14:08:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b694c8d-d2d0-4373-83a1-4223950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T07:38:53.000Z",
"modified": "2018-08-07T07:38:53.000Z",
"pattern": "[domain-name:value = 'http.ackques.com' AND domain-name:resolves_to_refs[*].value = '7.126.179.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T07:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6950dc-d308-4352-ab07-474b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T07:58:32.000Z",
"modified": "2018-08-07T07:58:32.000Z",
"pattern": "[domain-name:value = 'sp.u2xu2.com' AND domain-name:resolves_to_refs[*].value = '122.10.84.146' AND domain-name:x_misp_first_seen = '2018-03-23T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T07:58:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6951da-54fc-4427-a661-4464950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T08:01:30.000Z",
"modified": "2018-08-07T08:01:30.000Z",
"description": "alternate\r\nMD5 should be 3a2b1a98c0a31ed32759f48df34b4bc8\u00e2\u20ac\u2039\r\nfirst-stage validator that includes a second stage payload that drops njRAT.",
"pattern": "[file:name = 'qww.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6957dc-9424-494b-964a-49ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"description": "version of njRAT (also\r\nknown as Bladibindi) hosted on the same 122.10.84.146 Hong Kong IP \r\nLikely related to the \u00e2\u20ac\u0153qww.exe\u00e2\u20ac\u009d validator.",
"pattern": "[file:hashes.MD5 = 'c74608c70a59371cbf016316bebfab06' AND file:name = 'serverdo7468.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b695c81-e640-449a-a7c7-4a0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T08:46:57.000Z",
"modified": "2018-08-07T08:46:57.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "steven-jain@outlook.com",
"category": "Attribution",
"uuid": "5b695c81-92b0-492b-902f-4abb950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "ktechy.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5b695c82-a494-49a2-8702-4395950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b695d6f-e188-4826-9b69-4ecb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T08:50:55.000Z",
"modified": "2018-08-07T08:50:55.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "steven-jain@outlook.com",
"category": "Attribution",
"uuid": "5b695d6f-bd1c-4571-a75c-4c1b950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "angtechy.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5b695d70-7270-4afc-859c-4e30950d210f"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "15.126.39.107",
"category": "Network activity",
"to_ids": true,
"uuid": "5b695d71-305c-4846-a468-4554950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2017-06-20T00:00:00",
"category": "Other",
"uuid": "5b695d71-d858-4785-a9e1-452a950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b695fae-b2a4-4cf6-8334-4e93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:00:30.000Z",
"modified": "2018-08-07T09:00:30.000Z",
"description": "Spoofed Organization: China National Hotel Education Network (cqledi.org)",
"pattern": "[domain-name:value = 'cqledu.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:00:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b695fe3-aadc-45f7-ac2b-4416950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:01:23.000Z",
"modified": "2018-08-07T09:01:23.000Z",
"description": "Spoofed Organization: AOL webmail (mail.aol.com)",
"pattern": "[domain-name:value = 'mail-aol.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:01:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696006-2e38-4f9f-a314-480f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:03:23.000Z",
"modified": "2018-08-07T09:03:23.000Z",
"description": "Spoofed Organization: Google Drive (drive.google.com)",
"pattern": "[domain-name:value = 'drlve-gooog1e.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:03:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b69602f-90e8-466d-aa74-4a12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:02:39.000Z",
"modified": "2018-08-07T09:02:39.000Z",
"description": "Spoofed Organization: Microsoft Live (login.live.com)",
"pattern": "[domain-name:value = 'login-live.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:02:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696072-e840-4ab7-8f2b-4eec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:03:46.000Z",
"modified": "2018-08-07T09:03:46.000Z",
"description": "Spoofed Organization: Department of Special Investigations, Ministry of Justice of Thailand (mail.dsi.go.th)",
"pattern": "[domain-name:value = 'mail-dsi-go.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:03:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6960a5-8d20-405e-a193-4e1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:04:37.000Z",
"modified": "2018-08-07T09:04:37.000Z",
"description": "Spoofed Organization: Epoch Times, founded by Chinese-American Falun Gong practitioners (mail.epochtimes.com)",
"pattern": "[domain-name:value = 'mail-epochtimes.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:04:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6960bf-e118-455d-a813-0b55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:05:03.000Z",
"modified": "2018-08-07T09:05:03.000Z",
"description": "Spoofed Organization: Sri Lankan Ministry of Defence (mail.defence.lk)",
"pattern": "[domain-name:value = 'mail-defense.tk' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:05:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6960dc-86ec-4f89-b8dd-4088950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:05:32.000Z",
"modified": "2018-08-07T09:05:32.000Z",
"description": "Spoofed Organization: Official website of His Holiness the Dalai Lama (webmail.dalailama.com)",
"pattern": "[domain-name:value = 'webmail-dalailama.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:05:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6960f7-3ba8-42cc-a2f7-402d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:05:59.000Z",
"modified": "2018-08-07T09:05:59.000Z",
"description": "Spoofed Organization: Youxinpai (Beijing) Information Technology Co., Ltd. (Chinese used car auction site)",
"pattern": "[domain-name:value = 'mail.youxinpai.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696124-92cc-4823-9c30-40ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:06:44.000Z",
"modified": "2018-08-07T09:06:44.000Z",
"description": "Spoofed Organization: Possibly a reference to \u00e2\u20ac\u2039GALVmed\u00e2\u20ac\u2122s\u00e2\u20ac\u2039 \u00e2\u20ac\u0153protecting livestock, saving human life\u00e2\u20ac\u009d mission statement. GALVmed stands for the Global Alliance for Livestock Veterinary Medicines.",
"pattern": "[domain-name:value = 'plshl.com' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b69613b-db30-4ec1-852f-44bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:07:07.000Z",
"modified": "2018-08-07T09:07:07.000Z",
"description": "Spoofed Organization: Webmail login for Myanmar Posts and Telecommunications (webmail.mpt.net.mm)",
"pattern": "[domain-name:value = 'webmail-mpt.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:07:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b696150-9900-466c-8b82-45a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:07:28.000Z",
"modified": "2018-08-07T09:07:28.000Z",
"description": "Spoofed Organization: Likely impersonating a website for exiled Chinese billionaire, Guo Wengui, who has made allegations of corruption against high-ranking individuals in the Communist Party of China.",
"pattern": "[domain-name:value = 'wengiguowengui.space' AND domain-name:resolves_to_refs[*].value = '115.126.39.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:07:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b69642b-02cc-49b3-b97c-44f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:23:49.000Z",
"modified": "2018-08-07T09:23:49.000Z",
"pattern": "[domain-name:value = 'tk.u2xu2.com' AND domain-name:resolves_to_refs[*].value = '27.126.179.159' AND domain-name:resolves_to_refs[*].value = '103.20.193.156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:23:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6965c9-39b4-47c1-9084-46f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:26:33.000Z",
"modified": "2018-08-07T09:26:33.000Z",
"pattern": "[file:hashes.MD5 = '83ffd697edd0089204779f5bfb031023' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T09:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b69670b-b290-44f4-a9fc-42e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:31:55.000Z",
"modified": "2018-08-07T09:31:55.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "13316874955@163.com",
"category": "Attribution",
"uuid": "5b69670b-06c0-434e-a8f5-423b950d210f"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "103.20.193.156",
"category": "Network activity",
"to_ids": true,
"uuid": "5b69670b-6d2c-43e0-940a-47ef950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b6968ac-71ec-4a55-887d-47b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:38:52.000Z",
"modified": "2018-08-07T09:38:52.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "domain",
"object_relation": "domain",
"value": "cqyrxy.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6968ac-d304-45e9-9141-4b83950d210f"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "115.126.39.107",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6968ac-1118-427b-b30b-4a82950d210f"
},
{
"type": "whois-registrant-name",
"object_relation": "registrant-name",
"value": "ren minjie",
"category": "Attribution",
"uuid": "5b6968ad-c7d4-4c30-a301-4b78950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b696957-9e2c-49d6-8bdb-4ffa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:41:43.000Z",
"modified": "2018-08-07T09:41:43.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "6060841@qq.com",
"category": "Attribution",
"uuid": "5b696957-8c18-4cd2-9113-4a5c950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "drive-mail-google.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5b696957-8560-4a7d-a84c-4392950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b69698a-8dd8-4aab-95b3-444e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T09:42:34.000Z",
"modified": "2018-08-07T09:42:34.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "6060841@qq.com",
"category": "Attribution",
"uuid": "5b69698a-8e20-4a08-bb7c-4a5b950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "drive-accounts-gooogle.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5b69698b-20c4-49c4-ba14-4437950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b697015-cc1c-4720-8f44-442a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T10:10:29.000Z",
"modified": "2018-08-07T10:10:29.000Z",
"pattern": "[file:hashes.MD5 = 'c6e336550bd1c087ee2a211781fd9280' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T10:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b697026-b170-41b0-937d-48cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-07T10:10:46.000Z",
"modified": "2018-08-07T10:10:46.000Z",
"pattern": "[file:hashes.MD5 = 'd4ea9027edca1d01c62d9f43a2975d30' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-07T10:10:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8f903648-f534-497c-8096-7eba34dfcdd4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:29.000Z",
"modified": "2018-08-14T12:36:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:06",
"category": "Other",
"uuid": "75b563cb-40ff-4062-bcd1-d850e8b003b2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/",
"category": "External analysis",
"uuid": "471715ec-3776-45f7-8724-492559aa6773"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/68",
"category": "Other",
"uuid": "afa8f64a-5c41-4303-a067-340cee586424"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:30.000Z",
"modified": "2018-08-14T12:36:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:46",
"category": "Other",
"uuid": "ac377751-3114-40cb-81b4-acfaa910e898"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/",
"category": "External analysis",
"uuid": "c2e4a91e-cd71-4894-8da1-b955fcabc837"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/66",
"category": "Other",
"uuid": "06841d51-e4b1-477b-8385-bf774915accc"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e0407f5c-72da-4b58-8ae9-627189b8808d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:31.000Z",
"modified": "2018-08-14T12:36:31.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:29:46",
"category": "Other",
"uuid": "a32635f7-ed70-4cb9-8b8e-99865d2631aa"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533688186/",
"category": "External analysis",
"uuid": "22d24b16-6991-437a-9d86-e487cc42a4e6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/68",
"category": "Other",
"uuid": "c6aac747-6dd5-4712-a7b8-2ed5a0526323"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c696617-e214-4531-a91a-45aee2b893ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:32.000Z",
"modified": "2018-08-14T12:36:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:48:00",
"category": "Other",
"uuid": "4cf28e26-60e2-4d7b-a15f-39b145132431"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533689280/",
"category": "External analysis",
"uuid": "e15793af-bb6d-4a2d-a804-4c95fa23d290"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Other",
"uuid": "90b0702d-0975-4f6a-b449-a80d8493d9d9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b0e324d4-65be-418a-a8f8-735564d00606",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:36.000Z",
"modified": "2018-08-14T12:36:36.000Z",
"pattern": "[file:hashes.MD5 = 'c6e336550bd1c087ee2a211781fd9280' AND file:hashes.SHA1 = 'ebedaa84b473d939ba91e2dff7b47e8c0d5716b2' AND file:hashes.SHA256 = '7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a9c8e203-1200-4950-8f13-6732275ea6ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:35.000Z",
"modified": "2018-08-14T12:36:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:51",
"category": "Other",
"uuid": "778d6594-3b6f-4855-b1de-cf1221a1b205"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14/analysis/1530788091/",
"category": "External analysis",
"uuid": "4530a287-d37f-41e5-8a0e-2f5666455b9a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/67",
"category": "Other",
"uuid": "7b7b3c82-0a1a-4738-a570-ba1bb99065b2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:39.000Z",
"modified": "2018-08-14T12:36:39.000Z",
"pattern": "[file:hashes.MD5 = '1929db297c9d7d88a6427b8603a7145b' AND file:hashes.SHA1 = 'f3ebba32e13b355e301d310cc63fbd799787f6c2' AND file:hashes.SHA256 = 'aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--21992a3f-2d25-4b0d-847d-154ab2829796",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:37.000Z",
"modified": "2018-08-14T12:36:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:25:06",
"category": "Other",
"uuid": "82312aee-19bb-46da-8cf8-9d180b42ae54"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd/analysis/1533687906/",
"category": "External analysis",
"uuid": "89a63c2c-369a-4ebf-8a4d-aef203be5d31"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/60",
"category": "Other",
"uuid": "bef9095d-e1a6-4490-afed-46a607ef4ada"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8b4dbb0e-58a1-4630-be3d-83e95966a6cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:38.000Z",
"modified": "2018-08-14T12:36:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:53:56",
"category": "Other",
"uuid": "777aad28-4b29-4948-95a3-1299b7d2071e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/",
"category": "External analysis",
"uuid": "6f7d201e-e079-4834-a62a-4239770943f4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/67",
"category": "Other",
"uuid": "72c46566-7c5f-412c-83ed-f69f6c0a5ce7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:43.000Z",
"modified": "2018-08-14T12:36:43.000Z",
"pattern": "[file:hashes.MD5 = 'd4ea9027edca1d01c62d9f43a2975d30' AND file:hashes.SHA1 = '0163c73acebe691907f4100321dbbefc95a0da49' AND file:hashes.SHA256 = '8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7771644b-6de2-4a18-bc5f-c30dad0bd508",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:41.000Z",
"modified": "2018-08-14T12:36:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-25T21:34:14",
"category": "Other",
"uuid": "98d5ca3c-7c60-4fde-a810-07b50e3432bd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d/analysis/1532554454/",
"category": "External analysis",
"uuid": "5183e393-9731-466d-9aa0-837301040fd9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/61",
"category": "Other",
"uuid": "dc6a8dd9-5875-4eea-9ff1-a01509cc81ef"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--304084df-e41e-4456-88e4-353baeb7d839",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:45.000Z",
"modified": "2018-08-14T12:36:45.000Z",
"pattern": "[file:hashes.MD5 = '83ffd697edd0089204779f5bfb031023' AND file:hashes.SHA1 = 'c2862a30d486297a005915421f75703ae9b35223' AND file:hashes.SHA256 = '9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T12:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--40e4d320-c62e-4322-ae15-b20e3369832d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:43.000Z",
"modified": "2018-08-14T12:36:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-23T12:02:40",
"category": "Other",
"uuid": "33d0f34d-43c8-4cb4-9b8a-689c381d498d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907/analysis/1532347360/",
"category": "External analysis",
"uuid": "dcf618e1-7785-4bec-92e0-c53e9a9554b3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/68",
"category": "Other",
"uuid": "aebf6ce8-ce50-465c-a45f-128529204545"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--589e9254-4f90-490a-bc8c-fdea36be01b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:44.000Z",
"modified": "2018-08-14T12:36:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:21",
"category": "Other",
"uuid": "bf1f3939-4ec3-4333-a357-2fea7066bcbb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/",
"category": "External analysis",
"uuid": "026a9339-6f67-4387-9edf-194aea014a88"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "9aa50299-3e3e-4f06-bba1-c9a42b6b1289"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--71e73500-e019-4027-8696-5f48e8e0fd38",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:45.000Z",
"modified": "2018-08-14T12:36:45.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:46:50",
"category": "Other",
"uuid": "daa79b42-ca0d-4e2b-ab63-11a84ee71104"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533689210/",
"category": "External analysis",
"uuid": "cb2216af-140c-4ca2-8286-8c27cd5055c8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "56/67",
"category": "Other",
"uuid": "3f2ba997-79c0-4973-90f8-280d414805f1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7e3abe32-cfe8-485f-a22b-7e2989d16ffa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:46.000Z",
"modified": "2018-08-14T12:36:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:52:12",
"category": "Other",
"uuid": "a4c73e44-0dac-4016-a40c-6c422ce1041b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533689532/",
"category": "External analysis",
"uuid": "05f75ddc-2a93-4453-a9af-d3d9e6b8139a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/67",
"category": "Other",
"uuid": "551d7e5c-1f9b-4c34-85f6-8bd7bc16df9c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6c1f2aee-af3d-4af0-a272-8aef0d5da562",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:47.000Z",
"modified": "2018-08-14T12:36:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-03T00:10:07",
"category": "Other",
"uuid": "deffbcff-7552-4ba9-a3de-2c2d42dd124e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1533255007/",
"category": "External analysis",
"uuid": "903ad04e-95ce-4294-a54d-619a30d55c09"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/67",
"category": "Other",
"uuid": "451dbe9e-271c-4fd7-9f0e-fd0f5312e2c7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:48.000Z",
"modified": "2018-08-14T12:36:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:51:25",
"category": "Other",
"uuid": "54d361e2-c296-49da-a4be-a50848f24982"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533689485/",
"category": "External analysis",
"uuid": "c2563df5-adf7-421b-87c9-cfdd9a5cd842"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "c45c27d0-e143-4d53-b466-6baf239f345d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bf7d4471-6524-4cdd-821d-63b550a8d3c7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:49.000Z",
"modified": "2018-08-14T12:36:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-08T00:32:51",
"category": "Other",
"uuid": "60642d41-e70f-4883-a8de-19c025106808"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533688371/",
"category": "External analysis",
"uuid": "f19c2bd6-eb00-43ee-9aa5-9b9986ecce34"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/60",
"category": "Other",
"uuid": "60267fd9-e404-424b-8019-da9bc7560f51"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b5a9119a-4fae-4d63-8679-c0fcbe967f1c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:50.000Z",
"modified": "2018-08-14T12:36:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:53:51",
"category": "Other",
"uuid": "aa3de294-1dc1-41bd-b1f4-370ca5bf2fd6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/",
"category": "External analysis",
"uuid": "7f22d474-a70c-470a-9ac9-c8631ca9848f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/66",
"category": "Other",
"uuid": "39546021-dba9-455b-bc52-7c06b92d3707"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3ed9a824-86f6-44c8-addb-00ba19e4b915",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-14T12:36:51.000Z",
"modified": "2018-08-14T12:36:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-05T10:54:11",
"category": "Other",
"uuid": "03c95ebb-bf6d-424e-8f1d-bdd3efeaab83"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/",
"category": "External analysis",
"uuid": "6630d978-a6e1-4ea1-be98-527448caba04"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/67",
"category": "Other",
"uuid": "8484bea3-c438-41ff-a461-458d1b85d880"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b605736-14d8-416e-beb0-4c30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T12:33:58.000Z",
"modified": "2018-07-31T12:33:58.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = '3697a1f9150de181026ce089c10657c3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'wordx86.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T06:40:50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T12:33:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b605b02-8624-40ab-99a1-4f5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T12:50:10.000Z",
"modified": "2018-07-31T12:50:10.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'audiox86.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T06:40:50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6165b7-2d18-4189-bffe-4096950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T09:44:51.000Z",
"modified": "2018-08-01T09:44:51.000Z",
"description": "PE32 executable (DLL) (console) Intel 80386, for MS Windows",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = 'bc902a5e56cbbaa82f4af26cf9f4567e' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'nethelpx86.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T03:18:30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T09:44:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6182d4-67b8-4785-ba0e-4d23950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T09:52:20.000Z",
"modified": "2018-08-01T09:52:20.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = 'bc902a5e56cbbaa82f4af26cf9f4567e' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'nethelp.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T03:18:30' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T09:52:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b618916-06bc-4a4b-971e-49dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T10:19:02.000Z",
"modified": "2018-08-01T10:19:02.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = 'bc902a5e56cbbaa82f4af26cf9f4567e' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'audiox86.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-06-11T03:18:30' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T10:19:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61a522-1fe8-431f-8471-4467950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T12:18:42.000Z",
"modified": "2018-08-01T12:18:42.000Z",
"description": "PE32+ executable (DLL) (console) x86-64, for MS Windows",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = '9098d75f516f191276ef1836aecc30d4' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'nethelp.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2017-07-06T02:14:08' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Client.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T12:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b61bc26-8bb0-4860-8e09-4e88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-01T13:56:54.000Z",
"modified": "2018-08-01T13:56:54.000Z",
"description": "PE32 executable (GUI) Intel 80386, for MS Windows",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = '17030637d18335c7267d09ec0ebc637c' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'winlogon.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2018-01-07T23:13:23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-01T13:56:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62cb45-8260-4632-b14e-4a07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T09:13:41.000Z",
"modified": "2018-08-02T09:13:41.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = 'f34d5f2d4577ed6d9ceec516c1f5a744' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'serverdo.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2018-03-06T01:16:01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T09:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1071c15b-8c4b-4728-bfc7-ea5b9510b47f",
"created": "2018-07-31T14:57:38.000Z",
"modified": "2018-07-31T14:57:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b605571-86c8-4306-806d-495f950d210f",
"target_ref": "x-misp-object--af9cbff4-9e65-4a79-a1ec-e88133cdfb98"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c13a1d6a-5e6b-4d2c-a297-0138f3bbe802",
"created": "2018-08-02T10:03:29.000Z",
"modified": "2018-08-02T10:03:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b605571-86c8-4306-806d-495f950d210f",
"target_ref": "x-misp-object--ab089f9c-349f-46f0-a2b2-ecfb3da24370"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1e835fa7-6e2e-45f2-94bd-037b2f979e70",
"created": "2018-08-07T12:42:17.000Z",
"modified": "2018-08-07T12:42:17.000Z",
"relationship_type": "derived-from",
"source_ref": "indicator--5b605571-86c8-4306-806d-495f950d210f",
"target_ref": "indicator--5b605736-14d8-416e-beb0-4c30950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f4c3f495-c730-4582-b7fe-4bc250d0bbbe",
"created": "2018-08-14T12:36:52.000Z",
"modified": "2018-08-14T12:36:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b605571-86c8-4306-806d-495f950d210f",
"target_ref": "x-misp-object--6c1f2aee-af3d-4af0-a272-8aef0d5da562"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0e72c303-4b33-43b1-8d66-8956b14c7780",
"created": "2018-08-02T10:03:29.000Z",
"modified": "2018-08-02T10:03:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b6063f0-5f28-4309-9719-4bf1950d210f",
"target_ref": "x-misp-object--c0793ff5-50a6-4817-8df9-8c28ab90f3d1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d6b7512b-9e03-4503-9cda-abe14e1f848a",
"created": "2018-07-31T14:57:39.000Z",
"modified": "2018-07-31T14:57:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--951dbf05-efee-46a0-b2aa-89e5c6d0c898",
"target_ref": "x-misp-object--4d6cc362-fb2b-4576-919d-8d66294873be"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3e68d24e-4ca7-485f-a340-2fa4d4f78e2b",
"created": "2018-08-02T10:03:29.000Z",
"modified": "2018-08-02T10:03:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61631b-a13c-4dc0-b949-4342950d210f",
"target_ref": "x-misp-object--2e9f7a81-d071-4fa8-bb22-eae520f03d51"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fb09e0c6-2900-4327-8ab3-de756f4509d5",
"created": "2018-08-14T12:36:52.000Z",
"modified": "2018-08-14T12:36:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61631b-a13c-4dc0-b949-4342950d210f",
"target_ref": "x-misp-object--3ed9a824-86f6-44c8-addb-00ba19e4b915"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a87c5fb2-af89-401b-b0ec-5dfc1bb2dbe7",
"created": "2018-08-14T12:36:52.000Z",
"modified": "2018-08-14T12:36:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b619c3f-9644-4d94-a4ac-4d40950d210f",
"target_ref": "x-misp-object--280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a9fbbf9c-185f-4ed4-afd0-5aee9bc7df7c",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b619eb3-4dac-4efa-b562-43ab950d210f",
"target_ref": "x-misp-object--8f903648-f534-497c-8096-7eba34dfcdd4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bab453b1-1e03-4a61-8dd4-ebe41de2905c",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61a1be-f9ec-428a-aede-468e950d210f",
"target_ref": "x-misp-object--90f35bd9-30a9-467b-9f6e-7ed7648b7119"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--010a43fb-7fa8-412f-b17d-59d84b98e2c6",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61a1be-f9ec-428a-aede-468e950d210f",
"target_ref": "x-misp-object--b5a9119a-4fae-4d63-8679-c0fcbe967f1c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8f1967e6-0bdb-4c4a-96b1-c65816aa9411",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f",
"target_ref": "x-misp-object--db693d26-2826-4534-9718-84cf465571bc"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7f42056c-f75e-4034-8564-df7782078297",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61b7e1-e898-4c28-af5b-4a86950d210f",
"target_ref": "x-misp-object--bf7d4471-6524-4cdd-821d-63b550a8d3c7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8f9d8a82-50e3-4bce-b387-adf4998698d4",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61b964-b078-4a41-9a1e-48e3950d210f",
"target_ref": "x-misp-object--7e3abe32-cfe8-485f-a22b-7e2989d16ffa"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aefac089-c20c-4330-96db-f29ac5715439",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"target_ref": "x-misp-object--bc18676c-a419-4493-882b-dbffc94fae97"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7d70b0eb-a76a-4023-9b75-110023be7ff3",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"target_ref": "x-misp-object--4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d5097e7-9b37-4c2e-a85b-bca5bd557ab3",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b62c621-9d58-40e1-9105-4272950d210f",
"target_ref": "x-misp-object--5c696617-e214-4531-a91a-45aee2b893ed"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9c04cf51-ff35-4414-80c5-e44483bafade",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b62c650-8358-49b9-9064-4ce8950d210f",
"target_ref": "x-misp-object--e0407f5c-72da-4b58-8ae9-627189b8808d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c49b059b-86ee-4b44-a628-6cfa81d143ff",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b62cb24-ebc0-4131-aa65-425b950d210f",
"target_ref": "x-misp-object--4c400be1-7bc4-4c3e-ad25-0c0056e9a6da"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14deb0f7-1d63-49c5-9ee0-97993089a720",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0",
"target_ref": "x-misp-object--a51ea5b5-2181-4905-bda3-b2b1698c7c27"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--909ef439-c2cf-46a4-91a7-fce833300d05",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d2ec20b7-d689-47e6-9228-01a281f3ad02",
"target_ref": "x-misp-object--100f1a8d-1bc3-4000-92fe-bce0b793b222"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--df44c2ce-5a6c-4033-910f-547df75f010e",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5510fbf8-41c8-4a11-bcf0-42aa4303742e",
"target_ref": "x-misp-object--578b25b7-97b8-4d39-8537-323e64ffc399"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--43700251-5d8d-4cad-bfcc-e3199ba4cdd6",
"created": "2018-08-02T10:03:30.000Z",
"modified": "2018-08-02T10:03:30.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--db3a215c-d9b8-4d91-952a-af20cfe86d4a",
"target_ref": "x-misp-object--bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d955b31a-37bb-49ea-b59c-98fd31b4eaaf",
"created": "2018-08-02T10:03:31.000Z",
"modified": "2018-08-02T10:03:31.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3ec440df-26e1-4883-94d8-cf5a44d48bbd",
"target_ref": "x-misp-object--c4f40e78-f5a3-449f-b8e0-bcb250e3da27"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b002c9b3-96ae-4b27-90a5-aa3aa6eacc31",
"created": "2018-08-02T10:03:31.000Z",
"modified": "2018-08-02T10:03:31.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--03b1be01-e7f1-41d2-bbeb-8c965ddd63d5",
"target_ref": "x-misp-object--62a6d635-11fb-43df-b01e-c38b5a08489f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fb5756e4-b12c-43d3-a176-11d4b514c0dc",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b67fc1a-9a38-404f-adcb-4b3a950d210f",
"target_ref": "x-misp-object--589e9254-4f90-490a-bc8c-fdea36be01b3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a0ac6845-2bd5-45c1-952e-9163f7e42748",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b67fc62-4c2c-4fd6-b2a3-410e950d210f",
"target_ref": "x-misp-object--8b4dbb0e-58a1-4630-be3d-83e95966a6cf"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--edc5adaf-83ac-4a31-964f-d63c36ec2d82",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5b6957dc-9424-494b-964a-49ed950d210f",
"target_ref": "x-misp-object--71e73500-e019-4027-8696-5f48e8e0fd38"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8ab5eee6-0db7-4ba5-8b00-4d85c227216a",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b0e324d4-65be-418a-a8f8-735564d00606",
"target_ref": "x-misp-object--a9c8e203-1200-4950-8f13-6732275ea6ad"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e6c6414f-c0dd-4bd9-981d-8a7f40c423c5",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8",
"target_ref": "x-misp-object--21992a3f-2d25-4b0d-847d-154ab2829796"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7c1c02df-1334-4e2b-a439-2448d31654f4",
"created": "2018-08-14T12:36:53.000Z",
"modified": "2018-08-14T12:36:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f",
"target_ref": "x-misp-object--7771644b-6de2-4a18-bc5f-c30dad0bd508"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2e90d79c-1b32-4a9b-80e8-2807a53ea525",
"created": "2018-08-14T12:36:54.000Z",
"modified": "2018-08-14T12:36:54.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--304084df-e41e-4456-88e4-353baeb7d839",
"target_ref": "x-misp-object--40e4d320-c62e-4322-ae15-b20e3369832d"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink