adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a3b6be0-1924-4671-8829-d895950d210f.json

4347 lines
No EOL
187 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5a3b6be0-1924-4671-8829-d895950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T03:01:01.000Z",
"modified": "2017-12-22T03:01:01.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a3b6be0-1924-4671-8829-d895950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T03:01:01.000Z",
"modified": "2017-12-22T03:01:01.000Z",
"name": "OSINT - North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group",
"published": "2017-12-28T13:37:05Z",
"object_refs": [
"observed-data--5a3b6d7d-f078-4a39-a907-d89c950d210f",
"url--5a3b6d7d-f078-4a39-a907-d89c950d210f",
"observed-data--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f",
"url--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f",
"indicator--5a3b6e62-ce88-4719-8e60-4768950d210f",
"indicator--5a3b6e62-102c-477c-8786-40b8950d210f",
"indicator--5a3b6e62-9f68-400a-a279-4c1c950d210f",
"indicator--5a3b6e62-c5fc-47b1-ac3a-4939950d210f",
"indicator--5a3b6e62-3b0c-4dfb-8a92-4920950d210f",
"indicator--5a3b6e62-84f8-45b2-8ce3-4cfa950d210f",
"indicator--5a3b6e62-aa2c-45b3-ab64-4852950d210f",
"indicator--5a3b6e62-b95c-48de-a86f-40d3950d210f",
"indicator--5a3b6e63-c8b0-46af-8b48-435d950d210f",
"indicator--5a3b6ef1-1190-4a1f-b820-41e6950d210f",
"indicator--5a3b6ef1-38d4-4c1e-aa75-40aa950d210f",
"indicator--5a3b6ef1-0614-40e6-b027-44a4950d210f",
"indicator--5a3b7017-6038-4a51-aa3d-4155950d210f",
"indicator--5a3b7017-0d8c-4ceb-a36d-4e5c950d210f",
"indicator--5a3b705d-b038-42db-8077-48d2950d210f",
"indicator--5a3b705d-feb0-48aa-8aa9-43b0950d210f",
"indicator--5a3b705d-d3dc-4e70-9962-4366950d210f",
"indicator--5a3b705d-cba0-44f4-95e7-401f950d210f",
"indicator--5a3b705d-536c-4957-b446-49cc950d210f",
"indicator--5a3b705d-4ee4-4fc2-be34-4175950d210f",
"indicator--5a3b705d-f974-4f08-a635-4a22950d210f",
"indicator--5a3b705d-ec48-4de3-916a-4ed7950d210f",
"indicator--5a3b705d-1bb0-45e3-9392-44c7950d210f",
"indicator--5a3b705d-2674-42df-acfe-44f9950d210f",
"indicator--5a3b7225-3578-4cc8-9805-4eaa950d210f",
"indicator--5a3b7225-6db0-41a5-980c-452e950d210f",
"indicator--5a3b7252-a444-404d-8f58-d89a950d210f",
"indicator--5a3b7252-0bd0-4158-a789-d89a950d210f",
"indicator--5a3b7252-2954-4669-b2af-d89a950d210f",
"indicator--5a3b7252-ed2c-4cd7-9f37-d89a950d210f",
"indicator--5a3b743b-55e8-4e64-a5c8-4a82950d210f",
"indicator--5a3b743b-cbcc-41e3-9a05-4217950d210f",
"indicator--5a3b743b-3c9c-4600-a3e8-4871950d210f",
"indicator--5a3b743b-0104-4f3b-a337-4744950d210f",
"indicator--5a3b743b-312c-4091-bc28-4408950d210f",
"indicator--5a3b743b-0550-4eb6-b378-4b26950d210f",
"indicator--5a3b743b-7ea8-444e-b7da-41b0950d210f",
"indicator--5a3b74a3-e1f0-4a5d-8e55-47a7950d210f",
"indicator--5a3b74a3-fd30-42dc-aaeb-4f6c950d210f",
"indicator--5a3b74a3-5ae4-4707-a8d3-4406950d210f",
"indicator--5a3b74a3-8634-4291-83b4-4384950d210f",
"indicator--5a3b74a3-bc10-4329-8905-4240950d210f",
"indicator--5a3b74a3-d248-477e-894a-44fb950d210f",
"indicator--5a3b74a3-aeb0-4f70-977c-48fe950d210f",
"indicator--5a3b74a3-dd20-4a97-b5b5-4f28950d210f",
"indicator--5a3b775a-2584-41ea-a2fe-40ac950d210f",
"indicator--5a3b775a-38f4-4a8f-9baf-42d4950d210f",
"indicator--5a3b775a-3798-4861-9fdb-4685950d210f",
"indicator--5a3b775a-8868-491f-a074-41b4950d210f",
"indicator--5a3b77fa-96cc-4e05-939c-4b90950d210f",
"indicator--5a3b77fa-ba64-412b-873a-4ef0950d210f",
"indicator--5a3b77fa-8e24-4966-ab98-40cf950d210f",
"indicator--5a3b7813-ca8c-414b-8d85-4a56950d210f",
"indicator--5a3b7813-9918-42db-986a-4523950d210f",
"indicator--5a3b7813-814c-4ca4-92d3-4f59950d210f",
"indicator--5a3b7813-5540-4536-b2c0-4e56950d210f",
"indicator--5a3b7813-9dc0-44ba-8081-4b2b950d210f",
"indicator--5a3b7813-6e54-4dc6-ba00-43b3950d210f",
"indicator--5a3b7813-6e2c-41c4-9107-4aca950d210f",
"indicator--5a3b7813-d160-4a5b-88ae-459f950d210f",
"indicator--5a3b7813-7a80-412c-8f49-4188950d210f",
"indicator--5a3b7866-992c-4c27-b1bd-4a22950d210f",
"indicator--5a3b7866-f09c-405e-9b03-4498950d210f",
"indicator--5a3b7866-c288-492e-9fbd-4f30950d210f",
"indicator--5a3b7866-05c4-46dc-9a1c-4a00950d210f",
"indicator--5a3b7866-1d3c-4c6c-9341-4964950d210f",
"indicator--5a3b7866-1b50-4b5c-9cdb-499c950d210f",
"indicator--5a3b7866-f014-4528-b170-45bd950d210f",
"indicator--5a3b7883-d7f4-489a-9bf1-4586950d210f",
"indicator--5a3b7883-7a50-4c6f-9ed8-4fa4950d210f",
"indicator--5a3b78c5-cc40-4c48-a9d5-468b950d210f",
"indicator--5a3b78c5-8710-4016-bd90-48e6950d210f",
"indicator--5a3b78c5-42dc-48ed-bd98-4d49950d210f",
"indicator--5a3b78c5-6718-43c8-93b1-44b0950d210f",
"indicator--5a3b78c5-5728-45aa-ae7e-49d4950d210f",
"indicator--5a3b78c5-3c7c-45c1-96af-4d68950d210f",
"indicator--5a3b78c5-1ca0-4ad0-8150-40b4950d210f",
"indicator--5a3b78c5-ae1c-44e3-8cda-4e69950d210f",
"indicator--5a3b78c5-7494-4a75-b733-4906950d210f",
"x-misp-object--5a3b6d4c-b11c-45f6-b5e3-d89b950d210f",
"indicator--88c0c9e5-6f55-4434-86f5-57ccf1ab779e",
"x-misp-object--551d26ea-0d49-4a3d-8b80-61f1c2d46b4c",
"indicator--e831a382-f6bf-43db-b38c-421df1ea3875",
"x-misp-object--ef5cfba8-a647-4887-8626-5b716d830d90",
"indicator--4b8c3132-e355-4ee4-91c9-e06a69a36da1",
"x-misp-object--b1b7f438-e55c-4b57-b42d-503d60b57d4f",
"indicator--1f87943e-6f0e-4b12-87b5-3116a0f725c0",
"x-misp-object--789535f0-ec61-4de1-9988-165ac6c1ba5c",
"indicator--cb269eaa-70e8-4564-b7f8-902352959fe6",
"x-misp-object--9296c8a4-2d34-48e4-af42-15e57470eb84",
"indicator--1bae070e-81ad-4cfb-a316-00f6dd358a7d",
"x-misp-object--4117fdf6-6c7c-4e4c-b695-d2b7214b42f4",
"indicator--08352cd7-5beb-4bdf-b9df-3ae69f4f3084",
"x-misp-object--7151d2df-fc05-4f72-8afe-b5c9db8e893e",
"indicator--fa7170ec-f0f6-4900-922c-fce4d2eef064",
"x-misp-object--27d3ea8e-4cae-4f1a-96c8-fcf4a788439f",
"indicator--37b63b78-21dd-47c0-9d23-3630e7cf8646",
"x-misp-object--e69882c0-3bc4-47cc-a0bb-c0656d6b9d56",
"indicator--c126b790-4339-4aae-ae09-8907102e1a25",
"x-misp-object--2b6f8da3-f975-46ce-b203-b6a2f7db28ff",
"indicator--4abea3bf-4859-444d-9735-ef6c73e34c7f",
"x-misp-object--b3041cbd-a853-482a-af11-4b0b34855339",
"indicator--1c816f49-c77c-4c10-8f5a-c738b2f91fd2",
"x-misp-object--a15c3c61-18d5-4e2c-a4e6-f783b2dbb325",
"indicator--179729f6-02e1-4594-b57f-f7db7e366b4b",
"x-misp-object--6271f662-ebe5-449b-a28c-21625cb04c44",
"indicator--0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea",
"x-misp-object--75f57830-e3b2-4daf-bd31-5b69941c370d",
"indicator--3529ee04-a201-4e52-a164-1e5c4a096897",
"x-misp-object--24b51380-5e74-4cc3-9d40-a9bf23181402",
"indicator--685f8167-ca1f-4f25-8ba4-cdf2aa6dae57",
"x-misp-object--c1983f91-67eb-48b3-a8dc-df000704bef3",
"indicator--4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36",
"x-misp-object--42454a41-4382-4b9b-bfb4-41c779793cd0",
"indicator--a6e3a25b-f46a-4ed8-b0ac-d15d4772c156",
"x-misp-object--e26a7bae-50f5-4b9f-a908-c09d124b96d5",
"indicator--7d9cca50-8758-408a-8b14-ed4a9a4d430c",
"x-misp-object--ab3d3480-cd31-477a-b4ea-86c6b2c6b49e",
"indicator--6eb3baa6-0a6b-49d7-bedd-38b80630776a",
"x-misp-object--95dea47f-9eef-42d6-96c9-ac3d27d67d27",
"indicator--4923113d-bb45-4277-8e0f-4bcfd995292d",
"x-misp-object--b9d97deb-ca5d-4825-b6ff-084898e27f88",
"indicator--499ec873-7210-418a-ac7a-9c473e7cee8f",
"x-misp-object--dbff892b-e51d-4ce6-ba0b-e0bbdc82c787",
"indicator--1a66fd87-8b0c-4eae-b17e-c03d830646ea",
"x-misp-object--3fc5fed1-7742-4f62-86d7-18a0b15c6b67",
"indicator--12376fcf-03df-4dd3-b86d-f205b2cd0333",
"x-misp-object--c798e259-325d-43d9-b3c5-080f027612e0",
"indicator--05d3637e-62f6-4c54-b66a-3eac1319941a",
"x-misp-object--4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8",
"indicator--5ea86c44-3d9c-471f-a447-cc02b208592c",
"x-misp-object--d098ecd3-4e1e-4602-92b9-45f53956eead",
"indicator--95eca2e7-7290-4557-8b1c-72a9e7b68da4",
"x-misp-object--a4526f04-cb6e-4349-ab34-5587cf9dbf19",
"indicator--b593d6b3-0289-4c29-8448-2bb4d2de9d5e",
"x-misp-object--2c9f7b5e-b7c1-45ee-bb59-facc1784a78f",
"indicator--5dc053d0-4cc0-4b36-b940-2552b8c9ec30",
"x-misp-object--50c5355f-02d7-4b0b-8116-332325c74894",
"relationship--9ffe7be0-d845-41be-a0df-d3ef018c562b",
"relationship--6dcc9545-014b-4bf1-9947-dffefa026491",
"relationship--6bc0929d-dac9-41f6-8f66-b332dbb2e9d6",
"relationship--e1c2de67-0640-4411-907e-07c0897f039a",
"relationship--898cc0d1-a0dd-40df-8bdb-7fded587081f",
"relationship--80512ccf-7811-45a6-ab09-2d75e9fabbc9",
"relationship--c3f8ead3-8e50-4f4a-96d5-470e244f4ea8",
"relationship--83a6f36a-7ecd-4f10-8626-9634c549e11e",
"relationship--dcca4554-bf0c-4acc-afd1-29a20b55e92d",
"relationship--70222358-5813-415e-bb92-6e5e35c5c88e",
"relationship--27d38351-6bd7-4576-9599-31d3525242dc",
"relationship--16cca7ab-554c-4b0b-bcde-e0a84c1c39dc",
"relationship--fe4bb91d-53a7-4eca-b9cc-ce6c3c9f8b53",
"relationship--417f5f9b-bcdc-4589-99eb-a66ccc5fc75a",
"relationship--004e5f84-1a8e-446e-b645-3d9a51ed060f",
"relationship--5b081329-2b02-4781-9d6d-b4db5830b91c",
"relationship--ea0acb51-4f44-4a8b-9428-1ec695db05cc",
"relationship--1967f853-1c13-463d-b7a1-91fb66a04308",
"relationship--33f9c5e7-7a31-42eb-a3f9-d13443aa933a",
"relationship--59ff81d0-a359-47a6-9714-4a25f148ec43",
"relationship--434c656b-281a-4ec1-9da6-8c48f4396e1b",
"relationship--04b6914b-cb81-4259-8cd0-b5b835c45f54",
"relationship--225a807f-90fc-45da-a1fd-e292d3479383",
"relationship--b6ebc3c1-6008-4157-8fba-6251dcc383d4",
"relationship--c3acf850-3597-4161-8163-252343f075d3",
"relationship--be8c4840-ab18-458b-9303-9fd0b11e5391",
"relationship--431c16e4-8396-493e-b637-b53e78467502",
"relationship--1f0f30a3-eec5-4610-ae55-c45d5562c7ad",
"relationship--1366db60-1525-4a08-acc2-4f8ae2a0cd5c"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:rat=\"Gh0st RAT\"",
"misp-galaxy:tool=\"Gh0st Rat\"",
"misp-galaxy:tool=\"gh0st\"",
"misp-galaxy:threat-actor=\"Lazarus Group\"",
"osint:source-type=\"blog-post\"",
"osint:source-type=\"technical-report\"",
"misp-galaxy:tool=\"PowerRatankba\"",
"misp-galaxy:tool=\"PowerSpritz\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3b6d7d-f078-4a39-a907-d89c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"first_observed": "2017-12-21T10:31:03Z",
"last_observed": "2017-12-21T10:31:03Z",
"number_observed": 1,
"object_refs": [
"url--5a3b6d7d-f078-4a39-a907-d89c950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a3b6d7d-f078-4a39-a907-d89c950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"first_observed": "2017-12-21T10:31:03Z",
"last_observed": "2017-12-21T10:31:03Z",
"number_observed": 1,
"object_refs": [
"url--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f",
"value": "https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-ce88-4719-8e60-4768950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://skype.2.vu/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-102c-477c-8786-40b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://skype.2.vu/k']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-9f68-400a-a279-4c1c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://skypeupdate.2.vu/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-c5fc-47b1-ac3a-4939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://telegramupdate.2.vu/5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-3b0c-4dfb-8a92-4920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'https://doc-00-64-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/39cbphg8k5qve4q5rr6nonee1bueiu8o/1499428800000/13030420262846080952/*/0B63J1WTZC49hX1JnZUo4Y1pnRG8?e=download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-84f8-45b2-8ce3-4cfa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'https://drive.google.com/uc?export=download&id=0B63J1WTZC49hdDR0clR3cFpITVE']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-aa2c-45b3-ab64-4852950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://201.211.183.215:8080/update.php?t=Skype&r=update']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e62-b95c-48de-a86f-40d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://122.248.34.23/lndex.php?t=SkypeSetup&r=mail_new']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6e63-c8b0-46af-8b48-435d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz ITW URL",
"pattern": "[url:value = 'http://122.248.34.23/lndex.php?t=Telegram&r=1.1.9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6ef1-1190-4a1f-b820-41e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:21:05.000Z",
"modified": "2017-12-21T08:21:05.000Z",
"description": "PowerSpritz",
"pattern": "[file:hashes.SHA256 = 'cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:21:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6ef1-38d4-4c1e-aa75-40aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:21:05.000Z",
"modified": "2017-12-21T08:21:05.000Z",
"description": "PowerSpritz",
"pattern": "[file:hashes.SHA256 = '9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:21:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b6ef1-0614-40e6-b027-44a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:21:05.000Z",
"modified": "2017-12-21T08:21:05.000Z",
"description": "PowerSpritz",
"pattern": "[file:hashes.SHA256 = '5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:21:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7017-6038-4a51-aa3d-4155950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "PowerSpritz C&C",
"pattern": "[url:value = 'http://dogecoin.deaftone.com:8080/mainls.cs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7017-0d8c-4ceb-a36d-4e5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PowerSpritz C&C",
"pattern": "[url:value = 'http://macintosh.linkpc.net:8080/mainls.cs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-b038-42db-8077-48d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-feb0-48aa-8aa9-43b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = 'd5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-d3dc-4e70-9962-4366950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-cba0-44f4-95e7-401f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-536c-4957-b446-49cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-4ee4-4fc2-be34-4175950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-f974-4f08-a635-4a22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-ec48-4de3-916a-4ed7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-1bb0-45e3-9392-44c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b705d-2674-42df-acfe-44f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:27:09.000Z",
"modified": "2017-12-21T08:27:09.000Z",
"description": "Microsoft Compiled HTML Help (CHM)",
"pattern": "[file:hashes.SHA256 = '030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7225-3578-4cc8-9805-4eaa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Microsoft Compiled HTML Help (CHM) C&C",
"pattern": "[url:value = 'http://92.222.106.229/theme.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7225-6db0-41a5-980c-452e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Microsoft Compiled HTML Help (CHM) C&C",
"pattern": "[url:value = 'http://www.businesshop.net/hide.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7252-a444-404d-8f58-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:35:30.000Z",
"modified": "2017-12-21T08:35:30.000Z",
"description": "MS Shortcut Link (LNK)",
"pattern": "[file:hashes.SHA256 = 'beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7252-0bd0-4158-a789-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:35:30.000Z",
"modified": "2017-12-21T08:35:30.000Z",
"description": "MS Shortcut Link (LNK)",
"pattern": "[file:hashes.SHA256 = '8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7252-2954-4669-b2af-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "MS Shortcut Link (LNK) C&C",
"pattern": "[url:value = 'http://tinyurl.com/y9jbk8cg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7252-ed2c-4cd7-9f37-d89a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "MS Shortcut Link (LNK) C&C",
"pattern": "[url:value = 'http://201.211.183.215:8080/pdfviewer.php?o=0&t=report&m=0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-55e8-4e64-a5c8-4a82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = 'e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-cbcc-41e3-9a05-4217950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = '7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-3c9c-4600-a3e8-4871950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = '100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-0104-4f3b-a337-4744950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = '8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-312c-4091-bc28-4408950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = '97c6c69405ed721a64c158f18ab4386e3ade19841b0dea3dcce6b521faf3a660']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-0550-4eb6-b378-4b26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = '41ee2947356b26e4d8aca826ae392be932cd8800476840713e9b6c630972604f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b743b-7ea8-444e-b7da-41b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:43:39.000Z",
"modified": "2017-12-21T08:43:39.000Z",
"description": "JavaScript",
"pattern": "[file:hashes.SHA256 = '25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-e1f0-4a5d-8e55-47a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://51.255.219.82/files/download/falconcoin.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-fd30-42dc-aaeb-4f6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://51.255.219.82/theme.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-5ae4-4707-a8d3-4406950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://51.255.219.82/files/download/falconcoin.pdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-8634-4291-83b4-4384950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://apps.got-game.org/images/character.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-bc10-4329-8905-4240950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://apps.got-game.org/files/download/transaction.pdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-d248-477e-894a-44fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://www.energydonate.com/files/download/bithumb.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-aeb0-4f70-977c-48fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://www.energydonate.com/images/character.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b74a3-dd20-4a97-b5b5-4f28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:03.000Z",
"modified": "2017-12-21T10:31:03.000Z",
"description": "JavaScript C&C",
"pattern": "[url:value = 'http://www.energydonate.com/files/download/bithumb.pdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b775a-2584-41ea-a2fe-40ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:56:58.000Z",
"modified": "2017-12-21T08:56:58.000Z",
"description": "MS Office Docs",
"pattern": "[file:hashes.SHA256 = 'b3235a703026b2077ccfa20b3dabd82d65c6b5645f7f15e7bbad1ce8173c7960']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b775a-38f4-4a8f-9baf-42d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:56:58.000Z",
"modified": "2017-12-21T08:56:58.000Z",
"description": "MS Office Docs",
"pattern": "[file:hashes.SHA256 = 'b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b775a-3798-4861-9fdb-4685950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:56:58.000Z",
"modified": "2017-12-21T08:56:58.000Z",
"description": "MS Office Docs",
"pattern": "[file:hashes.SHA256 = '972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:56:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b775a-8868-491f-a074-41b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "MS Office Docs C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.100.157.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b77fa-96cc-4e05-939c-4b90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:59:38.000Z",
"modified": "2017-12-21T08:59:38.000Z",
"description": "PyInstaller",
"pattern": "[file:hashes.SHA256 = 'b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:59:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b77fa-ba64-412b-873a-4ef0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:59:38.000Z",
"modified": "2017-12-21T08:59:38.000Z",
"description": "PyInstaller",
"pattern": "[file:hashes.SHA256 = 'eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:59:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b77fa-8e24-4966-ab98-40cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:59:38.000Z",
"modified": "2017-12-21T08:59:38.000Z",
"description": "PyInstaller",
"pattern": "[file:hashes.SHA256 = 'eb372423e4dcd4665cc03ffc384ff625ae4afd13f6d0589e4568354be271f86e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T08:59:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-ca8c-414b-8d85-4a56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--bitcin-zxa.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-9918-42db-986a-4523950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--electrm-s2a.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-814c-4ca4-92d3-4f59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--bitcingold-hcb.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-5540-4536-b2c0-4e56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--bitcoigold-o1b.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-9dc0-44ba-8081-4b2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--bitcoingld-lcb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-6e54-4dc6-ba00-43b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--bitcoingld-lcb.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-6e2c-41c4-9107-4aca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--bitcoingod-8yb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-d160-4a5b-88ae-459f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--btcongold-54ad.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7813-7a80-412c-8f49-4188950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller Hosting or Email IDNA",
"pattern": "[domain-name:value = 'xn--btcongold-g5ad.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-992c-4c27-b1bd-4a22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--6fgp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-f09c-405e-9b03-4498950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--bitcingold-jbb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-c288-492e-9fbd-4f30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--bitcingold-t3b.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-05c4-46dc-9a1c-4a00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--bitcoingol-4kb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-1d3c-4c6c-9341-4964950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--bitoingold-1ib.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-1b50-4b5c-9cdb-499c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--btcoingold-v8a.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7866-f014-4528-b170-45bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "Likely Related IDNA",
