adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5c481c61-a718-4051-aacf-4f19950d210f.json

1926 lines
No EOL
81 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5c481c61-a718-4051-aacf-4f19950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c481c61-a718-4051-aacf-4f19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"name": "OSINT - DarkHydrus delivers new Trojan that can use Google Drive for C2 communications",
"published": "2019-08-23T09:36:08Z",
"object_refs": [
"x-misp-attribute--5c481e62-1938-485c-8568-4f7a950d210f",
"observed-data--5c481e72-4c40-47cf-97bf-46d6950d210f",
"url--5c481e72-4c40-47cf-97bf-46d6950d210f",
"indicator--5c48316f-f314-4da1-834a-4f6c950d210f",
"indicator--5c483170-9c94-4ebc-9686-4c7e950d210f",
"indicator--5c483170-35e0-4e23-aaf8-4098950d210f",
"indicator--5c483172-aedc-49b2-9bf1-4440950d210f",
"indicator--5c483172-81f8-4d83-a3ee-40fc950d210f",
"indicator--5c483173-587c-452a-93c5-4617950d210f",
"indicator--5c483173-f400-4801-aca2-411d950d210f",
"indicator--5c483174-a6c4-45e1-baa0-44f3950d210f",
"indicator--5c483174-7744-4ebf-9483-405a950d210f",
"indicator--5c483175-aa8c-4bae-b758-477f950d210f",
"indicator--5c48325c-9fe8-4617-b287-4f66950d210f",
"indicator--5c48325d-9d64-4b8d-bf8a-4f27950d210f",
"indicator--5c48325e-9d04-4346-8104-4cc0950d210f",
"indicator--5c48325e-0934-44e0-9ad9-477a950d210f",
"indicator--5c48325f-6798-444c-ad46-47df950d210f",
"indicator--5c48325f-858c-4e35-aacf-4cd3950d210f",
"indicator--5c483260-b464-4eac-ac1e-44b9950d210f",
"indicator--5c483260-1338-48d2-b149-4bdf950d210f",
"indicator--5c483261-6914-4112-a413-4747950d210f",
"indicator--5c483261-e880-47fe-bad3-484e950d210f",
"indicator--5c4835f3-9d18-401f-9251-4f45950d210f",
"indicator--5c4835f5-3844-4367-a71c-49f0950d210f",
"indicator--5c4835f6-13e8-4f1d-9f65-4b9f950d210f",
"indicator--5c4835f7-efb8-4192-b81f-4d0f950d210f",
"indicator--5c4835f9-2e84-4a97-a0ba-4e9d950d210f",
"indicator--5c4835fa-a824-4d63-9d1e-461d950d210f",
"indicator--5c4835fc-6794-4e1d-b444-4864950d210f",
"indicator--5c4835fd-b274-467b-be08-4a1d950d210f",
"indicator--5c4835fe-96bc-48cc-a839-47fb950d210f",
"indicator--5c483600-af84-48d6-88a0-4660950d210f",
"indicator--5c483601-9e10-4856-ac87-4d5b950d210f",
"indicator--5c483602-daa8-49b1-8dea-4474950d210f",
"indicator--5c483604-b4a0-4ec5-a6c7-4b3a950d210f",
"indicator--5c483605-8240-4688-a606-4d49950d210f",
"indicator--5c4845f0-d0d4-4afa-8147-1869950d210f",
"indicator--5c4848ea-3b90-404a-a249-0941950d210f",
"indicator--5c48363f-b894-4693-96e9-4429950d210f",
"indicator--5c483653-dc5c-4ce5-9fb4-457b950d210f",
"indicator--5c48366f-5060-4b4d-a8ee-48df950d210f",
"indicator--5c4838df-1140-4d70-9ed3-4cbd950d210f",
"indicator--5c4838f4-8218-400b-b63e-4de1950d210f",
"indicator--5c483914-2a64-4525-ac9e-454c950d210f",
"indicator--5c4841b1-2610-4eb9-8972-0941950d210f",
"indicator--5c48444e-3888-4e23-8358-0a80950d210f",
"indicator--d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"x-misp-object--5c97ffbd-d966-4fd3-a37b-32ef937013b2",
"indicator--daa1f647-6100-4717-8f02-db83000e128e",
"x-misp-object--b8cf49aa-c9f6-4b8f-836e-14ef60a806d7",
"indicator--eb1071b4-d800-4cde-83f6-7a6035d85171",
"x-misp-object--114f3f73-824d-4ecd-b931-ecfa06cd315b",
"indicator--0c348258-2cce-41e4-bf8f-67555be3f925",
"x-misp-object--64a6d64f-7061-4953-9693-334ea5bea2ec",
"indicator--46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"x-misp-object--a2dbe480-0cac-43dd-808e-b6a735543ea5",
"indicator--7708439c-37ac-4fce-ac9f-36a1a26a84df",
"x-misp-object--eda93bd4-a0f9-40d1-9216-3ea538389e62",
"x-misp-object--2d2efd04-087d-4dec-9b15-0466b3f048e2",
"x-misp-object--97c71d46-4c70-4a75-b908-50bf2d41983d",
"x-misp-object--17aca456-82a1-47f5-9b5f-dcf90c512882",
"x-misp-object--7ff87175-d1e6-4b91-9371-6b3e0da19395",
"x-misp-object--9e0c7cec-9ce2-4efb-a881-9b86cc097610",
"x-misp-object--6a4446ed-949a-42d5-8975-db3f4994de64",
"relationship--dbc5bf49-c77d-4325-a729-fc7266ef1802",
"relationship--3bdc7571-89b1-43c8-bcc2-8409a2589ddb",
"relationship--780c153f-b550-4cf0-b722-04db174e48b8",
"relationship--72a560f0-da87-4a96-b42f-f10f5aad0a79",
"relationship--1d01cc34-6dc8-4d2c-9247-9ad50c08979a",
"relationship--25386b08-6523-4119-b00c-00232461e05a",
"relationship--48cacc72-3d01-4bae-b7d2-916b056e8e4f",
"relationship--08932883-098f-4a6c-b328-8f357fa57b88",
"relationship--759d3ae2-2cf0-4e7a-8881-d3d4096dcf90",
"relationship--2e50cb74-f2c4-44af-8ddd-7fbd20dfa0d1",
"relationship--fe2b017b-f38b-47a4-8a7f-c3a5a5bf0803",
"relationship--eb6d1439-4ee8-441d-989c-b0244d07c8ec"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-intrusion-set=\"DarkHydrus - G0079\"",
"misp-galaxy:threat-actor=\"DarkHydrus\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"ecsirt:malicious-code=\"trojan\"",
"misp-galaxy:malpedia=\"RogueRobin\"",
"misp-galaxy:mitre-malware=\"RogueRobin - S0270\"",
"workflow:todo=\"expansion\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c481e62-1938-485c-8568-4f7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T08:08:04.000Z",
"modified": "2019-01-23T08:08:04.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "In the summer of 2018, Unit 42 released reporting regarding activity in the Middle East surrounding a cluster of activity using similar tactics, tools, and procedures (TTPs) in which we named the adversary group DarkHydrus. This group was observed using tactics such as registering typosquatting domains for security or technology vendors, abusing open-source penetration testing tools, and leveraging novel file types as anti-analysis techniques.\r\n\r\nSince that initial reporting, we had not observed new activity from DarkHydrus until recently, when 360TIC published a tweet and subsequent research discussing delivery documents that appeared to be attributed to DarkHydrus. In the process of analyzing the delivery documents, we were able to collect additional associated samples, uncover additional functionality of the payloads including the use of Google Drive API, and confirm the strong likelihood of attribution to DarkHydrus. We have notified Google of our findings."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c481e72-4c40-47cf-97bf-46d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T08:08:03.000Z",
"modified": "2019-01-23T08:08:03.000Z",
"first_observed": "2019-01-23T08:08:03Z",
"last_observed": "2019-01-23T08:08:03Z",
"number_observed": 1,
"object_refs": [
"url--5c481e72-4c40-47cf-97bf-46d6950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c481e72-4c40-47cf-97bf-46d6950d210f",
"value": "https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48316f-f314-4da1-834a-4f6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:39.000Z",
"modified": "2019-01-23T09:18:39.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'iecvlist-microsoft.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483170-9c94-4ebc-9686-4c7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:40.000Z",
"modified": "2019-01-23T09:18:40.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'data-microsoft.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483170-35e0-4e23-aaf8-4098950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:40.000Z",
"modified": "2019-01-23T09:18:40.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'asimov-win-microsoft.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483172-aedc-49b2-9bf1-4440950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:42.000Z",
"modified": "2019-01-23T09:18:42.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'onecs-live.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483172-81f8-4d83-a3ee-40fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:42.000Z",
"modified": "2019-01-23T09:18:42.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'akamaiedge.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483173-587c-452a-93c5-4617950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:43.000Z",
"modified": "2019-01-23T09:18:43.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'phicdn.world']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483173-f400-4801-aca2-411d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:43.000Z",
"modified": "2019-01-23T09:18:43.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'azureedge.today']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483174-a6c4-45e1-baa0-44f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:44.000Z",
"modified": "2019-01-23T09:18:44.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'nsatc.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483174-7744-4ebf-9483-405a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:44.000Z",
"modified": "2019-01-23T09:18:44.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 'akamai.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483175-aa8c-4bae-b758-477f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:18:45.000Z",
"modified": "2019-01-23T09:18:45.000Z",
"description": "Related Domains",
"pattern": "[domain-name:value = 't-msedge.world']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:18:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48325c-9fe8-4617-b287-4f66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:36.000Z",
"modified": "2019-01-23T09:22:36.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'tvs1.trafficmanager.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48325d-9d64-4b8d-bf8a-4f27950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:37.000Z",
"modified": "2019-01-23T09:22:37.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'tvs2.trafficmanager.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48325e-9d04-4346-8104-4cc0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:38.000Z",
"modified": "2019-01-23T09:22:38.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'tbs1.microsoftonline.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48325e-0934-44e0-9ad9-477a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:38.000Z",
"modified": "2019-01-23T09:22:38.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'tbs2.microsoftonline.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48325f-6798-444c-ad46-47df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:39.000Z",
"modified": "2019-01-23T09:22:39.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'brit.ns.cloudfronts.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48325f-858c-4e35-aacf-4cd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:39.000Z",
"modified": "2019-01-23T09:22:39.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'dns.cloudfronts.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483260-b464-4eac-ac1e-44b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:40.000Z",
"modified": "2019-01-23T09:22:40.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'ns2.akadns.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483260-1338-48d2-b149-4bdf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:40.000Z",
"modified": "2019-01-23T09:22:40.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'britns.akadns.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483261-6914-4112-a413-4747950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:41.000Z",
"modified": "2019-01-23T09:22:41.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'britns.akadns.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483261-e880-47fe-bad3-484e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:22:41.000Z",
"modified": "2019-01-23T09:22:41.000Z",
"description": "Nameservers",
"pattern": "[domain-name:value = 'ns2.akadns.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:22:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835f3-9d18-401f-9251-4f45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:37:55.000Z",
"modified": "2019-01-23T09:37:55.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'akdns.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835f5-3844-4367-a71c-49f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:37:57.000Z",
"modified": "2019-01-23T09:37:57.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'akamaiedge.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835f6-13e8-4f1d-9f65-4b9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:37:58.000Z",
"modified": "2019-01-23T09:37:58.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'edgekey.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835f7-efb8-4192-b81f-4d0f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:37:59.000Z",
"modified": "2019-01-23T09:37:59.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'akamaized.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835f9-2e84-4a97-a0ba-4e9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:01.000Z",
"modified": "2019-01-23T09:38:01.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = '0ffice365.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835fa-a824-4d63-9d1e-461d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:02.000Z",
"modified": "2019-01-23T09:38:02.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = '0nedrive.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835fc-6794-4e1d-b444-4864950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:04.000Z",
"modified": "2019-01-23T09:38:04.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'corewindows.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835fd-b274-467b-be08-4a1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:05.000Z",
"modified": "2019-01-23T09:38:05.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'microsoftonline.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4835fe-96bc-48cc-a839-47fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:06.000Z",
"modified": "2019-01-23T09:38:06.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'onedrive.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483600-af84-48d6-88a0-4660950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:08.000Z",
"modified": "2019-01-23T09:38:08.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'sharepoint.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483601-9e10-4856-ac87-4d5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:09.000Z",
"modified": "2019-01-23T09:38:09.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'skydrive.agency']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483602-daa8-49b1-8dea-4474950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:10.000Z",
"modified": "2019-01-23T09:38:10.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = '0ffice365.life']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483604-b4a0-4ec5-a6c7-4b3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:12.000Z",
"modified": "2019-01-23T09:38:12.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = '0ffice365.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483605-8240-4688-a606-4d49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:38:13.000Z",
"modified": "2019-01-23T09:38:13.000Z",
"description": "RogueRobin C2s",
"pattern": "[domain-name:value = 'skydrive.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4845f0-d0d4-4afa-8147-1869950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T10:46:08.000Z",
"modified": "2019-01-23T10:46:08.000Z",
"pattern": "[domain-name:value = '676f6f646c75636b.gogle.co']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T10:46:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4848ea-3b90-404a-a249-0941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T10:58:50.000Z",
"modified": "2019-01-23T10:58:50.000Z",
"pattern": "[url:value = 'tbs1/tbs2.microsoftonline.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T10:58:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48363f-b894-4693-96e9-4429950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:39:11.000Z",
"modified": "2019-01-23T09:39:11.000Z",
"description": "RogueRobin",
"pattern": "[file:hashes.SHA256 = 'eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:39:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483653-dc5c-4ce5-9fb4-457b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:39:31.000Z",
"modified": "2019-01-23T09:39:31.000Z",
"description": "RogueRobin",
"pattern": "[file:hashes.SHA256 = 'f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:39:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48366f-5060-4b4d-a8ee-48df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:39:59.000Z",
"modified": "2019-01-23T09:39:59.000Z",
"description": "RogueRobin",
"pattern": "[file:hashes.SHA256 = '5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:39:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4838df-1140-4d70-9ed3-4cbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:50:23.000Z",
"modified": "2019-01-23T09:50:23.000Z",
"description": "Delivery Document",
"pattern": "[file:hashes.SHA256 = '513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4838f4-8218-400b-b63e-4de1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:50:44.000Z",
"modified": "2019-01-23T09:50:44.000Z",
"description": "Delivery Document",
"pattern": "[file:hashes.SHA256 = 'e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:50:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c483914-2a64-4525-ac9e-454c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T09:51:16.000Z",
"modified": "2019-01-23T09:51:16.000Z",
"description": "Delivery Document",
"pattern": "[file:hashes.SHA256 = '4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T09:51:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4841b1-2610-4eb9-8972-0941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T10:28:01.000Z",
"modified": "2019-01-23T10:28:01.000Z",
"pattern": "[file:name = '12-B-366.txt' AND file:parent_directory_ref.path = '\\\\%TEMP\\\\%' AND file:x_misp_state = 'Malicious' AND file:x_misp_fullpath = '\\\\%TEMP\\\\%\\\\12-B-366.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T10:28:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c48444e-3888-4e23-8358-0a80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-23T10:39:10.000Z",
"modified": "2019-01-23T10:39:10.000Z",
"pattern": "[file:name = 'WindowsTemplate.exe' AND file:parent_directory_ref.path = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\Windows\\\\Templates\\\\' AND file:x_misp_state = 'Malicious' AND file:x_misp_fullpath = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\Windows\\\\Templates\\\\WindowsTemplate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-23T10:39:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:04.000Z",
"modified": "2019-08-23T09:36:04.000Z",
"pattern": "[file:hashes.MD5 = '8dc9f5450402ae799f5f8afd5c0a8352' AND file:hashes.SHA1 = '58ea259ea8231175140f03993d57b91b67465bf0' AND file:hashes.SHA256 = 'e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-08-23T09:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c97ffbd-d966-4fd3-a37b-32ef937013b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:23:09.000Z",
"modified": "2019-07-19T09:23:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T13:49:58",
"category": "Other",
"uuid": "cc65fe50-4173-4c03-bd6f-c38d960f8f84"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022/analysis/1553694598/",
"category": "Payload delivery",
"uuid": "bd3e1921-525a-4355-8079-580e19772ebc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/62",
"category": "Payload delivery",
"uuid": "d2c8ac9a-094d-4b87-b546-ff424b2d88c2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--daa1f647-6100-4717-8f02-db83000e128e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:04.000Z",
"modified": "2019-08-23T09:36:04.000Z",
"pattern": "[file:hashes.MD5 = '5c3f96ade0ea67eef9d25161c64e6f3e' AND file:hashes.SHA1 = '524f2c9f62703027b1ebbf1fc16a4a7506d6ff20' AND file:hashes.SHA256 = '513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-08-23T09:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b8cf49aa-c9f6-4b8f-836e-14ef60a806d7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:23:09.000Z",
"modified": "2019-07-19T09:23:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-04T23:57:46",
"category": "Other",
"uuid": "ac8ba530-cefe-4a6d-ab7c-2acd514ae349"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8/analysis/1559692666/",
"category": "Payload delivery",
"uuid": "0e8ac8eb-6bee-45cf-a90c-83403a8f84f5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/62",
"category": "Payload delivery",
"uuid": "c99901fc-603a-47be-ad92-25b8e49afdb1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb1071b4-d800-4cde-83f6-7a6035d85171",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:04.000Z",
"modified": "2019-08-23T09:36:04.000Z",
"pattern": "[file:hashes.MD5 = '039bd47f0fdb6bb7d68a2428c71f317d' AND file:hashes.SHA1 = '1d73611c6d77a07de90199864c6341d58657db43' AND file:hashes.SHA256 = 'f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-08-23T09:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--114f3f73-824d-4ecd-b931-ecfa06cd315b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:23:10.000Z",
"modified": "2019-07-19T09:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-30T00:54:00",
"category": "Other",
"uuid": "290047a1-8f60-4237-9499-25930aafaf87"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0/analysis/1556585640/",
"category": "Payload delivery",
"uuid": "ae08342d-d69b-4806-8f9a-23456e8988b7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/72",
"category": "Payload delivery",
"uuid": "9c359b30-75e6-4541-b307-6580f7f8ca8a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c348258-2cce-41e4-bf8f-67555be3f925",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:04.000Z",
"modified": "2019-08-23T09:36:04.000Z",
"pattern": "[file:hashes.MD5 = 'c3b1bd4e3e159591d84e77452a09851d' AND file:hashes.SHA1 = '0fece8a649e88635c35222fbc8ce49d6ef2e77c1' AND file:hashes.SHA256 = '5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-08-23T09:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--64a6d64f-7061-4953-9693-334ea5bea2ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:23:10.000Z",
"modified": "2019-07-19T09:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-25T16:23:56",
"category": "Other",
"uuid": "365e0979-45c2-48ff-b067-8427c971a484"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c/analysis/1561479836/",
"category": "Payload delivery",
"uuid": "cca113a9-1a86-4416-9965-6a8147c59c98"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "56/72",
"category": "Payload delivery",
"uuid": "6e5fbe1c-0986-44d0-b675-60639a24dc26"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:05.000Z",
"modified": "2019-08-23T09:36:05.000Z",
"pattern": "[file:hashes.MD5 = '89e50d52e498c34f1e976cf9a1017a39' AND file:hashes.SHA1 = '1b8fe1d2194e685c0cce2f00c33e7f069f3a4d54' AND file:hashes.SHA256 = '4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-08-23T09:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a2dbe480-0cac-43dd-808e-b6a735543ea5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:23:11.000Z",
"modified": "2019-07-19T09:23:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-06T23:48:31",
"category": "Other",
"uuid": "2b56458b-80ca-4d60-abbe-7133142c0cd0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8/analysis/1559864911/",
"category": "Payload delivery",
"uuid": "a8b28daa-01c7-4049-a0ec-9da443fbe78e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/62",
"category": "Payload delivery",
"uuid": "9489327d-b04a-4b82-86c6-4cb0fbd1fc19"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7708439c-37ac-4fce-ac9f-36a1a26a84df",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:05.000Z",
"modified": "2019-08-23T09:36:05.000Z",
"pattern": "[file:hashes.MD5 = 'b108412f1cdc0602d82d3e6b318dc634' AND file:hashes.SHA1 = '0681f2abe5c6d7e80afe27b8aba08abac43c39d8' AND file:hashes.SHA256 = 'eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-08-23T09:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--eda93bd4-a0f9-40d1-9216-3ea538389e62",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:23:11.000Z",
"modified": "2019-07-19T09:23:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-07-09T02:11:15",
"category": "Other",
"uuid": "1de46e79-770f-4323-9920-92bcd8e6158f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97/analysis/1562638275/",
"category": "Payload delivery",
"uuid": "2f0ff0fb-59af-4c85-a29f-74e0d9800836"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/71",
"category": "Payload delivery",
"uuid": "ff7e98c4-e38f-4559-82cf-f51c124c34f5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2d2efd04-087d-4dec-9b15-0466b3f048e2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:05.000Z",
"modified": "2019-08-23T09:36:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T13:49:58",
"category": "Other",
"uuid": "a14c6c4d-58f8-44f9-98a7-11ce52b45ad4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022/analysis/1553694598/",
"category": "Payload delivery",
"uuid": "91031c7d-821b-4a78-9f41-991e362b0c21"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/62",
"category": "Payload delivery",
"uuid": "94c21631-20b1-47cb-b6bc-1abccd4c2297"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--97c71d46-4c70-4a75-b908-50bf2d41983d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:05.000Z",
"modified": "2019-08-23T09:36:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-30T00:54:00",
"category": "Other",
"uuid": "07d3c689-845e-4b8e-b450-f1641896f608"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0/analysis/1556585640/",
"category": "Payload delivery",
"uuid": "67e32e8b-6fb6-49f4-af4a-7f8aa958cf8d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/72",
"category": "Payload delivery",
"uuid": "3e4563f0-98ab-4d5a-9df1-9070de5e14ff"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--17aca456-82a1-47f5-9b5f-dcf90c512882",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:06.000Z",
"modified": "2019-08-23T09:36:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-08-19T23:33:04",
"category": "Other",
"uuid": "a5633be9-d191-4586-bfcc-f257ef119285"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8/analysis/1566257584/",
"category": "Payload delivery",
"uuid": "c4c400c7-e486-4e6d-afcb-d925083cd18c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/58",
"category": "Payload delivery",
"uuid": "d397fd9c-03ea-4acf-bdb5-3db0dc518e8b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7ff87175-d1e6-4b91-9371-6b3e0da19395",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:06.000Z",
"modified": "2019-08-23T09:36:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-08-19T23:36:42",
"category": "Other",
"uuid": "c816cc5c-d424-4486-a978-ea0bee21b276"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c/analysis/1566257802/",
"category": "Payload delivery",
"uuid": "9d02a0a8-944e-4573-99a3-f3055339dadf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/66",
"category": "Payload delivery",
"uuid": "6939b75d-20a9-4b70-9b30-e54671f34750"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9e0c7cec-9ce2-4efb-a881-9b86cc097610",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:06.000Z",
"modified": "2019-08-23T09:36:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-08-22T23:42:21",
"category": "Other",
"uuid": "77f9cbd1-61e7-40c4-a680-813aa29103b5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97/analysis/1566517341/",
"category": "Payload delivery",
"uuid": "d0d353b6-0be4-4210-877b-b037b7176a29"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/66",
"category": "Payload delivery",
"uuid": "7eefc615-e3fc-40dd-b723-78f71492885b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6a4446ed-949a-42d5-8975-db3f4994de64",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-08-23T09:36:06.000Z",
"modified": "2019-08-23T09:36:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-08-22T23:34:02",
"category": "Other",
"uuid": "01e94ff0-197f-41d2-b036-84dfd9a3ecd0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8/analysis/1566516842/",
"category": "Payload delivery",
"uuid": "68d380af-15c6-4ecb-9ded-89093bec151b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/55",
"category": "Payload delivery",
"uuid": "4dec3344-b3e0-45ae-b019-caaacf098c69"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dbc5bf49-c77d-4325-a729-fc7266ef1802",
"created": "2019-07-19T09:23:11.000Z",
"modified": "2019-07-19T09:23:11.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"target_ref": "x-misp-object--5c97ffbd-d966-4fd3-a37b-32ef937013b2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3bdc7571-89b1-43c8-bcc2-8409a2589ddb",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"target_ref": "x-misp-object--2d2efd04-087d-4dec-9b15-0466b3f048e2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--780c153f-b550-4cf0-b722-04db174e48b8",
"created": "2019-07-19T09:23:12.000Z",
"modified": "2019-07-19T09:23:12.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--daa1f647-6100-4717-8f02-db83000e128e",
"target_ref": "x-misp-object--b8cf49aa-c9f6-4b8f-836e-14ef60a806d7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--72a560f0-da87-4a96-b42f-f10f5aad0a79",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--daa1f647-6100-4717-8f02-db83000e128e",
"target_ref": "x-misp-object--6a4446ed-949a-42d5-8975-db3f4994de64"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d01cc34-6dc8-4d2c-9247-9ad50c08979a",
"created": "2019-07-19T09:23:13.000Z",
"modified": "2019-07-19T09:23:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eb1071b4-d800-4cde-83f6-7a6035d85171",
"target_ref": "x-misp-object--114f3f73-824d-4ecd-b931-ecfa06cd315b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--25386b08-6523-4119-b00c-00232461e05a",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eb1071b4-d800-4cde-83f6-7a6035d85171",
"target_ref": "x-misp-object--97c71d46-4c70-4a75-b908-50bf2d41983d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48cacc72-3d01-4bae-b7d2-916b056e8e4f",
"created": "2019-07-19T09:23:13.000Z",
"modified": "2019-07-19T09:23:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0c348258-2cce-41e4-bf8f-67555be3f925",
"target_ref": "x-misp-object--64a6d64f-7061-4953-9693-334ea5bea2ec"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--08932883-098f-4a6c-b328-8f357fa57b88",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0c348258-2cce-41e4-bf8f-67555be3f925",
"target_ref": "x-misp-object--7ff87175-d1e6-4b91-9371-6b3e0da19395"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--759d3ae2-2cf0-4e7a-8881-d3d4096dcf90",
"created": "2019-07-19T09:23:13.000Z",
"modified": "2019-07-19T09:23:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"target_ref": "x-misp-object--a2dbe480-0cac-43dd-808e-b6a735543ea5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2e50cb74-f2c4-44af-8ddd-7fbd20dfa0d1",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"target_ref": "x-misp-object--17aca456-82a1-47f5-9b5f-dcf90c512882"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fe2b017b-f38b-47a4-8a7f-c3a5a5bf0803",
"created": "2019-07-19T09:23:13.000Z",
"modified": "2019-07-19T09:23:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7708439c-37ac-4fce-ac9f-36a1a26a84df",
"target_ref": "x-misp-object--eda93bd4-a0f9-40d1-9216-3ea538389e62"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eb6d1439-4ee8-441d-989c-b0244d07c8ec",
"created": "2019-08-23T09:36:07.000Z",
"modified": "2019-08-23T09:36:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7708439c-37ac-4fce-ac9f-36a1a26a84df",
"target_ref": "x-misp-object--9e0c7cec-9ce2-4efb-a881-9b86cc097610"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink