misp-circl-feed/feeds/circl/stix-2.1/5bb61071-d0ac-4b8a-8bba-4dc8950d210f.json

1298 lines
No EOL
57 KiB
JSON

{
"type": "bundle",
"id": "bundle--5bb61071-d0ac-4b8a-8bba-4dc8950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:15:09.000Z",
"modified": "2018-10-04T19:15:09.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5bb61071-d0ac-4b8a-8bba-4dc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:15:09.000Z",
"modified": "2018-10-04T19:15:09.000Z",
"name": "OSINT - Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras",
"published": "2018-10-04T19:15:15Z",
"object_refs": [
"observed-data--5bb610da-7840-4316-b213-4905950d210f",
"url--5bb610da-7840-4316-b213-4905950d210f",
"x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f",
"indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f",
"indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f",
"indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f",
"indicator--5bb61740-c0f8-4087-9811-4f8b950d210f",
"indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f",
"indicator--5bb61a04-0544-461d-9635-46d1950d210f",
"indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f",
"indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f",
"indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f",
"indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f",
"indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f",
"indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f",
"indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f",
"indicator--5bb61a0e-500c-4155-825b-452b950d210f",
"indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f",
"indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f",
"indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f",
"indicator--5bb61a10-ab00-4133-8296-4a96950d210f",
"indicator--5bb61a10-469c-473e-ba93-459b950d210f",
"indicator--f309283e-f9b3-4936-9534-ef6866f23c40",
"x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7",
"indicator--12ef2bb3-f2ac-4266-b693-27631eae3930",
"x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5",
"indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
"x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd",
"indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
"x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b",
"indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
"x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7",
"indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435",
"x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa",
"indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0",
"x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96",
"indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
"x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175",
"indicator--ed841816-818e-4245-b6dd-f2309f700681",
"x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d",
"indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8",
"x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b",
"relationship--a5c52440-c673-4ea3-9197-f857290671df",
"relationship--25852dc7-ff6e-484c-bd43-0e585c80e775",
"relationship--020ac727-d3cb-4461-acaf-3b63156aa554",
"relationship--ceba0ecf-2cb8-4ed9-a85c-222dcb2a0fc7",
"relationship--2e2bfe0d-0225-48b8-b22e-4da68f98e393",
"relationship--6c8c60e8-128a-45ce-984a-6124da526d07",
"relationship--0c68b61e-7ff9-4695-a719-df8c0c912746",
"relationship--86453573-7027-43cd-a020-e6ffd78ed156",
"relationship--bf177460-f15a-4e69-859e-d74fcdd58c4a",
"relationship--3515a68c-6d5a-473a-8d35-8e6ff587b1c2"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Botnet\"",
"\tmalware_classification:malware-category=\"Botnet\"",
"misp-galaxy:botnet=\"Persirai\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bb610da-7840-4316-b213-4905950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:11:09.000Z",
"modified": "2018-10-04T13:11:09.000Z",
"first_observed": "2018-10-04T13:11:09Z",
"last_observed": "2018-10-04T13:11:09Z",
"number_observed": 1,
"object_refs": [
"url--5bb610da-7840-4316-b213-4905950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bb610da-7840-4316-b213-4905950d210f",
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:17:07.000Z",
"modified": "2018-10-04T13:17:07.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai\u00e2\u20ac\u201dan open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras\u00e2\u20ac\u201das well as the Hajime botnet.\r\n\r\nWe detected approximately 120,000 IP cameras that are vulnerable to ELF_PERSIRAI.A via Shodan. Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:35:53.000Z",
"modified": "2018-10-04T13:35:53.000Z",
"description": "C&C server",
"pattern": "[domain-name:value = 'load.gtpnet.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:35:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:35:54.000Z",
"modified": "2018-10-04T13:35:54.000Z",
"description": "C&C server",
"pattern": "[domain-name:value = 'ntp.gtpnet.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:35:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:35:59.000Z",
"modified": "2018-10-04T13:35:59.000Z",
"description": "C&C server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.189.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:35:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61740-c0f8-4087-9811-4f8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:36:00.000Z",
"modified": "2018-10-04T13:36:00.000Z",
"description": "C&C server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.85.38.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:36:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:47.000Z",
"modified": "2018-10-04T13:47:47.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a04-0544-461d-9635-46d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:48.000Z",
"modified": "2018-10-04T13:47:48.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:48.000Z",
"modified": "2018-10-04T13:47:48.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:49.000Z",
"modified": "2018-10-04T13:47:49.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:49.000Z",
"modified": "2018-10-04T13:47:49.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:53.000Z",
"modified": "2018-10-04T13:47:53.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:56.000Z",
"modified": "2018-10-04T13:47:56.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:57.000Z",
"modified": "2018-10-04T13:47:57.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:57.000Z",
"modified": "2018-10-04T13:47:57.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0e-500c-4155-825b-452b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:58.000Z",
"modified": "2018-10-04T13:47:58.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:58.000Z",
"modified": "2018-10-04T13:47:58.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'ff5db7bdb4de17a77bd4a552f50f0e5488281cedc934fc3707833f90484ef66c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:59.000Z",
"modified": "2018-10-04T13:47:59.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'ec2c39f1dfb75e7b33daceaeda4dbadb8efd9015a9b7e41d595bb28d2cd0180f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:47:59.000Z",
"modified": "2018-10-04T13:47:59.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'f736948bb4575c10a3175f0078a2b5d36cce1aa4cd635307d03c826e305a7489']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:47:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a10-ab00-4133-8296-4a96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:48:00.000Z",
"modified": "2018-10-04T13:48:00.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = 'e0b5c9f874f260c840766eb23c1f69828545d7820f959c8601c41c024044f02c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:48:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb61a10-469c-473e-ba93-459b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T13:48:00.000Z",
"modified": "2018-10-04T13:48:00.000Z",
"description": "Hash detected as ELF_PERSIRAI.A:",
"pattern": "[file:hashes.SHA256 = '35317971e346e5b2a8401b2e66b9e62e371ce9532f816cb313216c3647973c32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T13:48:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f309283e-f9b3-4936-9534-ef6866f23c40",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:11:58.000Z",
"modified": "2018-10-04T19:11:58.000Z",
"pattern": "[file:hashes.MD5 = '2f6e964b3f63b13831314c28185bb51a' AND file:hashes.SHA1 = 'a63417b889491466c912dfbb6d2a34ad27f2bcfe' AND file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:11:56.000Z",
"modified": "2018-10-04T19:11:56.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T00:29:01",
"category": "Other",
"uuid": "7815ca32-703b-430e-a06f-dfb802b2617c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0/analysis/1538612941/",
"category": "External analysis",
"uuid": "b872dfe2-e6a4-46be-93cb-d2d39c54e961"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/57",
"category": "Other",
"uuid": "b977ae27-2ed8-42ea-af35-31fa7d975feb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:00.000Z",
"modified": "2018-10-04T19:12:00.000Z",
"pattern": "[file:hashes.MD5 = '428111c22627e1d4ee87705251704422' AND file:hashes.SHA1 = 'ccc90bd76af9d4b538aa88715027dd062f7c946d' AND file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:11:59.000Z",
"modified": "2018-10-04T19:11:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T00:35:09",
"category": "Other",
"uuid": "836c2dac-1246-4175-a7ac-ad7a3246570e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc/analysis/1538613309/",
"category": "External analysis",
"uuid": "34afc7f8-f731-4458-bea0-0a620d0b2948"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/59",
"category": "Other",
"uuid": "42f732a2-5783-4fe1-bf28-a299f63a6f65"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:03.000Z",
"modified": "2018-10-04T19:12:03.000Z",
"pattern": "[file:hashes.MD5 = '9584b6aec418a2af4efac24867a8c7ec' AND file:hashes.SHA1 = '22a8faf351768596500dbe6e27c05ad55744da1d' AND file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:01.000Z",
"modified": "2018-10-04T19:12:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-28T00:22:07",
"category": "Other",
"uuid": "28299833-823a-4fae-9d26-936806282829"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb/analysis/1535415727/",
"category": "External analysis",
"uuid": "a8b600ec-a940-4775-8d5a-da5e6fb40637"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/59",
"category": "Other",
"uuid": "6ab72e91-286a-4e59-aed6-7ba109b77661"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:05.000Z",
"modified": "2018-10-04T19:12:05.000Z",
"pattern": "[file:hashes.MD5 = '5ebeff1f005804bb8afef91095aac1d9' AND file:hashes.SHA1 = 'c92e07faaad26b4ac98f9cc0c5a24e60dcb25b8a' AND file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:04.000Z",
"modified": "2018-10-04T19:12:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T00:40:15",
"category": "Other",
"uuid": "8f277ab7-05c6-46f8-909c-f3381f65afbc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b/analysis/1538613615/",
"category": "External analysis",
"uuid": "656ad417-eede-4da8-b924-d1ac777d5cbe"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/59",
"category": "Other",
"uuid": "6b003f1f-e035-40ad-8331-3e79a4f9ed2e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:11.000Z",
"modified": "2018-10-04T19:12:11.000Z",
"pattern": "[file:hashes.MD5 = 'f620fb57352e6f393477a65101a4612e' AND file:hashes.SHA1 = '93515d7442d0240272b8d813b300219c53e88dfd' AND file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:10.000Z",
"modified": "2018-10-04T19:12:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-19T23:46:42",
"category": "Other",
"uuid": "3feaaa6c-1944-4d54-b928-151e02b9ba75"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92/analysis/1534722402/",
"category": "External analysis",
"uuid": "4456021c-dde7-45e4-bb39-a42c628b0d31"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/58",
"category": "Other",
"uuid": "e23bb428-95e6-414a-a60f-e666d298495e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:17.000Z",
"modified": "2018-10-04T19:12:17.000Z",
"pattern": "[file:hashes.MD5 = '912681f6be51afa8c5ab36e691b88e74' AND file:hashes.SHA1 = '227d1aa69da8250ddbf8898863799e59bdfeb516' AND file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:15.000Z",
"modified": "2018-10-04T19:12:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-28T00:21:20",
"category": "Other",
"uuid": "9da3df4d-2a97-4c0f-b9a8-4ee1e3bf41fa"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a/analysis/1535415680/",
"category": "External analysis",
"uuid": "791bd56a-7de3-419e-9984-b3b8f1126ec6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/59",
"category": "Other",
"uuid": "620bf26e-ce72-408a-a9fb-29c061e257be"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:19.000Z",
"modified": "2018-10-04T19:12:19.000Z",
"pattern": "[file:hashes.MD5 = '7e1c3834c38984c34b6fd4c741ae3a21' AND file:hashes.SHA1 = '02b850450fcbcdd6b13f03b2121f124543480d62' AND file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:18.000Z",
"modified": "2018-10-04T19:12:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T00:51:35",
"category": "Other",
"uuid": "50679951-11f3-4163-bca3-c1a71fc25d9f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45/analysis/1538614295/",
"category": "External analysis",
"uuid": "6a957d87-5bf5-4e47-9901-533d3be74a57"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/58",
"category": "Other",
"uuid": "b95271c3-bd73-4a19-ac07-58509fbe8fc6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:22.000Z",
"modified": "2018-10-04T19:12:22.000Z",
"pattern": "[file:hashes.MD5 = 'b2b129d84723d0ba2f803a546c8b19ae' AND file:hashes.SHA1 = '7a0485e52aa09f63d41e471fd736584c06c3dab6' AND file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:20.000Z",
"modified": "2018-10-04T19:12:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-18T19:47:01",
"category": "Other",
"uuid": "a6d21e1e-4762-45a8-8397-1e40b79d6f0a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778/analysis/1537300021/",
"category": "External analysis",
"uuid": "25405b32-6b81-42dc-a247-ebc03f770730"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/58",
"category": "Other",
"uuid": "85bba342-833d-452d-ae52-93ca69be210c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ed841816-818e-4245-b6dd-f2309f700681",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:24.000Z",
"modified": "2018-10-04T19:12:24.000Z",
"pattern": "[file:hashes.MD5 = 'cfb80e0b1e3927ebc1069b8fdc468072' AND file:hashes.SHA1 = '64bd5ba88d7e7104dc1a5586171e83825815362d' AND file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:24.000Z",
"modified": "2018-10-04T19:12:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-01T16:00:37",
"category": "Other",
"uuid": "960ff2ae-bf7a-49c3-ab42-4134855d21d9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a/analysis/1538409637/",
"category": "External analysis",
"uuid": "146485a6-71f5-41d8-800b-4ac4f679f33b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/58",
"category": "Other",
"uuid": "b5bc8306-34a2-4eb6-9dd5-893115f7c124"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"pattern": "[file:hashes.MD5 = '10d899e46e0df86ba6e6a4754de331d9' AND file:hashes.SHA1 = '29aabf21557507699503251e8e19ff77ee61f1bc' AND file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T19:12:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T19:12:26.000Z",
"modified": "2018-10-04T19:12:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T00:21:25",
"category": "Other",
"uuid": "0911b7f8-578a-470b-a17b-1d302ea16696"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61/analysis/1538612485/",
"category": "External analysis",
"uuid": "b3cc844b-5bf3-4cb8-b122-eee753b95a86"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/58",
"category": "Other",
"uuid": "dd676758-854f-4bee-b4b2-4942e2c6efc7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a5c52440-c673-4ea3-9197-f857290671df",
"created": "2018-10-04T19:12:27.000Z",
"modified": "2018-10-04T19:12:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f309283e-f9b3-4936-9534-ef6866f23c40",
"target_ref": "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--25852dc7-ff6e-484c-bd43-0e585c80e775",
"created": "2018-10-04T19:12:27.000Z",
"modified": "2018-10-04T19:12:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930",
"target_ref": "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--020ac727-d3cb-4461-acaf-3b63156aa554",
"created": "2018-10-04T19:12:27.000Z",
"modified": "2018-10-04T19:12:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
"target_ref": "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ceba0ecf-2cb8-4ed9-a85c-222dcb2a0fc7",
"created": "2018-10-04T19:12:27.000Z",
"modified": "2018-10-04T19:12:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
"target_ref": "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2e2bfe0d-0225-48b8-b22e-4da68f98e393",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
"target_ref": "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6c8c60e8-128a-45ce-984a-6124da526d07",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435",
"target_ref": "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0c68b61e-7ff9-4695-a719-df8c0c912746",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0",
"target_ref": "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--86453573-7027-43cd-a020-e6ffd78ed156",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
"target_ref": "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bf177460-f15a-4e69-859e-d74fcdd58c4a",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ed841816-818e-4245-b6dd-f2309f700681",
"target_ref": "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3515a68c-6d5a-473a-8d35-8e6ff587b1c2",
"created": "2018-10-04T19:12:28.000Z",
"modified": "2018-10-04T19:12:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8",
"target_ref": "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}