"pattern": "[domain-name:value = 'xn--bitcoingldwallet-twb.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7883-d7f4-489a-9bf1-4586950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller C&C",
"pattern": "[url:value = 'http://www.btc-gold.us/images/top_bar.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b7883-7a50-4c6f-9ed8-4fa4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:04.000Z",
"modified": "2017-12-21T10:31:04.000Z",
"description": "PyInstaller C&C",
"pattern": "[url:value = 'http://trade.publicvm.com/images/top_bar.gif']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-cc40-4c48-a9d5-468b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = '41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-8710-4016-bd90-48e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = '20f7e342a5f3224cab8f0439e2ba02bb051cd3e1afcd603142a60ac8af9699ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-42dc-48ed-bd98-4d49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = 'db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-6718-43c8-93b1-44b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = '3cd0689b2bae5109caedeb2cf9dd4b3a975ab277fadbbb26065e489565470a5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-5728-45aa-ae7e-49d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = 'b265a5d984c4654ac0b25ddcf8048d0aabc28e36d3e2439d1c08468842857f46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-3c7c-45c1-96af-4d68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = '1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-1ca0-4ad0-8150-40b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = '99ad06cca4910c62e8d6b68801c6122137cf8458083bb58cbc767eebc220180d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-ae1c-44e3-8cda-4e69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = 'f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3b78c5-7494-4a75-b733-4906950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T09:03:01.000Z",
"modified": "2017-12-21T09:03:01.000Z",
"description": "PowerRatankba",
"pattern": "[file:hashes.SHA256 = 'd844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T09:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a3b6d4c-b11c-45f6-b5e3-d89b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T08:14:20.000Z",
"modified": "2017-12-21T08:14:20.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Just published my paper on largely undocumented #LazarusGroup/#DPRK campaigns targeting cryptocurrency individuals/orgs (both big and small). The research covers new implants/tactics not currently covered in the media regarding 'fake jobs' campaigns. (link: https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new) proofpoint.com/us/threat-insi\u00e2\u20ac\u00a6",
"category": "Other",
"uuid": "5a3b6d4c-ce18-4291-b614-d89b950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5a3b6d4d-90c4-489c-9302-d89b950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/darienhuss/status/943300245554958337",
"category": "External analysis",
"to_ids": true,
"uuid": "5a3b6d4d-9cb0-4312-9b63-d89b950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new",
"category": "External analysis",
"to_ids": true,
"uuid": "5a3b6d4d-488c-4acd-9e92-d89b950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "@darienhuss",
"category": "Other",
"uuid": "5a3b6d4d-c010-43e6-af1e-d89b950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2017-12-20T03:01:00",
"category": "Other",
"uuid": "5a3b6d5c-9334-4586-bbf3-d898950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--88c0c9e5-6f55-4434-86f5-57ccf1ab779e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:07.000Z",
"modified": "2017-12-21T10:31:07.000Z",
"pattern": "[file:hashes.MD5 = 'd2a565e6c31ee18380c410e8cc4abbb0' AND file:hashes.SHA1 = '2ef42ad9c43fc58c48de409414568c27b904fd79' AND file:hashes.SHA256 = '8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--551d26ea-0d49-4a3d-8b80-61f1c2d46b4c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:05.000Z",
"modified": "2017-12-21T10:31:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c/analysis/1513817274/",
"category": "External analysis",
"comment": "MS Shortcut Link (LNK)",
"uuid": "5a3b8d69-51a4-489c-89d2-45bc02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/58",
"category": "Other",
"comment": "MS Shortcut Link (LNK)",
"uuid": "5a3b8d69-db68-412e-a182-49dd02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:47:54",
"category": "Other",
"comment": "MS Shortcut Link (LNK)",
"uuid": "5a3b8d69-43cc-44f0-adfe-47f802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e831a382-f6bf-43db-b38c-421df1ea3875",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:08.000Z",
"modified": "2017-12-21T10:31:08.000Z",
"pattern": "[file:hashes.MD5 = 'a3487b13cbda458bf91c7e802a1ea4f5' AND file:hashes.SHA1 = 'de201a51f96af1405f58ec02b7802088ecae6a2d' AND file:hashes.SHA256 = '030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ef5cfba8-a647-4887-8626-5b716d830d90",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:05.000Z",
"modified": "2017-12-21T10:31:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863/analysis/1513799414/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6a-d570-4c24-a644-4ea302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "7/60",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6a-d444-4801-a69e-407802de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:14",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6a-ec4c-4cd8-8150-4d9302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4b8c3132-e355-4ee4-91c9-e06a69a36da1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:09.000Z",
"modified": "2017-12-21T10:31:09.000Z",
"pattern": "[file:hashes.MD5 = '6431f46fd8353cb30cd573fc887d8aa8' AND file:hashes.SHA1 = '5d796909d5da1f6f86cfe37962cc9c69d76836c5' AND file:hashes.SHA256 = 'beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b1b7f438-e55c-4b57-b42d-503d60b57d4f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:06.000Z",
"modified": "2017-12-21T10:31:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe/analysis/1513838639/",
"category": "External analysis",
"comment": "MS Shortcut Link (LNK)",
"uuid": "5a3b8d6a-21a8-4ce7-a915-433f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/60",
"category": "Other",
"comment": "MS Shortcut Link (LNK)",
"uuid": "5a3b8d6a-54d4-46b0-aa20-4ed702de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:43:59",
"category": "Other",
"comment": "MS Shortcut Link (LNK)",
"uuid": "5a3b8d6a-c26c-4bf2-999f-48f502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f87943e-6f0e-4b12-87b5-3116a0f725c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:09.000Z",
"modified": "2017-12-21T10:31:09.000Z",
"pattern": "[file:hashes.MD5 = '7a27da13bbdfc34118a30ecd83a75614' AND file:hashes.SHA1 = '53b079072c81f7c879ea1f808c18dcd6134afc5c' AND file:hashes.SHA256 = '01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--789535f0-ec61-4de1-9988-165ac6c1ba5c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:06.000Z",
"modified": "2017-12-21T10:31:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49/analysis/1513817106/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6b-1590-40bb-a85d-44f502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/58",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6b-7afc-4547-8c18-44a402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:45:06",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6b-b87c-462f-b376-488002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb269eaa-70e8-4564-b7f8-902352959fe6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:10.000Z",
"modified": "2017-12-21T10:31:10.000Z",
"pattern": "[file:hashes.MD5 = '4ed7389843781268f9dbf8d222be52ba' AND file:hashes.SHA1 = '8fe0adbc9024c6fa8872bfe30d71e780ca2e21a4' AND file:hashes.SHA256 = '85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9296c8a4-2d34-48e4-af42-15e57470eb84",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:07.000Z",
"modified": "2017-12-21T10:31:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51/analysis/1513817183/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6b-7040-4974-82f5-4cdc02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/59",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6b-a9d0-47fe-ba6e-4e2e02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:46:23",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6b-4520-4710-a59e-47ec02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1bae070e-81ad-4cfb-a316-00f6dd358a7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:10.000Z",
"modified": "2017-12-21T10:31:10.000Z",
"pattern": "[file:hashes.MD5 = '980272269926a187ec4fe17ec9505a5f' AND file:hashes.SHA1 = '2abfd795397a343596c9f95ecb721250f80eda61' AND file:hashes.SHA256 = '25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4117fdf6-6c7c-4e4c-b695-d2b7214b42f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:08.000Z",
"modified": "2017-12-21T10:31:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66/analysis/1513799416/",
"category": "External analysis",
"comment": "JavaScript",
"uuid": "5a3b8d6c-6a0c-4316-b58f-4c5302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "11/60",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d6c-2d54-4a48-8945-4fa402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:16",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d6c-2790-4efd-ae32-4ef502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08352cd7-5beb-4bdf-b9df-3ae69f4f3084",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:11.000Z",
"modified": "2017-12-21T10:31:11.000Z",
"pattern": "[file:hashes.MD5 = 'd253d65adf4285fa5004cd96e647a11f' AND file:hashes.SHA1 = '1983b60d923b01fcb14ba813532b2f41f2d6c2fe' AND file:hashes.SHA256 = '972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7151d2df-fc05-4f72-8afe-b5c9db8e893e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:08.000Z",
"modified": "2017-12-21T10:31:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee/analysis/1513818403/",
"category": "External analysis",
"comment": "MS Office Docs",
"uuid": "5a3b8d6d-ed08-4dcb-a63f-427302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/59",
"category": "Other",
"comment": "MS Office Docs",
"uuid": "5a3b8d6d-9964-40b2-ad0f-49c402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T01:06:43",
"category": "Other",
"comment": "MS Office Docs",
"uuid": "5a3b8d6d-8bd0-44b1-801c-4cb402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa7170ec-f0f6-4900-922c-fce4d2eef064",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"pattern": "[file:hashes.MD5 = 'ddabaa2740f590ac964996fd4b691880' AND file:hashes.SHA1 = 'be2e900c64cd985cde9e8515fb4e5b5d70c853f0' AND file:hashes.SHA256 = '6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--27d3ea8e-4cae-4f1a-96c8-fcf4a788439f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:09.000Z",
"modified": "2017-12-21T10:31:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d/analysis/1513838568/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-b944-42a1-a2dc-421402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/58",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-9c08-402b-a774-492d02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:42:48",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-51ac-4ac0-a07c-4eb602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--37b63b78-21dd-47c0-9d23-3630e7cf8646",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"pattern": "[file:hashes.MD5 = '2dfebcb60dfa706e2a9c6e73709ebff5' AND file:hashes.SHA1 = 'd9476b3018be277da1aa2b03543166a1a8d1ff03' AND file:hashes.SHA256 = 'eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e69882c0-3bc4-47cc-a0bb-c0656d6b9d56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:10.000Z",
"modified": "2017-12-21T10:31:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1/analysis/1513817527/",
"category": "External analysis",
"comment": "PyInstaller",
"uuid": "5a3b8d6e-6c80-4b21-b06d-4fea02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/67",
"category": "Other",
"comment": "PyInstaller",
"uuid": "5a3b8d6e-f208-4343-8b16-4e0e02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:52:07",
"category": "Other",
"comment": "PyInstaller",
"uuid": "5a3b8d6e-b7ec-4657-9534-422a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c126b790-4339-4aae-ae09-8907102e1a25",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"pattern": "[file:hashes.MD5 = '239aaff9c0c7b0317df0d0c409780d11' AND file:hashes.SHA1 = '2e344cb889843233ff54e95dd0c5956489d07b7d' AND file:hashes.SHA256 = 'e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2b6f8da3-f975-46ce-b203-b6a2f7db28ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:10.000Z",
"modified": "2017-12-21T10:31:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d/analysis/1513838712/",
"category": "External analysis",
"comment": "JavaScript",
"uuid": "5a3b8d6e-4490-4dc7-aba8-4b3f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "13/60",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d6e-45e8-4092-81fb-47ec02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:45:12",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d6e-7044-4462-82ac-4c3b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4abea3bf-4859-444d-9735-ef6c73e34c7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"pattern": "[file:hashes.MD5 = 'e3fc2fbc512b90c54d81989cf42bb885' AND file:hashes.SHA1 = '46a1d019c1069a8da16224ba6e964d929f42f204' AND file:hashes.SHA256 = '6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b3041cbd-a853-482a-af11-4b0b34855339",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:10.000Z",
"modified": "2017-12-21T10:31:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984/analysis/1513799413/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-5b08-4536-9383-406602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-06dc-40b3-a095-430002de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:13",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-b828-4f2b-967d-406902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c816f49-c77c-4c10-8f5a-c738b2f91fd2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"pattern": "[file:hashes.MD5 = '9e36b094d9769025699804f10c9a6523' AND file:hashes.SHA1 = '88554b0b8066cb059f9fc06d2620d84737251a29' AND file:hashes.SHA256 = 'd5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a15c3c61-18d5-4e2c-a4e6-f783b2dbb325",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:10.000Z",
"modified": "2017-12-21T10:31:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48/analysis/1513838389/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-ea9c-4bfb-b455-4ce102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/58",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-51d4-49fd-90c6-4f9102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:39:49",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6e-5724-489a-b982-418e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--179729f6-02e1-4594-b57f-f7db7e366b4b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"pattern": "[file:hashes.MD5 = 'b82f3e54bb97d4f92dc7c777f2e765ab' AND file:hashes.SHA1 = 'cc90c650a08de597b12620627dd89cc83741a889' AND file:hashes.SHA256 = '5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6271f662-ebe5-449b-a28c-21625cb04c44",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:11.000Z",
"modified": "2017-12-21T10:31:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07/analysis/1513817159/",
"category": "External analysis",
"comment": "PowerSpritz",
"uuid": "5a3b8d6f-7efc-47e1-be51-4cbc02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/67",
"category": "Other",
"comment": "PowerSpritz",
"uuid": "5a3b8d6f-2e30-4086-a21b-4f7f02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:45:59",
"category": "Other",
"comment": "PowerSpritz",
"uuid": "5a3b8d6f-5c18-4049-adc0-4f3502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"pattern": "[file:hashes.MD5 = 'dc688e6ddd3a1298dd372ec7d0ccb1fb' AND file:hashes.SHA1 = '8fd089df71a5f48098dc41886631ea6604f108e9' AND file:hashes.SHA256 = '9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--75f57830-e3b2-4daf-bd31-5b69941c370d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:11.000Z",
"modified": "2017-12-21T10:31:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5/analysis/1513817043/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6f-0184-44c0-826a-4d4202de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/59",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6f-3270-4051-bd93-4f5702de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:44:03",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d6f-07d0-4732-bb27-404d02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3529ee04-a201-4e52-a164-1e5c4a096897",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"pattern": "[file:hashes.MD5 = '6c360e9a6f933bf172591a81881ca79b' AND file:hashes.SHA1 = 'd851ff7b371d15bf03a670e45ec5df327406ab45' AND file:hashes.SHA256 = 'f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--24b51380-5e74-4cc3-9d40-a9bf23181402",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:11.000Z",
"modified": "2017-12-21T10:31:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b/analysis/1513799419/",
"category": "External analysis",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-6bb4-4ed4-b0db-447202de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-4e5c-4ba9-a6bc-41e902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:19",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-22f4-49de-b3a4-4fa202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--685f8167-ca1f-4f25-8ba4-cdf2aa6dae57",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"pattern": "[file:hashes.MD5 = 'ed2cace34381b6bbeb98af31e73e7904' AND file:hashes.SHA1 = '9cc396887f57d1d266644cbefed48f33880fb218' AND file:hashes.SHA256 = 'db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c1983f91-67eb-48b3-a8dc-df000704bef3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:11.000Z",
"modified": "2017-12-21T10:31:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471/analysis/1513799418/",
"category": "External analysis",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-4c64-4ff9-8527-482d02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/60",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-f958-4988-a7fb-449202de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:18",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-86e4-4884-96da-434202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"pattern": "[file:hashes.MD5 = '5d06ff8f43f631cd2a71a565dd10b7a5' AND file:hashes.SHA1 = '97936a1225622bf61f916c629882aab19ff1f1a6' AND file:hashes.SHA256 = 'd844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--42454a41-4382-4b9b-bfb4-41c779793cd0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:11.000Z",
"modified": "2017-12-21T10:31:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a/analysis/1513799419/",
"category": "External analysis",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-1174-4c32-aa95-45ba02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-ce28-432d-8ddf-4cda02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:19",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d6f-cdcc-4677-83af-44bc02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a6e3a25b-f46a-4ed8-b0ac-d15d4772c156",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"pattern": "[file:hashes.MD5 = 'cba175498af45dca6970aeee83a6d9f4' AND file:hashes.SHA1 = '3d34eb23728f443e930885e89485cfc78cc34e07' AND file:hashes.SHA256 = '41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e26a7bae-50f5-4b9f-a908-c09d124b96d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b/analysis/1513817542/",
"category": "External analysis",
"comment": "PowerRatankba",
"uuid": "5a3b8d70-0120-4008-a176-46a002de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/59",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d70-8ce4-4780-a75e-487102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:52:22",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d70-ec8c-4775-8013-4ea402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d9cca50-8758-408a-8b14-ed4a9a4d430c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:15.000Z",
"modified": "2017-12-21T10:31:15.000Z",
"pattern": "[file:hashes.MD5 = 'f3dd79ffb45d226dd029da7c61192e26' AND file:hashes.SHA1 = '537cf4311fb66b3740c0a1dc9ba073132d9e0d04' AND file:hashes.SHA256 = 'b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ab3d3480-cd31-477a-b4ea-86c6b2c6b49e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e/analysis/1513817428/",
"category": "External analysis",
"comment": "PyInstaller",
"uuid": "5a3b8d70-ce14-4855-b70d-4cf502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/66",
"category": "Other",
"comment": "PyInstaller",
"uuid": "5a3b8d70-fb58-45a6-9234-456702de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T00:50:28",
"category": "Other",
"comment": "PyInstaller",
"uuid": "5a3b8d70-1858-4553-a6f7-468802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6eb3baa6-0a6b-49d7-bedd-38b80630776a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:15.000Z",
"modified": "2017-12-21T10:31:15.000Z",
"pattern": "[file:hashes.MD5 = '985d627f638bbd89ba48676625ec9073' AND file:hashes.SHA1 = 'e57713866a28487098d6b735a55468a1570d00a1' AND file:hashes.SHA256 = '4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--95dea47f-9eef-42d6-96c9-ac3d27d67d27",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212/analysis/1513838441/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d70-e83c-4834-9b37-4cf302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/59",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d70-ce40-435e-a877-433e02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:40:41",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d70-ebf0-4628-a2e6-4cef02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4923113d-bb45-4277-8e0f-4bcfd995292d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:15.000Z",
"modified": "2017-12-21T10:31:15.000Z",
"pattern": "[file:hashes.MD5 = 'ad99fd5711dbec2520f62385a595ee3b' AND file:hashes.SHA1 = '0d64b1157efb689f75a0c92d475e960ecd139304' AND file:hashes.SHA256 = 'cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9d97deb-ca5d-4825-b6ff-084898e27f88",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411/analysis/1513838218/",
"category": "External analysis",
"comment": "PowerSpritz",
"uuid": "5a3b8d70-a6a0-4633-a1cd-46cf02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "11/67",
"category": "Other",
"comment": "PowerSpritz",
"uuid": "5a3b8d70-7d90-40d0-8f35-4c0902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:36:58",
"category": "Other",
"comment": "PowerSpritz",
"uuid": "5a3b8d70-b308-4584-8dee-436302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--499ec873-7210-418a-ac7a-9c473e7cee8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:15.000Z",
"modified": "2017-12-21T10:31:15.000Z",
"pattern": "[file:hashes.MD5 = 'ec264b9c938355f1a7d1dc97c73fa9a6' AND file:hashes.SHA1 = '234600a43a957672b8145ea6566f9613a1906899' AND file:hashes.SHA256 = '1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dbff892b-e51d-4ce6-ba0b-e0bbdc82c787",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666/analysis/1513799418/",
"category": "External analysis",
"comment": "PowerRatankba",
"uuid": "5a3b8d70-2010-4867-bece-42a102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d70-8248-4966-9e4c-462302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:18",
"category": "Other",
"comment": "PowerRatankba",
"uuid": "5a3b8d70-f2e0-425c-8ee3-477402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1a66fd87-8b0c-4eae-b17e-c03d830646ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:15.000Z",
"modified": "2017-12-21T10:31:15.000Z",
"pattern": "[file:hashes.MD5 = '43f7512685e72de1e8c0201ee4e189a7' AND file:hashes.SHA1 = '6ab10bd838f9b060f2380caafdea5ff09080f536' AND file:hashes.SHA256 = '81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3fc5fed1-7742-4f62-86d7-18a0b15c6b67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:12.000Z",
"modified": "2017-12-21T10:31:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf/analysis/1513838347/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d71-e804-44c4-b574-417302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/60",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d71-dd6c-416c-aef4-43ee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:39:07",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d71-d52c-4c0c-b61c-46e202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12376fcf-03df-4dd3-b86d-f205b2cd0333",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:16.000Z",
"modified": "2017-12-21T10:31:16.000Z",
"pattern": "[file:hashes.MD5 = '0518ca7a8bd6d93bbafc6022669d5459' AND file:hashes.SHA1 = '4a084d8245706683d4e4cd5797a2a9f35fa89749' AND file:hashes.SHA256 = '9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c798e259-325d-43d9-b3c5-080f027612e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453/analysis/1513838282/",
"category": "External analysis",
"comment": "PowerSpritz",
"uuid": "5a3b8d71-f348-471f-8ceb-4c0602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/67",
"category": "Other",
"comment": "PowerSpritz",
"uuid": "5a3b8d71-3090-496d-bf48-452402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:38:02",
"category": "Other",
"comment": "PowerSpritz",
"uuid": "5a3b8d71-9ccc-4e71-8385-47d602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--05d3637e-62f6-4c54-b66a-3eac1319941a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:16.000Z",
"modified": "2017-12-21T10:31:16.000Z",
"pattern": "[file:hashes.MD5 = '23cbc415d94b1841a8a737295dc651ce' AND file:hashes.SHA1 = '50420970d17af649affaee6be801968aa4c01e46' AND file:hashes.SHA256 = '8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3/analysis/1513776239/",
"category": "External analysis",
"comment": "JavaScript",
"uuid": "5a3b8d71-7164-42ea-a052-437502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/59",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d71-d878-4b50-92d5-426202de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T13:23:59",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d71-1c64-41fb-8817-43d702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea86c44-3d9c-471f-a447-cc02b208592c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:16.000Z",
"modified": "2017-12-21T10:31:16.000Z",
"pattern": "[file:hashes.MD5 = '01118e4cd8adec69c84e0311ec677971' AND file:hashes.SHA1 = 'a07dc261645c7b3ff5f37f5ae7ee0b629ab8f109' AND file:hashes.SHA256 = '7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d098ecd3-4e1e-4602-92b9-45f53956eead",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e/analysis/1513838753/",
"category": "External analysis",
"comment": "JavaScript",
"uuid": "5a3b8d71-4590-4fa4-a7d2-489902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/58",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d71-69b0-41dd-9a3a-4d9f02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:45:53",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d71-78fc-465c-9dba-473302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--95eca2e7-7290-4557-8b1c-72a9e7b68da4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:16.000Z",
"modified": "2017-12-21T10:31:16.000Z",
"pattern": "[file:hashes.MD5 = '9ed66ef9fba9984fe7788eb1ec09d4ba' AND file:hashes.SHA1 = '688183a9b36993c6dcc93d7be7a3e96a364447c9' AND file:hashes.SHA256 = '100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a4526f04-cb6e-4349-ab34-5587cf9dbf19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:13.000Z",
"modified": "2017-12-21T10:31:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7/analysis/1513838920/",
"category": "External analysis",
"comment": "JavaScript",
"uuid": "5a3b8d71-55e8-418d-8a37-446202de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "14/60",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d71-81fc-48ff-b858-477402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:48:40",
"category": "Other",
"comment": "JavaScript",
"uuid": "5a3b8d71-09bc-4555-ad45-441502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b593d6b3-0289-4c29-8448-2bb4d2de9d5e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:16.000Z",
"modified": "2017-12-21T10:31:16.000Z",
"pattern": "[file:hashes.MD5 = '878ececefc811b91361b69ff25290a6e' AND file:hashes.SHA1 = 'fb17a710aa690d939d74a6687ae04787fb6324ca' AND file:hashes.SHA256 = '772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2c9f7b5e-b7c1-45ee-bb59-facc1784a78f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01/analysis/1513799414/",
"category": "External analysis",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d72-8988-43a0-b1c4-488302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d72-cea0-44c3-929e-461602de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-20T19:50:14",
"category": "Other",
"comment": "Microsoft Compiled HTML Help (CHM)",
"uuid": "5a3b8d72-a658-47d9-996e-443602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc053d0-4cc0-4b36-b940-2552b8c9ec30",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:17.000Z",
"modified": "2017-12-21T10:31:17.000Z",
"pattern": "[file:hashes.MD5 = '157074713fc886e3632acc6f040982dd' AND file:hashes.SHA1 = 'ef263466563037c4f358e6467157194eb0752bdf' AND file:hashes.SHA256 = 'b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T10:31:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--50c5355f-02d7-4b0b-8116-332325c74894",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T10:31:14.000Z",
"modified": "2017-12-21T10:31:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d/analysis/1513839053/",
"category": "External analysis",
"comment": "MS Office Docs",
"uuid": "5a3b8d72-f83c-4200-8813-47e402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/61",
"category": "Other",
"comment": "MS Office Docs",
"uuid": "5a3b8d72-1408-4805-b520-48d002de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21T06:50:53",
"category": "Other",
"comment": "MS Office Docs",
"uuid": "5a3b8d72-e134-4dbc-894e-419202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9ffe7be0-d845-41be-a0df-d3ef018c562b",
"created": "2017-12-28T13:37:02.000Z",
"modified": "2017-12-28T13:37:02.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--88c0c9e5-6f55-4434-86f5-57ccf1ab779e",
"target_ref": "x-misp-object--551d26ea-0d49-4a3d-8b80-61f1c2d46b4c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6dcc9545-014b-4bf1-9947-dffefa026491",
"created": "2017-12-28T13:37:02.000Z",
"modified": "2017-12-28T13:37:02.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e831a382-f6bf-43db-b38c-421df1ea3875",
"target_ref": "x-misp-object--ef5cfba8-a647-4887-8626-5b716d830d90"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6bc0929d-dac9-41f6-8f66-b332dbb2e9d6",
"created": "2017-12-28T13:37:02.000Z",
"modified": "2017-12-28T13:37:02.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4b8c3132-e355-4ee4-91c9-e06a69a36da1",
"target_ref": "x-misp-object--b1b7f438-e55c-4b57-b42d-503d60b57d4f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e1c2de67-0640-4411-907e-07c0897f039a",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1f87943e-6f0e-4b12-87b5-3116a0f725c0",
"target_ref": "x-misp-object--789535f0-ec61-4de1-9988-165ac6c1ba5c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--898cc0d1-a0dd-40df-8bdb-7fded587081f",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cb269eaa-70e8-4564-b7f8-902352959fe6",
"target_ref": "x-misp-object--9296c8a4-2d34-48e4-af42-15e57470eb84"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--80512ccf-7811-45a6-ab09-2d75e9fabbc9",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1bae070e-81ad-4cfb-a316-00f6dd358a7d",
"target_ref": "x-misp-object--4117fdf6-6c7c-4e4c-b695-d2b7214b42f4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c3f8ead3-8e50-4f4a-96d5-470e244f4ea8",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--08352cd7-5beb-4bdf-b9df-3ae69f4f3084",
"target_ref": "x-misp-object--7151d2df-fc05-4f72-8afe-b5c9db8e893e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--83a6f36a-7ecd-4f10-8626-9634c549e11e",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fa7170ec-f0f6-4900-922c-fce4d2eef064",
"target_ref": "x-misp-object--27d3ea8e-4cae-4f1a-96c8-fcf4a788439f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dcca4554-bf0c-4acc-afd1-29a20b55e92d",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--37b63b78-21dd-47c0-9d23-3630e7cf8646",
"target_ref": "x-misp-object--e69882c0-3bc4-47cc-a0bb-c0656d6b9d56"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--70222358-5813-415e-bb92-6e5e35c5c88e",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c126b790-4339-4aae-ae09-8907102e1a25",
"target_ref": "x-misp-object--2b6f8da3-f975-46ce-b203-b6a2f7db28ff"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--27d38351-6bd7-4576-9599-31d3525242dc",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4abea3bf-4859-444d-9735-ef6c73e34c7f",
"target_ref": "x-misp-object--b3041cbd-a853-482a-af11-4b0b34855339"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--16cca7ab-554c-4b0b-bcde-e0a84c1c39dc",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1c816f49-c77c-4c10-8f5a-c738b2f91fd2",
"target_ref": "x-misp-object--a15c3c61-18d5-4e2c-a4e6-f783b2dbb325"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fe4bb91d-53a7-4eca-b9cc-ce6c3c9f8b53",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--179729f6-02e1-4594-b57f-f7db7e366b4b",
"target_ref": "x-misp-object--6271f662-ebe5-449b-a28c-21625cb04c44"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--417f5f9b-bcdc-4589-99eb-a66ccc5fc75a",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea",
"target_ref": "x-misp-object--75f57830-e3b2-4daf-bd31-5b69941c370d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--004e5f84-1a8e-446e-b645-3d9a51ed060f",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3529ee04-a201-4e52-a164-1e5c4a096897",
"target_ref": "x-misp-object--24b51380-5e74-4cc3-9d40-a9bf23181402"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5b081329-2b02-4781-9d6d-b4db5830b91c",
"created": "2017-12-28T13:37:03.000Z",
"modified": "2017-12-28T13:37:03.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--685f8167-ca1f-4f25-8ba4-cdf2aa6dae57",
"target_ref": "x-misp-object--c1983f91-67eb-48b3-a8dc-df000704bef3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ea0acb51-4f44-4a8b-9428-1ec695db05cc",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36",
"target_ref": "x-misp-object--42454a41-4382-4b9b-bfb4-41c779793cd0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1967f853-1c13-463d-b7a1-91fb66a04308",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a6e3a25b-f46a-4ed8-b0ac-d15d4772c156",
"target_ref": "x-misp-object--e26a7bae-50f5-4b9f-a908-c09d124b96d5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--33f9c5e7-7a31-42eb-a3f9-d13443aa933a",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7d9cca50-8758-408a-8b14-ed4a9a4d430c",
"target_ref": "x-misp-object--ab3d3480-cd31-477a-b4ea-86c6b2c6b49e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--59ff81d0-a359-47a6-9714-4a25f148ec43",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6eb3baa6-0a6b-49d7-bedd-38b80630776a",
"target_ref": "x-misp-object--95dea47f-9eef-42d6-96c9-ac3d27d67d27"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--434c656b-281a-4ec1-9da6-8c48f4396e1b",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4923113d-bb45-4277-8e0f-4bcfd995292d",
"target_ref": "x-misp-object--b9d97deb-ca5d-4825-b6ff-084898e27f88"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--04b6914b-cb81-4259-8cd0-b5b835c45f54",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--499ec873-7210-418a-ac7a-9c473e7cee8f",
"target_ref": "x-misp-object--dbff892b-e51d-4ce6-ba0b-e0bbdc82c787"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--225a807f-90fc-45da-a1fd-e292d3479383",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1a66fd87-8b0c-4eae-b17e-c03d830646ea",
"target_ref": "x-misp-object--3fc5fed1-7742-4f62-86d7-18a0b15c6b67"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b6ebc3c1-6008-4157-8fba-6251dcc383d4",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--12376fcf-03df-4dd3-b86d-f205b2cd0333",
"target_ref": "x-misp-object--c798e259-325d-43d9-b3c5-080f027612e0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c3acf850-3597-4161-8163-252343f075d3",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--05d3637e-62f6-4c54-b66a-3eac1319941a",
"target_ref": "x-misp-object--4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--be8c4840-ab18-458b-9303-9fd0b11e5391",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5ea86c44-3d9c-471f-a447-cc02b208592c",
"target_ref": "x-misp-object--d098ecd3-4e1e-4602-92b9-45f53956eead"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--431c16e4-8396-493e-b637-b53e78467502",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--95eca2e7-7290-4557-8b1c-72a9e7b68da4",
"target_ref": "x-misp-object--a4526f04-cb6e-4349-ab34-5587cf9dbf19"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1f0f30a3-eec5-4610-ae55-c45d5562c7ad",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b593d6b3-0289-4c29-8448-2bb4d2de9d5e",
"target_ref": "x-misp-object--2c9f7b5e-b7c1-45ee-bb59-facc1784a78f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1366db60-1525-4a08-acc2-4f8ae2a0cd5c",
"created": "2017-12-28T13:37:04.000Z",
"modified": "2017-12-28T13:37:04.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5dc053d0-4cc0-4b36-b940-2552b8c9ec30",
"target_ref": "x-misp-object--50c5355f-02d7-4b0b-8116-332325c74894"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink