9041 lines
No EOL
382 KiB
JSON
9041 lines
No EOL
382 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5ba7542d-feb4-4a10-8aaa-4f0102de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T18:09:06.000Z",
|
|
"modified": "2018-09-23T18:09:06.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5ba7542d-feb4-4a10-8aaa-4f0102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T18:09:06.000Z",
|
|
"modified": "2018-09-23T18:09:06.000Z",
|
|
"name": "OSINT - Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment",
|
|
"published": "2018-09-23T18:09:59Z",
|
|
"object_refs": [
|
|
"observed-data--5ba7543c-0d9c-4c83-83fd-494f02de0b81",
|
|
"url--5ba7543c-0d9c-4c83-83fd-494f02de0b81",
|
|
"x-misp-attribute--5ba7545e-3354-4c48-a16f-47c202de0b81",
|
|
"indicator--5ba75513-8d64-4321-9d74-487c02de0b81",
|
|
"indicator--5ba75514-19f8-4938-a95d-480102de0b81",
|
|
"indicator--5ba75514-3468-4f0e-b157-4efd02de0b81",
|
|
"indicator--5ba75515-8350-4248-b1dc-4ba402de0b81",
|
|
"indicator--5ba75516-5374-4f20-9954-4a7902de0b81",
|
|
"indicator--5ba75516-d968-488c-86da-46cf02de0b81",
|
|
"indicator--5ba75517-f0ac-42c3-bbaa-424402de0b81",
|
|
"indicator--5ba75517-8688-415c-a25a-41d802de0b81",
|
|
"indicator--5ba75518-8e08-4974-8f02-49ab02de0b81",
|
|
"indicator--5ba75518-3684-42e0-9664-4aa402de0b81",
|
|
"indicator--5ba75519-c0c4-4066-b5f7-4beb02de0b81",
|
|
"indicator--5ba75519-72d8-430a-afb7-411302de0b81",
|
|
"indicator--5ba7551a-e758-4cda-bb80-444d02de0b81",
|
|
"indicator--5ba7551a-aae8-4004-8052-404402de0b81",
|
|
"indicator--5ba7551b-e5e4-4fa5-936c-4eaa02de0b81",
|
|
"indicator--5ba7551b-6ca4-432d-8435-491602de0b81",
|
|
"indicator--5ba7551c-1928-4424-9b39-4c2102de0b81",
|
|
"indicator--5ba7551c-70cc-4c30-9d27-4ad002de0b81",
|
|
"indicator--5ba7551d-8754-4d37-b9e1-402702de0b81",
|
|
"indicator--5ba7551d-b6bc-41f9-96fa-463202de0b81",
|
|
"indicator--5ba7551e-6aac-4be4-a921-401c02de0b81",
|
|
"indicator--5ba7551e-4cc0-4e06-8f7d-4b7d02de0b81",
|
|
"indicator--5ba7551f-6d48-4469-a8d9-44ad02de0b81",
|
|
"indicator--5ba7551f-a21c-4222-9e53-4f0d02de0b81",
|
|
"indicator--5ba75520-1948-40de-84e4-4dcc02de0b81",
|
|
"indicator--5ba75520-7b34-4a4b-8a51-480002de0b81",
|
|
"indicator--5ba75521-237c-48e2-8cd5-4d4402de0b81",
|
|
"indicator--5ba75522-ee70-40bb-81a9-4ef402de0b81",
|
|
"indicator--5ba75522-4808-4dba-b379-428502de0b81",
|
|
"indicator--5ba75523-4408-4b23-8d60-450d02de0b81",
|
|
"indicator--5ba75523-6f34-4894-ae0c-4a6102de0b81",
|
|
"indicator--5ba75524-f540-413f-b081-4e5202de0b81",
|
|
"indicator--5ba75524-e39c-4bd2-b9ce-4b7202de0b81",
|
|
"indicator--5ba75525-8d84-461d-b669-473b02de0b81",
|
|
"indicator--5ba75525-59f8-4e6a-b320-474202de0b81",
|
|
"indicator--5ba75526-9088-4c9e-8f36-4f8102de0b81",
|
|
"indicator--5ba75526-d584-4717-a438-4b1d02de0b81",
|
|
"indicator--5ba75527-fc3c-466f-8e9c-4c6602de0b81",
|
|
"indicator--5ba75527-cb78-4fea-a215-463102de0b81",
|
|
"indicator--5ba75528-6e8c-43c6-a78a-4cb702de0b81",
|
|
"indicator--5ba75528-71a4-4a5f-92e4-4b6902de0b81",
|
|
"indicator--5ba75529-0b74-4b25-b17e-403202de0b81",
|
|
"indicator--5ba75529-3bcc-40db-a081-404702de0b81",
|
|
"indicator--5ba7552a-6244-438b-a943-4cd902de0b81",
|
|
"indicator--5ba7552a-e85c-4d3e-a972-4bd402de0b81",
|
|
"indicator--5ba7552c-c2b4-4524-980c-4b0002de0b81",
|
|
"indicator--5ba7552d-6ea0-4ee4-bbd1-4cd302de0b81",
|
|
"indicator--5ba7552e-4508-40eb-b87a-4aee02de0b81",
|
|
"indicator--5ba7552e-cc5c-4b71-bfd9-444302de0b81",
|
|
"indicator--5ba7552f-99a4-4d29-af2f-4caa02de0b81",
|
|
"indicator--5ba7552f-8b64-4cf7-9d6c-4be002de0b81",
|
|
"indicator--5ba75530-bd58-4854-b302-404002de0b81",
|
|
"indicator--5ba75530-6c34-4207-88ee-43f602de0b81",
|
|
"indicator--5ba75531-c8ac-4c88-bf91-451902de0b81",
|
|
"indicator--5ba75531-e86c-4258-8b84-45a302de0b81",
|
|
"indicator--5ba75532-beb8-4c04-b86c-485a02de0b81",
|
|
"indicator--5ba75532-153c-4d73-99bb-406f02de0b81",
|
|
"indicator--5ba75533-22e8-4df3-864a-401302de0b81",
|
|
"indicator--5ba75533-b618-4f98-8ef3-4bb002de0b81",
|
|
"indicator--5ba75534-02d0-4475-8d60-4b4e02de0b81",
|
|
"indicator--5ba75534-5ef0-4f07-816d-443b02de0b81",
|
|
"indicator--5ba75535-88f4-40c9-b2d4-426d02de0b81",
|
|
"indicator--5ba75535-a53c-429b-a0ca-465c02de0b81",
|
|
"indicator--5ba75536-5520-4f4b-97b0-44de02de0b81",
|
|
"indicator--5ba75536-2fa4-43be-be6b-4c3402de0b81",
|
|
"indicator--5ba75537-40d4-47d3-a79d-447402de0b81",
|
|
"indicator--5ba75537-f63c-419f-82b2-4b4502de0b81",
|
|
"indicator--5ba75538-d950-4d62-a6c0-4a8f02de0b81",
|
|
"indicator--5ba75538-d6c0-4da4-b7f7-4c2102de0b81",
|
|
"indicator--5ba75539-8fe0-4af9-b7cb-4aaa02de0b81",
|
|
"indicator--5ba75539-0c58-4218-8fad-473202de0b81",
|
|
"indicator--5ba7553a-b698-46bb-bb0f-43f402de0b81",
|
|
"indicator--5ba7553a-6504-4a1a-b521-496902de0b81",
|
|
"indicator--5ba7553b-7d84-44bf-9e51-464302de0b81",
|
|
"indicator--5ba7553b-cb84-4d8c-94ec-443202de0b81",
|
|
"indicator--5ba7553c-0c84-4837-9c17-478002de0b81",
|
|
"indicator--5ba7553c-2bd4-48ff-86c2-4f9c02de0b81",
|
|
"indicator--5ba7553d-f74c-4fed-802b-40b602de0b81",
|
|
"indicator--5ba7553d-64fc-4b6d-8292-4a9902de0b81",
|
|
"indicator--5ba7553e-5804-464c-88af-473902de0b81",
|
|
"indicator--5ba7553e-a1ec-4541-a0a1-421602de0b81",
|
|
"indicator--5ba7553f-3b30-4abb-98a5-4b8002de0b81",
|
|
"indicator--5ba7553f-a5b0-42d2-b3fc-4bb202de0b81",
|
|
"indicator--5ba75540-a484-4baf-82dd-409402de0b81",
|
|
"indicator--5ba75622-9ec0-4f9d-9dd8-4b7c02de0b81",
|
|
"indicator--5ba75623-834c-4e3d-91b2-42f302de0b81",
|
|
"indicator--5ba75623-4004-443d-b493-42b702de0b81",
|
|
"indicator--5ba75624-d6b4-4af9-96fb-41d202de0b81",
|
|
"indicator--5ba75625-6a54-4dd7-b02a-4d3a02de0b81",
|
|
"indicator--5ba75625-da28-4759-b425-4d7802de0b81",
|
|
"indicator--5ba75625-a1cc-401b-9169-459502de0b81",
|
|
"indicator--5ba75626-bf4c-43a4-8892-4ecb02de0b81",
|
|
"indicator--5ba75626-1654-4f13-98b6-45ab02de0b81",
|
|
"indicator--5ba75626-cd88-42db-bee0-445402de0b81",
|
|
"indicator--5ba75627-0af4-4240-ac08-48e702de0b81",
|
|
"indicator--5ba75627-203c-40ae-95da-47ca02de0b81",
|
|
"indicator--5ba75627-e59c-4aaf-afcc-46f302de0b81",
|
|
"indicator--5ba75627-2edc-4f6c-afb7-4b5002de0b81",
|
|
"indicator--5ba75628-5ae4-4097-9238-40bc02de0b81",
|
|
"indicator--5ba75628-4a80-4d3b-a1c9-48aa02de0b81",
|
|
"indicator--5ba75629-1600-4f1f-94de-499f02de0b81",
|
|
"indicator--5ba75629-4890-4a1d-afd6-40ea02de0b81",
|
|
"indicator--5ba75629-8178-4319-9824-4d5602de0b81",
|
|
"indicator--5ba75629-eb20-45c0-8540-4dd102de0b81",
|
|
"indicator--5ba7562a-acc0-418c-944e-4fb502de0b81",
|
|
"indicator--5ba7562a-6220-478e-9cd2-44a902de0b81",
|
|
"indicator--5ba7562a-7078-42ad-8f69-4e3e02de0b81",
|
|
"indicator--5ba7562b-bd60-4a7f-b51c-405c02de0b81",
|
|
"indicator--5ba7562b-b6fc-4f7e-80cf-422002de0b81",
|
|
"indicator--5ba7562b-8090-4578-98d8-42c202de0b81",
|
|
"indicator--5ba7562b-8fcc-4ec5-bf4d-43fe02de0b81",
|
|
"indicator--5ba7562c-5aec-490e-a359-4bda02de0b81",
|
|
"indicator--5ba7562c-e984-4cfc-ace6-43eb02de0b81",
|
|
"indicator--5ba7562c-b120-42bf-82f0-4f3b02de0b81",
|
|
"indicator--5ba7562c-251c-4174-bc36-4e4502de0b81",
|
|
"indicator--5ba7562d-ad5c-4973-8e75-486f02de0b81",
|
|
"indicator--5ba7562d-e0e0-433f-95f0-41f902de0b81",
|
|
"indicator--5ba7562d-4c90-4791-a825-44bd02de0b81",
|
|
"indicator--5ba7562e-a7a8-45c0-aab4-410502de0b81",
|
|
"indicator--5ba7562e-401c-43af-a401-4eea02de0b81",
|
|
"indicator--5ba7562f-7974-4304-9148-421502de0b81",
|
|
"indicator--5ba7562f-5be4-4e75-8f5a-4bae02de0b81",
|
|
"indicator--5ba75631-5524-4277-b1b2-478602de0b81",
|
|
"indicator--5ba75631-df44-4595-a4e5-43be02de0b81",
|
|
"indicator--5ba75631-6dd4-4ea9-9992-40c202de0b81",
|
|
"indicator--5ba75632-1b2c-45ca-b0bc-42d002de0b81",
|
|
"indicator--5ba75632-bf44-40e6-82cc-402b02de0b81",
|
|
"indicator--5ba75633-9a2c-4258-904f-43d702de0b81",
|
|
"indicator--5ba75635-0448-45ab-93ef-49c402de0b81",
|
|
"indicator--5ba75636-56d0-483a-9ba4-418a02de0b81",
|
|
"indicator--5ba75636-7a58-4aea-b821-402a02de0b81",
|
|
"indicator--5ba75636-475c-4449-b40d-4be002de0b81",
|
|
"indicator--5ba75636-3228-4f8e-95ba-4f0802de0b81",
|
|
"indicator--5ba75636-19a8-47a3-84f5-4de702de0b81",
|
|
"indicator--5ba75637-6340-418c-b15c-427502de0b81",
|
|
"indicator--5ba75637-94dc-41f1-b43a-421702de0b81",
|
|
"indicator--5ba75637-4158-4157-8926-4e5502de0b81",
|
|
"indicator--5ba75638-9f9c-4696-8282-4f4202de0b81",
|
|
"indicator--5ba75638-b344-4acb-a896-452502de0b81",
|
|
"indicator--5ba75638-8844-41db-b47e-4d1a02de0b81",
|
|
"indicator--5ba75638-7f24-4774-8831-4af902de0b81",
|
|
"indicator--5ba75639-d1dc-41b2-a5bb-49e002de0b81",
|
|
"indicator--5ba75639-215c-4c18-bb09-4d4e02de0b81",
|
|
"indicator--5ba75639-b39c-4106-9a15-491402de0b81",
|
|
"indicator--5ba7563a-c8c4-4c2f-8b78-48c202de0b81",
|
|
"indicator--5ba7563a-01f4-443a-ae9d-4a9902de0b81",
|
|
"indicator--5ba7563a-11c0-4ecd-b118-406202de0b81",
|
|
"indicator--5ba7563a-f950-4389-9d06-4f2a02de0b81",
|
|
"indicator--5ba7563b-2d0c-4a7e-944a-428202de0b81",
|
|
"indicator--5ba7563b-e010-47a0-9954-446102de0b81",
|
|
"indicator--5ba7563b-401c-47ba-9bd0-4c8602de0b81",
|
|
"indicator--5ba7563c-8af4-4ae5-b4fb-4c0502de0b81",
|
|
"indicator--5ba7563c-6a70-4eb3-8127-4cb202de0b81",
|
|
"indicator--5ba7563c-5d48-4164-bd69-422b02de0b81",
|
|
"indicator--5ba7563c-3c10-4d2c-b903-4c2302de0b81",
|
|
"indicator--5ba7563d-0f3c-4e80-941d-422d02de0b81",
|
|
"indicator--5ba7563d-1638-4fc7-b92a-437702de0b81",
|
|
"indicator--5ba7563d-19c8-4eb7-bcdc-49a102de0b81",
|
|
"indicator--5ba7563d-0a40-4c76-b470-488802de0b81",
|
|
"indicator--5ba7563e-c6e0-48ff-973c-416d02de0b81",
|
|
"indicator--5ba7563e-06c8-45f6-ae4f-45e502de0b81",
|
|
"indicator--5ba7563e-265c-4d72-852e-4fc302de0b81",
|
|
"indicator--5ba7563e-0be8-4300-9fc4-4d7302de0b81",
|
|
"indicator--5ba7563f-7b84-4936-a564-456b02de0b81",
|
|
"indicator--5ba7563f-5210-48cf-9e26-42eb02de0b81",
|
|
"indicator--5ba75640-3cfc-49ba-a6a1-4a2e02de0b81",
|
|
"indicator--5ba75640-1628-4478-97a9-48c702de0b81",
|
|
"indicator--5ba75640-15f4-4436-9c18-404a02de0b81",
|
|
"indicator--5ba75640-3e5c-4118-85e4-409802de0b81",
|
|
"indicator--5ba75641-beb4-46d6-9d10-43de02de0b81",
|
|
"indicator--5ba75641-93b8-433c-8c24-4d8102de0b81",
|
|
"indicator--5ba75641-20c8-42b2-998d-450c02de0b81",
|
|
"indicator--5ba75641-bef0-4008-ae99-42d102de0b81",
|
|
"indicator--5ba75642-a83c-4913-a8f4-484b02de0b81",
|
|
"indicator--5ba75642-76f8-4a10-96ae-440e02de0b81",
|
|
"indicator--5ba75642-a850-4277-8ce1-44e002de0b81",
|
|
"indicator--5ba75642-6a78-4802-a753-4d3402de0b81",
|
|
"indicator--5ba75643-b364-4b6d-95cb-4d2e02de0b81",
|
|
"indicator--5ba75643-f824-4d23-a3d0-41fd02de0b81",
|
|
"indicator--5ba75643-ba2c-48d4-bb01-441502de0b81",
|
|
"indicator--5ba75644-4ad4-4c3f-b3c5-41e802de0b81",
|
|
"indicator--5ba75644-cb58-40b3-a6f8-436002de0b81",
|
|
"indicator--5ba75644-d000-4740-adb6-4f9a02de0b81",
|
|
"indicator--5ba75644-fcc4-4a3c-811b-482d02de0b81",
|
|
"indicator--5ba75645-11f0-43a8-8459-456002de0b81",
|
|
"indicator--5ba75645-a694-4393-8856-4da102de0b81",
|
|
"indicator--5ba75645-4e84-4b35-98f7-4f5902de0b81",
|
|
"indicator--5ba75645-7314-4534-a21d-418602de0b81",
|
|
"indicator--5ba75646-1a30-4f42-8042-4bf202de0b81",
|
|
"indicator--5ba75646-38ac-45fd-9c14-4f3502de0b81",
|
|
"indicator--5ba75646-2444-4ee3-85f9-46ae02de0b81",
|
|
"indicator--5ba75646-abe8-4da1-9c1d-496802de0b81",
|
|
"indicator--0cc22f92-12a5-441c-8abe-c99bdb9963e6",
|
|
"x-misp-object--da0d86fe-cc52-4aa1-ac49-81aa420ba0ce",
|
|
"indicator--459914b4-6906-4498-bc5c-f8f6120bc810",
|
|
"x-misp-object--8623016d-644d-467c-8602-ff74ee05f7f8",
|
|
"indicator--6eff1270-08db-4992-b573-f41d1aa05b2b",
|
|
"x-misp-object--13a3b942-0812-4f2a-a58e-f14b92b6e260",
|
|
"indicator--d9155481-509c-4342-83e1-fdb989fece74",
|
|
"x-misp-object--2cbdceb9-9582-4d00-9603-95e109d2a651",
|
|
"indicator--2f0b0487-3ff0-459a-a2d4-737449836d42",
|
|
"x-misp-object--784abc9d-1366-45a8-8d4a-5932ba6e86be",
|
|
"indicator--d82f7273-8250-4f95-a746-79384c4fb401",
|
|
"x-misp-object--a7240cf5-787b-4e31-8bac-1bae79aff797",
|
|
"indicator--a658fb8e-6a95-4a1f-bd72-bd6cc86b8d49",
|
|
"x-misp-object--dd4cf0fe-bf88-4ba7-bfd6-660d9b012a47",
|
|
"indicator--a9f0d30e-220b-4af6-bdc7-8fc67068f85b",
|
|
"x-misp-object--5e031e69-d3b3-419f-a7ca-f7db193fb446",
|
|
"indicator--c2eda666-d5fd-4299-abcf-511caa91b288",
|
|
"x-misp-object--1319a600-571b-4028-aef4-eebb0e290869",
|
|
"indicator--2c797c1a-3ac9-436a-a91e-943dc5b54a90",
|
|
"x-misp-object--92fd93d5-e716-4a3a-aa37-cdbc161734bb",
|
|
"indicator--72de1a87-86d9-447b-b11a-ee8083950255",
|
|
"x-misp-object--b3912e6d-dc4c-4620-8781-0b1139f165fb",
|
|
"indicator--bff4dc5f-b475-4eab-b39e-6d76c399bdf1",
|
|
"x-misp-object--af91b79c-b917-4d0b-8589-13ae63b09b55",
|
|
"indicator--f735def4-50ac-47f3-b313-ae445d03de3d",
|
|
"x-misp-object--6a289522-91a7-4609-80d6-c4c109234f0a",
|
|
"indicator--99f47a6f-c1c1-42d0-ba22-f020fc3c9f40",
|
|
"x-misp-object--1bf928af-721d-45a6-84f7-4be5aaa714c7",
|
|
"indicator--1c11c495-f526-4948-9088-020b5e6e2d38",
|
|
"x-misp-object--e2aebd7e-dc8e-417b-9cc2-6a50637071f6",
|
|
"indicator--ba0d3c10-f57e-4570-8e5a-55f03a491d87",
|
|
"x-misp-object--4dc2689b-d495-49a3-aee0-4b2e47f3f359",
|
|
"indicator--f21277e4-9713-45b6-b667-9babb4dcbd54",
|
|
"x-misp-object--841e0c38-753d-4fce-a040-b602c82983bd",
|
|
"indicator--63ff17d8-275b-4310-95d2-dc943fffa9f1",
|
|
"x-misp-object--526826c7-3e74-4e58-9b6b-22a80d3a9ba2",
|
|
"indicator--12bd1d1c-2a46-4e79-98d5-eae0dbe24a99",
|
|
"x-misp-object--4768255e-5d81-42c8-88e6-3898a9ba5e48",
|
|
"indicator--2a2da217-2a5a-49eb-a6b7-5d3fcd1ea2f7",
|
|
"x-misp-object--ed58894e-580c-40a0-897c-80b7b475b9b8",
|
|
"indicator--401d0cd8-f794-4bfc-9e5c-61431a13da43",
|
|
"x-misp-object--6a919fd4-ff22-438d-ba20-cfa5a8afa461",
|
|
"indicator--8f3ce353-a61f-4425-a1a4-1e01f04ed4ad",
|
|
"x-misp-object--5eff387f-c392-44d6-bee8-659b30d49041",
|
|
"indicator--c12a9ac4-cdab-4f7b-b273-de78445ab0d8",
|
|
"x-misp-object--547d81bd-058f-4817-9acb-a062287e5b5f",
|
|
"indicator--11bced4f-9039-4e82-838d-5688c1bddb37",
|
|
"x-misp-object--f600dcd4-6430-4be1-beeb-a60e806f90c1",
|
|
"indicator--49f6313e-e099-4213-a317-6d85c224e83e",
|
|
"x-misp-object--73cf0468-dea2-45f7-90d3-4c207761f92c",
|
|
"indicator--33541140-082c-4308-942a-ef0d299c56a5",
|
|
"x-misp-object--408e6466-ddd8-4840-ada2-14ff5c5163b5",
|
|
"indicator--40baef43-65a2-44a6-a996-68b5cb71c8a6",
|
|
"x-misp-object--8198ecf8-eb74-4d87-a6b7-16155bd5901b",
|
|
"indicator--86d0b603-5f6d-4561-994e-23ed074fc952",
|
|
"x-misp-object--18076f4e-3c02-423f-9441-f5cba4f88f01",
|
|
"indicator--60fef33c-fd9a-4bdb-a962-d3004d1de221",
|
|
"x-misp-object--74fab901-678d-4742-b4a2-d8686e4520ae",
|
|
"indicator--2eceb572-6770-4ebf-84b5-f91e784adbf0",
|
|
"x-misp-object--b3fda510-d265-4f97-8b83-6b4a848eb34e",
|
|
"indicator--9ee93194-67a8-41fe-88a4-3092be74a68f",
|
|
"x-misp-object--46e1e879-67d9-453d-8f4c-12052e0a72bd",
|
|
"indicator--9062c8f4-f246-46a1-8371-000255b8c458",
|
|
"x-misp-object--654be604-ab9f-492f-aa60-356709e29b03",
|
|
"indicator--a03621d4-1dee-41cd-be0b-f06db29d0474",
|
|
"x-misp-object--4d7091dc-cbcb-4122-9e7a-b68faa0e3671",
|
|
"indicator--9b8c0002-f7e5-42d9-949a-d744ff60cfe1",
|
|
"x-misp-object--6b2ca901-bd60-41d2-b81a-7cde3dded069",
|
|
"indicator--216519b0-9afd-49cc-b1f2-5079ced8ffad",
|
|
"x-misp-object--8edbd400-2aaa-44aa-9c12-9fa86f18d5e9",
|
|
"indicator--893909c7-2fe3-4d5d-970c-c7c98307aad8",
|
|
"x-misp-object--de329633-daf0-4348-b3a6-eed567af4abc",
|
|
"indicator--200176a6-d502-4898-950c-b5f1ac32f33c",
|
|
"x-misp-object--dd666867-c1e8-4f2d-9ada-d47a2b83614c",
|
|
"indicator--d4363749-0e9f-48ab-937e-e7eece93189c",
|
|
"x-misp-object--5403d646-770d-4cb5-a224-bd7d33f29a39",
|
|
"indicator--54431c61-b7fa-4db5-9ddd-fa46b90871e5",
|
|
"x-misp-object--1972ab26-0e0f-472b-b3a4-05f32c6a32dd",
|
|
"indicator--d3b9b550-70bc-4b05-b507-a7911c258e24",
|
|
"x-misp-object--57bc1a5a-7459-4e99-9885-3bc537d052ff",
|
|
"indicator--08294d45-b4a1-4194-b9b4-bb765dbd463f",
|
|
"x-misp-object--99192dc5-3c81-482b-9e07-2e6f5eae5b33",
|
|
"indicator--2f36441d-4dcc-49e2-82d7-c7f4ffc4d3f5",
|
|
"x-misp-object--1666fac9-c4b0-469d-adab-f8e2dc1ca905",
|
|
"indicator--5606b9ce-f33e-4d9a-85ac-70a6bd0e845f",
|
|
"x-misp-object--595c71e0-4fc9-43ca-9468-981dba632990",
|
|
"indicator--4d772880-84d3-4f35-a5f2-51e10ba2eb64",
|
|
"x-misp-object--79093120-8a60-4b1d-8695-3071390f3c2a",
|
|
"indicator--e328e0a4-924e-4b83-8c1a-ebf29203972b",
|
|
"x-misp-object--f68d805d-2ca3-42e5-abd6-b1f811644985",
|
|
"indicator--aaa932f1-27fc-4b69-99e4-e9527513add2",
|
|
"x-misp-object--36342d4f-ebe7-4272-bd15-6abd88981366",
|
|
"indicator--e3c08415-3761-493f-ab5f-46a60c2b5830",
|
|
"x-misp-object--d1dd2986-4d7c-45d2-b177-2a5ef49a1f1f",
|
|
"indicator--df0dc30f-3ab6-4bdb-97fd-61b70e505147",
|
|
"x-misp-object--8532e44e-c664-4319-b177-4062d5e40a07",
|
|
"indicator--93fae3f6-e720-457e-a48d-2d3251e9047f",
|
|
"x-misp-object--e6d14f75-48c0-421b-b621-16e2d93917c0",
|
|
"indicator--f721368d-152a-4a10-9f40-c1c015a8385a",
|
|
"x-misp-object--145158fa-6c29-415b-b0c9-b91bab07747f",
|
|
"indicator--096d4d0d-d240-47e6-8f38-f27e8bbc8b42",
|
|
"x-misp-object--9dc55be7-4b0b-4242-8d39-af30c40210ff",
|
|
"indicator--3712a790-eff0-4ee4-beb1-a56f89ce034a",
|
|
"x-misp-object--5e74a189-6e48-4dd9-853c-250b3832f28d",
|
|
"indicator--7410dfb2-70ca-4ad5-b3ee-08638d9953aa",
|
|
"x-misp-object--40b9a0ba-ec89-4ba3-ab9b-f0748c4e2a98",
|
|
"indicator--a4670dd5-f9d8-4d19-bb2a-dff62216e44a",
|
|
"x-misp-object--0739d18a-e6e0-4bed-a3a9-fee46f321ab5",
|
|
"indicator--302ff607-05ac-448a-9eca-9d105b53c7bc",
|
|
"x-misp-object--466bd179-9a77-4b81-9711-4a8cc4618965",
|
|
"indicator--79cf1dc1-d9e9-4767-88b0-771dc3f40f51",
|
|
"x-misp-object--2e50616f-6b22-4dc4-b68c-202538996bbe",
|
|
"indicator--7fb46cf4-5efc-4ca7-af99-e953213bb25a",
|
|
"x-misp-object--1ccd1d7c-30d0-4939-b17d-986dd346f9c3",
|
|
"indicator--bdc39116-dd56-4658-86fa-724720005ee2",
|
|
"x-misp-object--d339236f-6ff9-4a44-9d14-63fb3017a91a",
|
|
"relationship--2f7dd272-fec8-4e38-b87f-49ab61cc702b",
|
|
"relationship--7a18fbe3-b143-446b-8456-7b0bc5e36bc2",
|
|
"relationship--51459e6b-ecd6-4b28-bc98-629eeb0a40a5",
|
|
"relationship--3f1ea94f-bcf3-4097-87bc-d361615e4920",
|
|
"relationship--cbbeae70-f040-43e0-b955-60aba3839feb",
|
|
"relationship--dd967d29-e2ba-4cc2-9aef-6d5fa18c839f",
|
|
"relationship--dc0816e9-e797-484e-b84f-68258643087f",
|
|
"relationship--22887f77-5784-48cf-8cb8-f61aa0e9a08f",
|
|
"relationship--9dbace35-d642-4fbc-88d1-f54ab9223b8c",
|
|
"relationship--18fafddb-e9a5-4ca2-8e14-ca5b18baa21a",
|
|
"relationship--5eaf89ed-b320-4c44-bcdd-be381e76b3a4",
|
|
"relationship--9ea31943-807e-463b-9a99-985492e7d02b",
|
|
"relationship--950df4dd-096b-45e4-96b2-2e4f6a753a02",
|
|
"relationship--15beb13b-fef9-4c12-833b-d33764602d73",
|
|
"relationship--3df50b99-52cf-4c2f-839a-6fd0f499e6d1",
|
|
"relationship--b56025cc-c081-4cc2-ba82-85a0f5d80295",
|
|
"relationship--e271c385-621b-48c7-a793-ac372f07c722",
|
|
"relationship--d278f9f6-1f3d-4e23-9f41-2732c05c93a2",
|
|
"relationship--eaaae797-fa98-4658-9d55-d558bfcec7fc",
|
|
"relationship--70b93717-78d0-48a9-a554-e060c23986f8",
|
|
"relationship--391ed067-cac4-4905-984f-4a9355089bd9",
|
|
"relationship--b7cb8004-e992-418b-b88e-f6864928ebb8",
|
|
"relationship--a86f8608-d860-4066-9406-1e8cdc55d21d",
|
|
"relationship--957f5498-22e6-40c8-bc5d-63a89aae6f37",
|
|
"relationship--936bb6ad-ad65-4538-a8d4-7595cbc0f6b7",
|
|
"relationship--107be009-5a01-4257-ba4c-2968941f983a",
|
|
"relationship--97d664e5-17e0-4bb6-a309-19c5105998bd",
|
|
"relationship--cddeeba0-e89b-4f60-a433-0f9feb621079",
|
|
"relationship--99843004-151d-4362-a089-5c50f205db57",
|
|
"relationship--e950110a-248b-49ca-bf7e-074317b052ff",
|
|
"relationship--98daa3e5-e6f9-431d-af49-bb794f23a26c",
|
|
"relationship--095f302f-93df-4f85-a104-4845d86c8a53",
|
|
"relationship--0329d934-c390-4039-9503-cd9d5fa1e17b",
|
|
"relationship--d6138d8c-3fa1-4798-867f-e4071607a7f8",
|
|
"relationship--e9c1654a-e3f7-4148-a424-6e04e48ca781",
|
|
"relationship--c3946a36-d62c-4458-98c0-19a884636d2a",
|
|
"relationship--a0c8faf4-403d-4e6c-8ab1-e99b29280a96",
|
|
"relationship--4f0cd933-6043-47f2-8ef4-35cbbb9ae8db",
|
|
"relationship--0fcbcbb6-4141-49a5-844e-471b67710d77",
|
|
"relationship--e2772bdd-a959-45a0-8861-f5d0d4c16c6c",
|
|
"relationship--952ecf7f-60a4-4f59-8a47-7f40eff84847",
|
|
"relationship--550b0edf-9de0-4820-9004-2aff046ec52d",
|
|
"relationship--49989cc8-aebc-4b43-8647-72969fee0f2c",
|
|
"relationship--52e12978-5b80-4e17-9560-4bcadfccfddb",
|
|
"relationship--cac59a01-e01f-49d1-bf50-66c570298c0b",
|
|
"relationship--c43fbf4b-0d76-4799-b3fd-33ca125a2645",
|
|
"relationship--325de365-33f0-438f-b38d-dd3ebc893f73",
|
|
"relationship--18721874-1041-48bf-a9ba-e1995f18297c",
|
|
"relationship--6de86617-6fa8-4df1-a675-54f356191e74",
|
|
"relationship--c3844f19-24ca-4361-98e2-f9e9b4931282",
|
|
"relationship--9b041e52-a277-4907-887a-2b5359e0f527",
|
|
"relationship--c09fd7b6-8a4f-4e5e-8427-a36328634c9c",
|
|
"relationship--f0fb8ca2-f110-4ca5-b65c-de1be7429cfc",
|
|
"relationship--7b75223d-aadf-45cc-8f9f-df9acdc612c8",
|
|
"relationship--1e58e6c6-e7b3-4ae7-9e45-00782b420419",
|
|
"relationship--01a2dc2b-b6d0-48d3-9e5c-8726bb8c602b",
|
|
"relationship--f9f798c7-74a8-497b-ab71-8ee2b63fe839",
|
|
"relationship--d6bb6f97-3df4-4589-87b2-da0036e0a007"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:tool=\"Poison Ivy\"",
|
|
"misp-galaxy:rat=\"PoisonIvy\"",
|
|
"estimative-language:confidence-in-analytic-judgment=\"low\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ba7543c-0d9c-4c83-83fd-494f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:52:12.000Z",
|
|
"modified": "2018-09-23T08:52:12.000Z",
|
|
"first_observed": "2018-09-23T08:52:12Z",
|
|
"last_observed": "2018-09-23T08:52:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5ba7543c-0d9c-4c83-83fd-494f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5ba7543c-0d9c-4c83-83fd-494f02de0b81",
|
|
"value": "http://blogs.360.cn/post/APT_C_01_en.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ba7545e-3354-4c48-a16f-47c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:52:46.000Z",
|
|
"modified": "2018-09-23T08:52:46.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Through research, 360 Helios Team has found that, since 2007, the Poison Ivy Group has carried out 11 years of cyber espionage campaigns against Chinese key units and departments, such as national defense, government, science and technology, education and maritime agencies. The group mainly targets military industry, Sino-US relations, cross-strait relations and ocean-related fields. It indicates that the group\u00e2\u20ac\u2122s interest is similar to that of our previously published OceanLotus APT Group.\r\n\r\n360 Helios Team captured the first Trojan of the Poison Ivy Group in December 2007. In the following 11 years, we have captured 13 versions of malicious code, involving 73 samples. In the initial attack, the Group mainly used spear phishing emails. Before the attack, the target was deeply investigated and carefully selected. Contents that are closely related to the target industry or field were used to construct the bait files and emails, such as specific conference materials, researches or announcements. The lure documents contain 10 vulnerable document samples, including a 0day vulnerability. Infections of this Trojan are distributed in 31 provincial-level administrative regions. The number of C&C domain names is 59 located in 4 different countries or regions according to the returned addresses.\r\n\r\nIn this cyber espionage campaign that lasted for 11 years in China, the following points in time are worthy of attention:\r\n\r\nIn December 2007, the Trojan associated with the group was first discovered. Involving marine related fields (suspected to be related to a large shipping company)\r\nIn March 2008, a key laboratory (a scientific research institution) of a university in China was attacked\r\nIn February 2009, attacks against the military industry began (a well-known military journal magazine)\r\nIn October 2009, the Trojan added a special method of combating static scanning (API string reverse order), and the methods were used in most versions of Trojans and continued to be applied to 2018.\r\nIn December 2011, the Trojan added a special method to combat dynamic detection (error API parameters), and related methods were used in most versions of Trojans and continued to be applied to 2015.\r\nIn February 2012, the first modified version of backdoor 1 based on zxshell code was discovered. The key function is to steal document files such as .doc.ppt.xls.wps.\r\nIn March 2013, intense attacks were constructed targeting Chinese Academy of Sciences and a number of national ministries and commissions in the fields of science and technology, maritime affairs, etc.\r\nIn October 2013, carried out watering hole attack on a Chinese government website\r\nIn May 2014, the revolted version 2 of zxshell modified version of Backdoor 1 was discovered. In addition to the function based on the modified version 1, the search for keywords such as \"military (\u00e5\u2020\u203a)\", \"aviation (\u00e8\u02c6\u00aa)\", and \"report (\u00e6\u0160\u00a5\u00e5\u2018\u0160)\" was added.\r\nOn September 12, 2014, events and samples related to CVE-2014-4114 (0day vulnerability) were first discovered.\r\nOn October 14, 2014, iSIGHT released the relevant report and disclosed CVE-2014-4114 (0day vulnerability). On the same day, Microsoft released relevant security bulletins.\r\nOn February 25, 2015, an attack on a military industry association (national defense technology) and the Chinese Academy of Engineering was detected. Kanbox (\u00e9\u2026\u00b7\u00e7\u203a\u02dc) samples were discovered.\r\nIn October 2017, the CVE-2017-8759 vulnerability document was used to initiate a spear phishing attack on a large media agency website and an individual working in Quanzhou.\r\nIn April 2018, the 360 Threat Intelligence Center disclosed the attack malicious code of the group, exploring CVE-2017-8759.\r\nIn May 2018, the actor launched attacks against several maritime organizations such as shipbuilding companies and port operating companies.\r\nNote: The above first attack time is based on the existing statistics we have. It does not mean that we have known all the attacks and behaviors of the organization."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75513-8d64-4321-9d74-487c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:47.000Z",
|
|
"modified": "2018-09-23T08:55:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = '03d762794a6fe96458d8228bb7561629']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75514-19f8-4938-a95d-480102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:48.000Z",
|
|
"modified": "2018-09-23T08:55:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0595f5005f237967dcfda517b26497d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75514-3468-4f0e-b157-4efd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:48.000Z",
|
|
"modified": "2018-09-23T08:55:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07561810d818905851ce6ab2c1152871']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75515-8350-4248-b1dc-4ba402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:49.000Z",
|
|
"modified": "2018-09-23T08:55:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0e80fca91103fe46766dcb0763c6f6af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75516-5374-4f20-9954-4a7902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:50.000Z",
|
|
"modified": "2018-09-23T08:55:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1374e999e1cda9e406c19dfe99830ffc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75516-d968-488c-86da-46cf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:50.000Z",
|
|
"modified": "2018-09-23T08:55:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1396cafb08ca09fac5d4bd2f12c65059']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75517-f0ac-42c3-bbaa-424402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:51.000Z",
|
|
"modified": "2018-09-23T08:55:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1ab54f5f0b847a1aaaf00237d3a9f0ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75517-8688-415c-a25a-41d802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:51.000Z",
|
|
"modified": "2018-09-23T08:55:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1aca8cd40d9b84cab225d333b09f9ba5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75518-8e08-4974-8f02-49ab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:52.000Z",
|
|
"modified": "2018-09-23T08:55:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1dc61f30feeb60995174692e8d864312']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75518-3684-42e0-9664-4aa402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:52.000Z",
|
|
"modified": "2018-09-23T08:55:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = '250c9ec3e77d1c6d999ce782c69fc21b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75519-c0c4-4066-b5f7-4beb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:53.000Z",
|
|
"modified": "2018-09-23T08:55:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2579b715ea1b76a1979c415b139fdee7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75519-72d8-430a-afb7-411302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:53.000Z",
|
|
"modified": "2018-09-23T08:55:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '26d7f7aa3135e99581119f40986a8ac3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551a-e758-4cda-bb80-444d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:54.000Z",
|
|
"modified": "2018-09-23T08:55:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27f683baed7b02927a591cdc0c850743']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551a-aae8-4004-8052-404402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:54.000Z",
|
|
"modified": "2018-09-23T08:55:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '28e4545e9944eb53897ee9acf67b1969']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551b-e5e4-4fa5-936c-4eaa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:55.000Z",
|
|
"modified": "2018-09-23T08:55:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2a96042e605146ead06b2ee4835baec3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551b-6ca4-432d-8435-491602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:55.000Z",
|
|
"modified": "2018-09-23T08:55:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2c405d608b600655196a4aa13bdb3790']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551c-1928-4424-9b39-4c2102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:56.000Z",
|
|
"modified": "2018-09-23T08:55:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '30866adc2976704bca0f051b5474a1ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551c-70cc-4c30-9d27-4ad002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:56.000Z",
|
|
"modified": "2018-09-23T08:55:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '31c81459c10d3f001d2ccef830239c16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551d-8754-4d37-b9e1-402702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:57.000Z",
|
|
"modified": "2018-09-23T08:55:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3484302809ac3df6ceec857cb4f75fb1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551d-b6bc-41f9-96fa-463202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:57.000Z",
|
|
"modified": "2018-09-23T08:55:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '36c23c569205d6586984a2f6f8c3a39e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551e-6aac-4be4-a921-401c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:58.000Z",
|
|
"modified": "2018-09-23T08:55:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '382132e601d7a4ae39a4e7d89457597f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551e-4cc0-4e06-8f7d-4b7d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:58.000Z",
|
|
"modified": "2018-09-23T08:55:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3e12538b6eaf19ca163a47ea599cfa9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551f-6d48-4469-a8d9-44ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:59.000Z",
|
|
"modified": "2018-09-23T08:55:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '41c7e09170037fafe95bb691df021a20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7551f-a21c-4222-9e53-4f0d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:55:59.000Z",
|
|
"modified": "2018-09-23T08:55:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '45e983ae2fca8dacfdebe1b1277102c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:55:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75520-1948-40de-84e4-4dcc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:00.000Z",
|
|
"modified": "2018-09-23T08:56:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4e57987d0897878eb2241f9d52303713']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75520-7b34-4a4b-8a51-480002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:00.000Z",
|
|
"modified": "2018-09-23T08:56:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5696bbee662d75f9be0e8a9ed8672755']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75521-237c-48e2-8cd5-4d4402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:01.000Z",
|
|
"modified": "2018-09-23T08:56:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5e4c2fbcd0308a0b9af92bf87383604f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75522-ee70-40bb-81a9-4ef402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:02.000Z",
|
|
"modified": "2018-09-23T08:56:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5ee2958b130f9cda8f5f3fc1dc5249cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75522-4808-4dba-b379-428502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:02.000Z",
|
|
"modified": "2018-09-23T08:56:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5f1a1ff9f272539904e25d300f2bfbcc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75523-4408-4b23-8d60-450d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:03.000Z",
|
|
"modified": "2018-09-23T08:56:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '611cefaee48c5f096fb644073247621c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75523-6f34-4894-ae0c-4a6102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:03.000Z",
|
|
"modified": "2018-09-23T08:56:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '67d5f04fb0e00addc4085457f40900a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75524-f540-413f-b081-4e5202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:04.000Z",
|
|
"modified": "2018-09-23T08:56:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a37ce66d3003ebf04d249ab049acb22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75524-e39c-4bd2-b9ce-4b7202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:04.000Z",
|
|
"modified": "2018-09-23T08:56:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6ca3a598492152eb08e36819ee56ab83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75525-8d84-461d-b669-473b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:05.000Z",
|
|
"modified": "2018-09-23T08:56:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7639ed0f0c0f5ac48ec9a548a82e2f50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75525-59f8-4e6a-b320-474202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:05.000Z",
|
|
"modified": "2018-09-23T08:56:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '76782ecf9684595dbf86e5e37ba95cc8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75526-9088-4c9e-8f36-4f8102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:06.000Z",
|
|
"modified": "2018-09-23T08:56:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '785b24a55dd41c94060efe8b39dc6d4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75526-d584-4717-a438-4b1d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:06.000Z",
|
|
"modified": "2018-09-23T08:56:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7c498b7ad4c12c38b1f4eb12044a9def']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75527-fc3c-466f-8e9c-4c6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:07.000Z",
|
|
"modified": "2018-09-23T08:56:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '81232f4c5c7810939b3486fa78d666c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75527-cb78-4fea-a215-463102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:07.000Z",
|
|
"modified": "2018-09-23T08:56:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '81e1332d15b29e8a19d0e97459d0a1de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75528-6e8c-43c6-a78a-4cb702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:08.000Z",
|
|
"modified": "2018-09-23T08:56:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8abb22771fd3ca34d6def30ba5c5081c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75528-71a4-4a5f-92e4-4b6902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:08.000Z",
|
|
"modified": "2018-09-23T08:56:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = '95f0b0e942081b4952e6daef2e373967']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75529-0b74-4b25-b17e-403202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:09.000Z",
|
|
"modified": "2018-09-23T08:56:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b925250786571058dae5a7cbea71d28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75529-3bcc-40db-a081-404702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:09.000Z",
|
|
"modified": "2018-09-23T08:56:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9bcb41da619c289fcfdf3131bbf2be21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552a-6244-438b-a943-4cd902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:10.000Z",
|
|
"modified": "2018-09-23T08:56:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f9a24b063018613f7f290cc057b8c40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552a-e85c-4d3e-a972-4bd402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:10.000Z",
|
|
"modified": "2018-09-23T08:56:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a73d3f749e42e2b614f89c4b3ce97fe1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552c-c2b4-4524-980c-4b0002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:12.000Z",
|
|
"modified": "2018-09-23T08:56:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a807486cfe05b30a43c109fdb6a95993']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552d-6ea0-4ee4-bbd1-4cd302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:13.000Z",
|
|
"modified": "2018-09-23T08:56:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a8417d19c5e5183d45a38a2abf48e43e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552e-4508-40eb-b87a-4aee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:14.000Z",
|
|
"modified": "2018-09-23T08:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'acc598bf20fada204b5cfd4c3344f98a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552e-cc5c-4b71-bfd9-444302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:14.000Z",
|
|
"modified": "2018-09-23T08:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'accb53eb0faebfca9f190815d143e04b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552f-99a4-4d29-af2f-4caa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:15.000Z",
|
|
"modified": "2018-09-23T08:56:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'adc3a4dfbdfe7640153ed0ea1c3cf125']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7552f-8b64-4cf7-9d6c-4be002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:15.000Z",
|
|
"modified": "2018-09-23T08:56:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ae004a5d4f1829594d830956c55d6ae4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75530-bd58-4854-b302-404002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:16.000Z",
|
|
"modified": "2018-09-23T08:56:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b0be3c5fe298fb2b894394e808d5ffaf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75530-6c34-4207-88ee-43f602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:16.000Z",
|
|
"modified": "2018-09-23T08:56:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b244cced7c7f728bcc4d363f8260090d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75531-c8ac-4c88-bf91-451902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:17.000Z",
|
|
"modified": "2018-09-23T08:56:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b301cd0e42803b0373438e9d4ca01421']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75531-e86c-4258-8b84-45a302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:17.000Z",
|
|
"modified": "2018-09-23T08:56:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bd2272535c655aff1f1566b24a70ee97']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75532-beb8-4c04-b86c-485a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:18.000Z",
|
|
"modified": "2018-09-23T08:56:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bd4b579f889bbe681b9d3ab11768ca07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75532-153c-4d73-99bb-406f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:18.000Z",
|
|
"modified": "2018-09-23T08:56:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bfb9d13daf5a4232e5e45875e7e905d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75533-22e8-4df3-864a-401302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:19.000Z",
|
|
"modified": "2018-09-23T08:56:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c31549489bf0478ab4c367c563916ada']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75533-b618-4f98-8ef3-4bb002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:19.000Z",
|
|
"modified": "2018-09-23T08:56:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c8755d732be4dc13eecd8e4c49cfab94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75534-02d0-4475-8d60-4b4e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:20.000Z",
|
|
"modified": "2018-09-23T08:56:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c8fd2748a82e336f934963a79313aaa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75534-5ef0-4f07-816d-443b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:20.000Z",
|
|
"modified": "2018-09-23T08:56:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ca663597299b1cecaf57c14c6579b23b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75535-88f4-40c9-b2d4-426d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:21.000Z",
|
|
"modified": "2018-09-23T08:56:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd12099237026ae7475c24b3dfb5d18bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75535-a53c-429b-a0ca-465c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:21.000Z",
|
|
"modified": "2018-09-23T08:56:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd61c583eba31f2670ae688af070c87fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75536-5520-4f4b-97b0-44de02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:22.000Z",
|
|
"modified": "2018-09-23T08:56:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dde2c03d6168089affdca3b5ec41f661']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75536-2fa4-43be-be6b-4c3402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:22.000Z",
|
|
"modified": "2018-09-23T08:56:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e2e2cd911e099b005e0b2a80a34cfaac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75537-40d4-47d3-a79d-447402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:23.000Z",
|
|
"modified": "2018-09-23T08:56:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e9a9c0485ee3e32e7db79247fee8bba6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75537-f63c-419f-82b2-4b4502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:23.000Z",
|
|
"modified": "2018-09-23T08:56:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ec7e11cfca01af40f4d96cbbacb41fed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75538-d950-4d62-a6c0-4a8f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:24.000Z",
|
|
"modified": "2018-09-23T08:56:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eff88ecf0c3e719f584371e9150061d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75538-d6c0-4da4-b7f7-4c2102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:24.000Z",
|
|
"modified": "2018-09-23T08:56:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f0c29f89ffdb0f3f03e663ef415b9e4e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75539-8fe0-4af9-b7cb-4aaa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:25.000Z",
|
|
"modified": "2018-09-23T08:56:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f1b6ed2624583c913392dcd7e3ea6ae1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75539-0c58-4218-8fad-473202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:25.000Z",
|
|
"modified": "2018-09-23T08:56:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f27a9cd7df897cf8d2e540b6530dceb3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553a-b698-46bb-bb0f-43f402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:26.000Z",
|
|
"modified": "2018-09-23T08:56:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f29abd84d6cdec8bb5ce8d51e85ddafc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553a-6504-4a1a-b521-496902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:26.000Z",
|
|
"modified": "2018-09-23T08:56:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f3ed0632cadd2d6beffb9d33db4188ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553b-7d84-44bf-9e51-464302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:27.000Z",
|
|
"modified": "2018-09-23T08:56:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fbd0f2c62b14b576f087e92f60e7d132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553b-cb84-4d8c-94ec-443202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:27.000Z",
|
|
"modified": "2018-09-23T08:56:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fccb13c00df25d074a78f1eeeb04a0e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553c-0c84-4837-9c17-478002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:28.000Z",
|
|
"modified": "2018-09-23T08:56:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0fb92524625fffda3425d08c94c014a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553c-2bd4-48ff-86c2-4f9c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:28.000Z",
|
|
"modified": "2018-09-23T08:56:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '168365197031ffcdbe65ab13d71b64ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553d-f74c-4fed-802b-40b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:29.000Z",
|
|
"modified": "2018-09-23T08:56:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2b5ddabf1c6fd8670137cade8b60a034']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553d-64fc-4b6d-8292-4a9902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:29.000Z",
|
|
"modified": "2018-09-23T08:56:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '517c81b6d05bf285d095e0fd91cb6f03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553e-5804-464c-88af-473902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:30.000Z",
|
|
"modified": "2018-09-23T08:56:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7deeb1b3cce6528add4f9489ce1ec5d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553e-a1ec-4541-a0a1-421602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:30.000Z",
|
|
"modified": "2018-09-23T08:56:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aa57085e5544d923f576e9f86adf9dc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553f-3b30-4abb-98a5-4b8002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:31.000Z",
|
|
"modified": "2018-09-23T08:56:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cda1961d63aaee991ff97845705e08b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7553f-a5b0-42d2-b3fc-4bb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:31.000Z",
|
|
"modified": "2018-09-23T08:56:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e07ca9f773bd772a41a6698c6fd6e551']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75540-a484-4baf-82dd-409402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T08:56:32.000Z",
|
|
"modified": "2018-09-23T08:56:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fb427874a13f6ea5e0fd1a0aec6a095c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T08:56:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75622-9ec0-4f9d-9dd8-4b7c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:18.000Z",
|
|
"modified": "2018-09-23T09:00:18.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = '126mailserver.serveftp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75623-834c-4e3d-91b2-42f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:19.000Z",
|
|
"modified": "2018-09-23T09:00:19.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'access.webplurk.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75623-4004-443d-b493-42b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:19.000Z",
|
|
"modified": "2018-09-23T09:00:19.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'aliago.dyndns.dk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75624-d6b4-4af9-96fb-41d202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:20.000Z",
|
|
"modified": "2018-09-23T09:00:20.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'as1688.webhop.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75625-6a54-4dd7-b02a-4d3a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:21.000Z",
|
|
"modified": "2018-09-23T09:00:21.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'babana.wikaba.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75625-da28-4759-b425-4d7802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:21.000Z",
|
|
"modified": "2018-09-23T09:00:21.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'backaaa.beijingdasihei.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75625-a1cc-401b-9169-459502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:21.000Z",
|
|
"modified": "2018-09-23T09:00:21.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'bt0116.servebbs.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75626-bf4c-43a4-8892-4ecb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:22.000Z",
|
|
"modified": "2018-09-23T09:00:22.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'ceepitbj.servepics.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75626-1654-4f13-98b6-45ab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:22.000Z",
|
|
"modified": "2018-09-23T09:00:22.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'check.blogdns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75626-cd88-42db-bee0-445402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:22.000Z",
|
|
"modified": "2018-09-23T09:00:22.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'china.serveblog.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75627-0af4-4240-ac08-48e702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:23.000Z",
|
|
"modified": "2018-09-23T09:00:23.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'chinamil.lflink.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75627-203c-40ae-95da-47ca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:23.000Z",
|
|
"modified": "2018-09-23T09:00:23.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'cluster.safe360.dns05.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75627-e59c-4aaf-afcc-46f302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:23.000Z",
|
|
"modified": "2018-09-23T09:00:23.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'cnwww.m-music.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75627-2edc-4f6c-afb7-4b5002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:23.000Z",
|
|
"modified": "2018-09-23T09:00:23.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'fff.dynamic-dns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75628-5ae4-4097-9238-40bc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:24.000Z",
|
|
"modified": "2018-09-23T09:00:24.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'gaewaa.upgrinfo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75628-4a80-4d3b-a1c9-48aa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:24.000Z",
|
|
"modified": "2018-09-23T09:00:24.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'gaewaa.upgrinfo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75629-1600-4f1f-94de-499f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:25.000Z",
|
|
"modified": "2018-09-23T09:00:25.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'givemea.ygto.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75629-4890-4a1d-afd6-40ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:25.000Z",
|
|
"modified": "2018-09-23T09:00:25.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'givemeaaa.upgrinfo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75629-8178-4319-9824-4d5602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:25.000Z",
|
|
"modified": "2018-09-23T09:00:25.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'goldlion.mefound.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75629-eb20-45c0-8540-4dd102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:25.000Z",
|
|
"modified": "2018-09-23T09:00:25.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'gugupd.008.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562a-acc0-418c-944e-4fb502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:26.000Z",
|
|
"modified": "2018-09-23T09:00:26.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'guliu2008.9966.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562a-6220-478e-9cd2-44a902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:26.000Z",
|
|
"modified": "2018-09-23T09:00:26.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'hyssjc.securitytactics.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562a-7078-42ad-8f69-4e3e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:26.000Z",
|
|
"modified": "2018-09-23T09:00:26.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'jason.zyns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562b-bd60-4a7f-b51c-405c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:27.000Z",
|
|
"modified": "2018-09-23T09:00:27.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'javainfo.upgrinfo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562b-b6fc-4f7e-80cf-422002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:27.000Z",
|
|
"modified": "2018-09-23T09:00:27.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'javainfo.upgrinfo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562b-8090-4578-98d8-42c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:27.000Z",
|
|
"modified": "2018-09-23T09:00:27.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'jerry.jkub.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562b-8fcc-4ec5-bf4d-43fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:27.000Z",
|
|
"modified": "2018-09-23T09:00:27.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'jerry.jkub.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562c-5aec-490e-a359-4bda02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:28.000Z",
|
|
"modified": "2018-09-23T09:00:28.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'kav2011.mooo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562c-e984-4cfc-ace6-43eb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:28.000Z",
|
|
"modified": "2018-09-23T09:00:28.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'kav2011.mooo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562c-b120-42bf-82f0-4f3b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:28.000Z",
|
|
"modified": "2018-09-23T09:00:28.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'kouwel.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562c-251c-4174-bc36-4e4502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:28.000Z",
|
|
"modified": "2018-09-23T09:00:28.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'kouwel.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562d-ad5c-4973-8e75-486f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:29.000Z",
|
|
"modified": "2018-09-23T09:00:29.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'laizaow.mefound.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562d-e0e0-433f-95f0-41f902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:29.000Z",
|
|
"modified": "2018-09-23T09:00:29.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'localhosts.ddns.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562d-4c90-4791-a825-44bd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:29.000Z",
|
|
"modified": "2018-09-23T09:00:29.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'mail.sends.sendsmtp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562e-a7a8-45c0-aab4-410502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:30.000Z",
|
|
"modified": "2018-09-23T09:00:30.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'mail163.mypop3.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562e-401c-43af-a401-4eea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:30.000Z",
|
|
"modified": "2018-09-23T09:00:30.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'mailsends.sendsmtp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562f-7974-4304-9148-421502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:31.000Z",
|
|
"modified": "2018-09-23T09:00:31.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'mediatvset.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7562f-5be4-4e75-8f5a-4bae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:31.000Z",
|
|
"modified": "2018-09-23T09:00:31.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'moneyaaa.beijingdasihei.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75631-5524-4277-b1b2-478602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:33.000Z",
|
|
"modified": "2018-09-23T09:00:33.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'motices.ourhobby.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75631-df44-4595-a4e5-43be02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:33.000Z",
|
|
"modified": "2018-09-23T09:00:33.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'motices.ourhobby.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75631-6dd4-4ea9-9992-40c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:33.000Z",
|
|
"modified": "2018-09-23T09:00:33.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'mp3.dnset.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75632-1b2c-45ca-b0bc-42d002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:34.000Z",
|
|
"modified": "2018-09-23T09:00:34.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'netlink.vizvaz.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75632-bf44-40e6-82cc-402b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:34.000Z",
|
|
"modified": "2018-09-23T09:00:34.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'operater.solaris.nu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75633-9a2c-4258-904f-43d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:35.000Z",
|
|
"modified": "2018-09-23T09:00:35.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'pps.longmusic.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75635-0448-45ab-93ef-49c402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:37.000Z",
|
|
"modified": "2018-09-23T09:00:37.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'ps1688.webhop.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75636-56d0-483a-9ba4-418a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:38.000Z",
|
|
"modified": "2018-09-23T09:00:38.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'rising.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75636-7a58-4aea-b821-402a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:37.000Z",
|
|
"modified": "2018-09-23T09:00:37.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'rising.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75636-475c-4449-b40d-4be002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:38.000Z",
|
|
"modified": "2018-09-23T09:00:38.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'safe360.dns05.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75636-3228-4f8e-95ba-4f0802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:38.000Z",
|
|
"modified": "2018-09-23T09:00:38.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'sandy.ourhobby.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75636-19a8-47a3-84f5-4de702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:38.000Z",
|
|
"modified": "2018-09-23T09:00:38.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'sandy.ourhobby.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75637-6340-418c-b15c-427502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:39.000Z",
|
|
"modified": "2018-09-23T09:00:39.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'soagov.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75637-94dc-41f1-b43a-421702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:39.000Z",
|
|
"modified": "2018-09-23T09:00:39.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'soagov.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75637-4158-4157-8926-4e5502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:39.000Z",
|
|
"modified": "2018-09-23T09:00:39.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'soagov.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75638-9f9c-4696-8282-4f4202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:40.000Z",
|
|
"modified": "2018-09-23T09:00:40.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'soasoa.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75638-b344-4acb-a896-452502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:40.000Z",
|
|
"modified": "2018-09-23T09:00:40.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'ssy.ikwb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75638-8844-41db-b47e-4d1a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:40.000Z",
|
|
"modified": "2018-09-23T09:00:40.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'ssy.mynumber.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75638-7f24-4774-8831-4af902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:40.000Z",
|
|
"modified": "2018-09-23T09:00:40.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'ssy.mynumber.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75639-d1dc-41b2-a5bb-49e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:41.000Z",
|
|
"modified": "2018-09-23T09:00:41.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'svcsrset.ezua.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75639-215c-4c18-bb09-4d4e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:41.000Z",
|
|
"modified": "2018-09-23T09:00:41.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'teacat.https443.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75639-b39c-4106-9a15-491402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:41.000Z",
|
|
"modified": "2018-09-23T09:00:41.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'tong.wikaba.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563a-c8c4-4c2f-8b78-48c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:42.000Z",
|
|
"modified": "2018-09-23T09:00:42.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'updates.lflink.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563a-01f4-443a-ae9d-4a9902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:42.000Z",
|
|
"modified": "2018-09-23T09:00:42.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'usa08.serveftp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563a-11c0-4ecd-b118-406202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:42.000Z",
|
|
"modified": "2018-09-23T09:00:42.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'waterfall.mynumber.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563a-f950-4389-9d06-4f2a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:42.000Z",
|
|
"modified": "2018-09-23T09:00:42.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'waterfall.mynumber.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563b-2d0c-4a7e-944a-428202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:43.000Z",
|
|
"modified": "2018-09-23T09:00:43.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'webupdate.dnsrd.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563b-e010-47a0-9954-446102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:43.000Z",
|
|
"modified": "2018-09-23T09:00:43.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'www.safe360.dns05.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563b-401c-47ba-9bd0-4c8602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:43.000Z",
|
|
"modified": "2018-09-23T09:00:43.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'www.ssy.ikwb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563c-8af4-4ae5-b4fb-4c0502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:44.000Z",
|
|
"modified": "2018-09-23T09:00:44.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'www.tong.wikaba.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563c-6a70-4eb3-8127-4cb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:44.000Z",
|
|
"modified": "2018-09-23T09:00:44.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'wwwdo.tyur.acmetoy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563c-5d48-4164-bd69-422b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:44.000Z",
|
|
"modified": "2018-09-23T09:00:44.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'xinhua.redirectme.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563c-3c10-4d2c-b903-4c2302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:44.000Z",
|
|
"modified": "2018-09-23T09:00:44.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'xinhua.redirectme.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563d-0f3c-4e80-941d-422d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:45.000Z",
|
|
"modified": "2018-09-23T09:00:45.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.213.66.10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563d-1638-4fc7-b92a-437702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:45.000Z",
|
|
"modified": "2018-09-23T09:00:45.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.0.32.168']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563d-19c8-4eb7-bcdc-49a102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:45.000Z",
|
|
"modified": "2018-09-23T09:00:45.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.227.220.223']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563d-0a40-4c76-b470-488802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:45.000Z",
|
|
"modified": "2018-09-23T09:00:45.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.166.67.36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563e-c6e0-48ff-973c-416d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:46.000Z",
|
|
"modified": "2018-09-23T09:00:46.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.101.133.169']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563e-06c8-45f6-ae4f-45e502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:46.000Z",
|
|
"modified": "2018-09-23T09:00:46.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.8.137']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563e-265c-4d72-852e-4fc302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:46.000Z",
|
|
"modified": "2018-09-23T09:00:46.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.125.176']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563e-0be8-4300-9fc4-4d7302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:46.000Z",
|
|
"modified": "2018-09-23T09:00:46.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.125.176']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563f-7b84-4936-a564-456b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:47.000Z",
|
|
"modified": "2018-09-23T09:00:47.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.228.61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba7563f-5210-48cf-9e26-42eb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:47.000Z",
|
|
"modified": "2018-09-23T09:00:47.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.9.206']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75640-3cfc-49ba-a6a1-4a2e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:48.000Z",
|
|
"modified": "2018-09-23T09:00:48.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.77.171.209']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75640-1628-4478-97a9-48c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:48.000Z",
|
|
"modified": "2018-09-23T09:00:48.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'bearingonly.rebatesrule.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75640-15f4-4436-9c18-404a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:48.000Z",
|
|
"modified": "2018-09-23T09:00:48.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'canberk.gecekodu.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75640-3e5c-4118-85e4-409802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:48.000Z",
|
|
"modified": "2018-09-23T09:00:48.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'canberk.gecekodu.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75641-beb4-46d6-9d10-43de02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:49.000Z",
|
|
"modified": "2018-09-23T09:00:49.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'emailser163.serveusers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75641-93b8-433c-8c24-4d8102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:49.000Z",
|
|
"modified": "2018-09-23T09:00:49.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'emailser163.serveusers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75641-20c8-42b2-998d-450c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:49.000Z",
|
|
"modified": "2018-09-23T09:00:49.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'fevupdate.ocry.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75641-bef0-4008-ae99-42d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:49.000Z",
|
|
"modified": "2018-09-23T09:00:49.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'geiwoaaa.qpoe.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75642-a83c-4913-a8f4-484b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:50.000Z",
|
|
"modified": "2018-09-23T09:00:50.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'hy-zhqopin.mynumber.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75642-76f8-4a10-96ae-440e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:50.000Z",
|
|
"modified": "2018-09-23T09:00:50.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'l63service.serveuser.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75642-a850-4277-8ce1-44e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:50.000Z",
|
|
"modified": "2018-09-23T09:00:50.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'microsoftword.serveuser.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75642-6a78-4802-a753-4d3402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:50.000Z",
|
|
"modified": "2018-09-23T09:00:50.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'office.go.dyndns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75643-b364-4b6d-95cb-4d2e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:51.000Z",
|
|
"modified": "2018-09-23T09:00:51.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'updateinfo.servegame.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75643-f824-4d23-a3d0-41fd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:51.000Z",
|
|
"modified": "2018-09-23T09:00:51.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'updateinfo.servegame.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75643-ba2c-48d4-bb01-441502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:51.000Z",
|
|
"modified": "2018-09-23T09:00:51.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'uswebmail163.sendsmtp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75644-4ad4-4c3f-b3c5-41e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:52.000Z",
|
|
"modified": "2018-09-23T09:00:52.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'winsysupdate.dynamic-dns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75644-cb58-40b3-a6f8-436002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:52.000Z",
|
|
"modified": "2018-09-23T09:00:52.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'winsysupdate.dynamic-dns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75644-d000-4740-adb6-4f9a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:52.000Z",
|
|
"modified": "2018-09-23T09:00:52.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'wmiaprp.ezua.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75644-fcc4-4a3c-811b-482d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:52.000Z",
|
|
"modified": "2018-09-23T09:00:52.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'wmiaprp.ezua.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75645-11f0-43a8-8459-456002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:53.000Z",
|
|
"modified": "2018-09-23T09:00:53.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'www.service.justdied.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75645-a694-4393-8856-4da102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:53.000Z",
|
|
"modified": "2018-09-23T09:00:53.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'zxcv201789.dynssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75645-4e84-4b35-98f7-4f5902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:53.000Z",
|
|
"modified": "2018-09-23T09:00:53.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'officepatch.dnset.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75645-7314-4534-a21d-418602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:53.000Z",
|
|
"modified": "2018-09-23T09:00:53.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'pouhui.diskstation.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75646-1a30-4f42-8042-4bf202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:54.000Z",
|
|
"modified": "2018-09-23T09:00:54.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'comehigh.mefound.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75646-38ac-45fd-9c14-4f3502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:54.000Z",
|
|
"modified": "2018-09-23T09:00:54.000Z",
|
|
"description": "C2",
|
|
"pattern": "[domain-name:value = 'annie165.zyns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75646-2444-4ee3-85f9-46ae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:54.000Z",
|
|
"modified": "2018-09-23T09:00:54.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://annie165.zyns.com/zxcvb.hta']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ba75646-abe8-4da1-9c1d-496802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:00:54.000Z",
|
|
"modified": "2018-09-23T09:00:54.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://annie165.zyns.com/zxcvb.hta']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:00:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0cc22f92-12a5-441c-8abe-c99bdb9963e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:28.000Z",
|
|
"modified": "2018-09-23T09:22:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f27a9cd7df897cf8d2e540b6530dceb3' AND file:hashes.SHA1 = '17ccec0e99fd122342b6b3171b5fd9e2482f246a' AND file:hashes.SHA256 = 'e94f5c5f56fd40e92bc8d73b2e8182d924df6ca3105bd00d6af67b4362597f62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--da0d86fe-cc52-4aa1-ac49-81aa420ba0ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:27.000Z",
|
|
"modified": "2018-09-23T09:22:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-20T06:20:40",
|
|
"category": "Other",
|
|
"uuid": "f7477f7d-4224-4dca-9a68-3662d09cd33f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e94f5c5f56fd40e92bc8d73b2e8182d924df6ca3105bd00d6af67b4362597f62/analysis/1537424440/",
|
|
"category": "External analysis",
|
|
"uuid": "18b74f46-8c41-427a-8104-f9194b06d85a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/66",
|
|
"category": "Other",
|
|
"uuid": "b39f638c-136c-4fda-8ced-42df7ff1a3c2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--459914b4-6906-4498-bc5c-f8f6120bc810",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:31.000Z",
|
|
"modified": "2018-09-23T09:22:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '30866adc2976704bca0f051b5474a1ee' AND file:hashes.SHA1 = 'aedb48dddf563a061612d4fcb4d6ffff7fb488ee' AND file:hashes.SHA256 = 'cbb14352ed58821ecb25fd65f2b56347adba26dfd627a70a170e16268a207c5e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8623016d-644d-467c-8602-ff74ee05f7f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:29.000Z",
|
|
"modified": "2018-09-23T09:22:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:14:10",
|
|
"category": "Other",
|
|
"uuid": "aa9a9308-5091-4579-b33e-8b0fb4b7a8ce"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cbb14352ed58821ecb25fd65f2b56347adba26dfd627a70a170e16268a207c5e/analysis/1537553650/",
|
|
"category": "External analysis",
|
|
"uuid": "92b50e42-dd13-46c7-91fc-09b5e623207d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/68",
|
|
"category": "Other",
|
|
"uuid": "251f3de0-bf95-4b5a-910e-2cb1cb441544"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6eff1270-08db-4992-b573-f41d1aa05b2b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:33.000Z",
|
|
"modified": "2018-09-23T09:22:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5f1a1ff9f272539904e25d300f2bfbcc' AND file:hashes.SHA1 = '0d6884dc6079bc311e639d7480c7eaed4a895dfc' AND file:hashes.SHA256 = '75f96a7162b6cb83d323822d80df64cbfeff44d1f64b4f72effec5e4793aecf5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--13a3b942-0812-4f2a-a58e-f14b92b6e260",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:31.000Z",
|
|
"modified": "2018-09-23T09:22:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:31",
|
|
"category": "Other",
|
|
"uuid": "6eb11188-9617-4e3a-9af9-0d37ca8a90b7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/75f96a7162b6cb83d323822d80df64cbfeff44d1f64b4f72effec5e4793aecf5/analysis/1537527091/",
|
|
"category": "External analysis",
|
|
"uuid": "69471216-9dc4-4caf-9378-4f6e126fc135"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"uuid": "eb8783b4-e6c2-4c81-a98d-ef0447e7d5b6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d9155481-509c-4342-83e1-fdb989fece74",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:35.000Z",
|
|
"modified": "2018-09-23T09:22:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fb427874a13f6ea5e0fd1a0aec6a095c' AND file:hashes.SHA1 = '0b16345be744668db8cd40a40207b14ba6d85bea' AND file:hashes.SHA256 = 'f97af27e06b7d542d408034f2f8c5452bd236f520670a21721d2fbb2feb107f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2cbdceb9-9582-4d00-9603-95e109d2a651",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:33.000Z",
|
|
"modified": "2018-09-23T09:22:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T19:22:46",
|
|
"category": "Other",
|
|
"uuid": "5c8ec832-5a02-4844-b6c7-e76d6fed0489"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f97af27e06b7d542d408034f2f8c5452bd236f520670a21721d2fbb2feb107f2/analysis/1537644166/",
|
|
"category": "External analysis",
|
|
"uuid": "9f979a03-f109-4e69-88b2-0d49934288d6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Other",
|
|
"uuid": "02d92cc2-7895-45cc-900b-d283d10a1eca"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2f0b0487-3ff0-459a-a2d4-737449836d42",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:37.000Z",
|
|
"modified": "2018-09-23T09:22:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '382132e601d7a4ae39a4e7d89457597f' AND file:hashes.SHA1 = '08cceecd61ebddb1f98f8d9705a6464224607090' AND file:hashes.SHA256 = 'b78f456a4e0c453048635b647f4ccbfa4fdb0e28916ace81ba36c752b18d9eb3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--784abc9d-1366-45a8-8d4a-5932ba6e86be",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:36.000Z",
|
|
"modified": "2018-09-23T09:22:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:16:13",
|
|
"category": "Other",
|
|
"uuid": "6e0115d5-542e-4755-af31-7c37a21928e5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b78f456a4e0c453048635b647f4ccbfa4fdb0e28916ace81ba36c752b18d9eb3/analysis/1537553773/",
|
|
"category": "External analysis",
|
|
"uuid": "fd2cc4b4-c781-409d-a787-15fd673e5c28"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/67",
|
|
"category": "Other",
|
|
"uuid": "c9a45501-1771-40ce-9229-cc5da04942b1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d82f7273-8250-4f95-a746-79384c4fb401",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:40.000Z",
|
|
"modified": "2018-09-23T09:22:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f29abd84d6cdec8bb5ce8d51e85ddafc' AND file:hashes.SHA1 = '9b45be84dc3774436d5a3f6a0d105e91b351c0f1' AND file:hashes.SHA256 = '22c79081068b05f92a1e3c7022905b3dd49efea03a79919aa2a0df626bf3549d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a7240cf5-787b-4e31-8bac-1bae79aff797",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:40.000Z",
|
|
"modified": "2018-09-23T09:22:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:52",
|
|
"category": "Other",
|
|
"uuid": "22cdd8e8-05b4-4181-ba3b-19f930d9b72a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/22c79081068b05f92a1e3c7022905b3dd49efea03a79919aa2a0df626bf3549d/analysis/1537527052/",
|
|
"category": "External analysis",
|
|
"uuid": "45402676-463e-49f5-b837-2df3b86025fd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/67",
|
|
"category": "Other",
|
|
"uuid": "bd2936e7-915c-40af-8134-592da36f11c5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a658fb8e-6a95-4a1f-bd72-bd6cc86b8d49",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:44.000Z",
|
|
"modified": "2018-09-23T09:22:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1374e999e1cda9e406c19dfe99830ffc' AND file:hashes.SHA1 = '928d22fb0926d92536d21f651fafe89d77e8b328' AND file:hashes.SHA256 = '40904ec096c1e2b4f40f66f9bcaaa7a13dd6b62131b6189f06d6bdc7d36dbf39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dd4cf0fe-bf88-4ba7-bfd6-660d9b012a47",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:42.000Z",
|
|
"modified": "2018-09-23T09:22:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:12",
|
|
"category": "Other",
|
|
"uuid": "1b228e93-fa9c-42cf-949d-57e3b8cff1df"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/40904ec096c1e2b4f40f66f9bcaaa7a13dd6b62131b6189f06d6bdc7d36dbf39/analysis/1537527072/",
|
|
"category": "External analysis",
|
|
"uuid": "1d74c2b3-81b7-411f-a4ff-8045815f9fd3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/69",
|
|
"category": "Other",
|
|
"uuid": "ce14ff02-78a8-4c10-af4c-e732f48abdad"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a9f0d30e-220b-4af6-bdc7-8fc67068f85b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:46.000Z",
|
|
"modified": "2018-09-23T09:22:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27f683baed7b02927a591cdc0c850743' AND file:hashes.SHA1 = '8493d51533b607548d8afecd48916db669986577' AND file:hashes.SHA256 = '312e4e9a74c3e55e4c30cf0bb507ad0678ad0a8495e80bc0d418e67e5d681a52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5e031e69-d3b3-419f-a7ca-f7db193fb446",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:44.000Z",
|
|
"modified": "2018-09-23T09:22:44.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:18",
|
|
"category": "Other",
|
|
"uuid": "f6031b58-d348-4607-a4db-9ad5fcb940e6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/312e4e9a74c3e55e4c30cf0bb507ad0678ad0a8495e80bc0d418e67e5d681a52/analysis/1537527078/",
|
|
"category": "External analysis",
|
|
"uuid": "3d7cb8f2-f4d3-430d-9ed0-66ea52306647"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/68",
|
|
"category": "Other",
|
|
"uuid": "fbd14770-fb9d-4532-a6a9-b8f6b105ac2a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c2eda666-d5fd-4299-abcf-511caa91b288",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:48.000Z",
|
|
"modified": "2018-09-23T09:22:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0595f5005f237967dcfda517b26497d6' AND file:hashes.SHA1 = '543558d709056451df0253fc0bd35ad4237baa6d' AND file:hashes.SHA256 = 'd40a7d85a9059a0adb1a2e19cde994938a30a205185d9d23f16b544ca92f6ab0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1319a600-571b-4028-aef4-eebb0e290869",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:47.000Z",
|
|
"modified": "2018-09-23T09:22:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:08",
|
|
"category": "Other",
|
|
"uuid": "406bb582-cf0f-4d38-93a3-c9febed57f05"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d40a7d85a9059a0adb1a2e19cde994938a30a205185d9d23f16b544ca92f6ab0/analysis/1537527068/",
|
|
"category": "External analysis",
|
|
"uuid": "709221f4-289e-4ace-ad3f-1fa6a163d582"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/69",
|
|
"category": "Other",
|
|
"uuid": "cebf45b0-01b6-4038-b3e2-dc1412b06441"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2c797c1a-3ac9-436a-a91e-943dc5b54a90",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:51.000Z",
|
|
"modified": "2018-09-23T09:22:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '168365197031ffcdbe65ab13d71b64ec' AND file:hashes.SHA1 = '6093534218644bc814afadf381194f74a6588f64' AND file:hashes.SHA256 = '4c85aa3428d3c59e1a8c2279146f724b3e1c47dcf407a9ae35881aebfc82cf2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--92fd93d5-e716-4a3a-aa37-cdbc161734bb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:49.000Z",
|
|
"modified": "2018-09-23T09:22:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T09:09:44",
|
|
"category": "Other",
|
|
"uuid": "81e9892c-99b9-4417-b2d4-7f9a3c28b604"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4c85aa3428d3c59e1a8c2279146f724b3e1c47dcf407a9ae35881aebfc82cf2a/analysis/1537520984/",
|
|
"category": "External analysis",
|
|
"uuid": "0056b7ba-2d2c-438f-9a4d-a984a01b510e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Other",
|
|
"uuid": "f5531901-ffcd-4cb2-ba25-ae5773455fd7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--72de1a87-86d9-447b-b11a-ee8083950255",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:53.000Z",
|
|
"modified": "2018-09-23T09:22:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd61c583eba31f2670ae688af070c87fc' AND file:hashes.SHA1 = 'c27ead6b5fe4ed922b09ba7d1e6dd52131c4e27e' AND file:hashes.SHA256 = 'fb9fba39d3826b854185c355e36701c57a436be957074a394972bc18a546cddd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b3912e6d-dc4c-4620-8781-0b1139f165fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:51.000Z",
|
|
"modified": "2018-09-23T09:22:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:45",
|
|
"category": "Other",
|
|
"uuid": "b6fbbece-066a-40b2-ae07-185ef2c4bd99"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fb9fba39d3826b854185c355e36701c57a436be957074a394972bc18a546cddd/analysis/1537527045/",
|
|
"category": "External analysis",
|
|
"uuid": "2cb38a7d-cdac-493b-842a-2c77a33d06c7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/69",
|
|
"category": "Other",
|
|
"uuid": "4d33b4ce-376a-4c71-a3a0-a9660fa6dc54"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bff4dc5f-b475-4eab-b39e-6d76c399bdf1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:55.000Z",
|
|
"modified": "2018-09-23T09:22:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd12099237026ae7475c24b3dfb5d18bc' AND file:hashes.SHA1 = '3262d76e9d57b9c6badd060f68af8e76f9009a18' AND file:hashes.SHA256 = 'b15eb055fd2c69f3f593d28ae4744a4ca55c652cc73b9966cfd0adc0b5be7010']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--af91b79c-b917-4d0b-8589-13ae63b09b55",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:53.000Z",
|
|
"modified": "2018-09-23T09:22:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:44",
|
|
"category": "Other",
|
|
"uuid": "f2a9c071-c90d-4381-8d61-c0f98399f91d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b15eb055fd2c69f3f593d28ae4744a4ca55c652cc73b9966cfd0adc0b5be7010/analysis/1537527044/",
|
|
"category": "External analysis",
|
|
"uuid": "f365c65c-63b4-42a0-8820-176399f2822d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/69",
|
|
"category": "Other",
|
|
"uuid": "e045cc57-02a1-4a2a-9c5d-53c900bbfb0b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f735def4-50ac-47f3-b313-ae445d03de3d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:57.000Z",
|
|
"modified": "2018-09-23T09:22:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7639ed0f0c0f5ac48ec9a548a82e2f50' AND file:hashes.SHA1 = '24e64441ceab3bc0a6a292d68b2c90dfd90616c7' AND file:hashes.SHA256 = 'b00efb298d25d6e473f3d7cd2d52c939f3a1d54bc0f9a9ad9b119c46d7bcb5ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6a289522-91a7-4609-80d6-c4c109234f0a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:55.000Z",
|
|
"modified": "2018-09-23T09:22:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:36",
|
|
"category": "Other",
|
|
"uuid": "5b25448e-040c-41c6-9a58-66c79822973c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b00efb298d25d6e473f3d7cd2d52c939f3a1d54bc0f9a9ad9b119c46d7bcb5ed/analysis/1537527096/",
|
|
"category": "External analysis",
|
|
"uuid": "643c8596-4c8b-47bc-8d9f-9d90d39e1368"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/69",
|
|
"category": "Other",
|
|
"uuid": "75434be7-62f1-4322-bf3c-4ecec2496bc8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--99f47a6f-c1c1-42d0-ba22-f020fc3c9f40",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:59.000Z",
|
|
"modified": "2018-09-23T09:22:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9bcb41da619c289fcfdf3131bbf2be21' AND file:hashes.SHA1 = '370dc9aabb76ddae641cf18e13c24ae6bcb3660b' AND file:hashes.SHA256 = '4c0aa63c95b3c0ee732c35a853ac18c988f3bf65bef8a2bcb2e963622b48c366']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:22:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1bf928af-721d-45a6-84f7-4be5aaa714c7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:22:58.000Z",
|
|
"modified": "2018-09-23T09:22:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:27",
|
|
"category": "Other",
|
|
"uuid": "973cfe28-e575-4fec-b8a9-bf899294c69a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4c0aa63c95b3c0ee732c35a853ac18c988f3bf65bef8a2bcb2e963622b48c366/analysis/1537527027/",
|
|
"category": "External analysis",
|
|
"uuid": "38aa7cd3-9d7b-4f24-82b8-25e692999435"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/68",
|
|
"category": "Other",
|
|
"uuid": "4aced3d1-230e-4daf-bdd4-2cc6fe17062d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1c11c495-f526-4948-9088-020b5e6e2d38",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:04.000Z",
|
|
"modified": "2018-09-23T09:23:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '67d5f04fb0e00addc4085457f40900a2' AND file:hashes.SHA1 = 'ffd993e5e86c1dad3dcb2aa97d92251b0d961ff6' AND file:hashes.SHA256 = '7183fcea2b551ceb0f95968d29c81012a19e80e43336fb6e3f6a0aed8458ba99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e2aebd7e-dc8e-417b-9cc2-6a50637071f6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:03.000Z",
|
|
"modified": "2018-09-23T09:23:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:34",
|
|
"category": "Other",
|
|
"uuid": "50b69b3a-5a63-4dd3-9fd5-91131d0a9f40"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7183fcea2b551ceb0f95968d29c81012a19e80e43336fb6e3f6a0aed8458ba99/analysis/1537527094/",
|
|
"category": "External analysis",
|
|
"uuid": "a8d7ac15-9a7d-4179-bf6d-983753fdd8a1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/68",
|
|
"category": "Other",
|
|
"uuid": "6105bdfe-7d8c-4fe6-9033-4479ef5d7504"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ba0d3c10-f57e-4570-8e5a-55f03a491d87",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:07.000Z",
|
|
"modified": "2018-09-23T09:23:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bfb9d13daf5a4232e5e45875e7e905d7' AND file:hashes.SHA1 = '75e4b344233a7cacebc093a94d5d56b8bf56ff9f' AND file:hashes.SHA256 = 'd4d13196cfa047eaddfba3ac7b37e1e9318656b6bc6cb86488c0565a205a03a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4dc2689b-d495-49a3-aee0-4b2e47f3f359",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:07.000Z",
|
|
"modified": "2018-09-23T09:23:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:40",
|
|
"category": "Other",
|
|
"uuid": "d72f60d8-630d-4568-afff-57a0a512b75f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d4d13196cfa047eaddfba3ac7b37e1e9318656b6bc6cb86488c0565a205a03a2/analysis/1537527040/",
|
|
"category": "External analysis",
|
|
"uuid": "1274846e-e120-4100-98de-5fd4d53b0d97"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Other",
|
|
"uuid": "1c033929-84c1-49fb-854f-040ae7cb43b1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f21277e4-9713-45b6-b667-9babb4dcbd54",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:11.000Z",
|
|
"modified": "2018-09-23T09:23:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c8fd2748a82e336f934963a79313aaa1' AND file:hashes.SHA1 = '6271085a01acbd95a590f78728807e7033b27bea' AND file:hashes.SHA256 = '0d3af97f8c80b68e879729f40bdaa2a10b0c99d8f3540c5f62700a88ef08f98a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--841e0c38-753d-4fce-a040-b602c82983bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:09.000Z",
|
|
"modified": "2018-09-23T09:23:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:43",
|
|
"category": "Other",
|
|
"uuid": "91867087-a710-4096-afc4-062911b1508e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0d3af97f8c80b68e879729f40bdaa2a10b0c99d8f3540c5f62700a88ef08f98a/analysis/1537527043/",
|
|
"category": "External analysis",
|
|
"uuid": "674c49eb-a80e-48d8-927c-dea95a9390f7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"uuid": "27e13fe6-7201-4a2f-b063-95cc2139d1a3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--63ff17d8-275b-4310-95d2-dc943fffa9f1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:14.000Z",
|
|
"modified": "2018-09-23T09:23:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b244cced7c7f728bcc4d363f8260090d' AND file:hashes.SHA1 = '616bd68ae7f6168df32009a679a2970399c437ae' AND file:hashes.SHA256 = '2a63a346a26f22d980cfa2cb863d0c91e62ea90d81ced1c71501725ec516de1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--526826c7-3e74-4e58-9b6b-22a80d3a9ba2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:12.000Z",
|
|
"modified": "2018-09-23T09:23:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:36",
|
|
"category": "Other",
|
|
"uuid": "880ae873-df7b-4de4-8404-9495de5c4ff1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2a63a346a26f22d980cfa2cb863d0c91e62ea90d81ced1c71501725ec516de1e/analysis/1537527036/",
|
|
"category": "External analysis",
|
|
"uuid": "2bd60883-5707-4b1b-afea-e41450787d7c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/69",
|
|
"category": "Other",
|
|
"uuid": "b941ecfb-eb9e-43e1-b3c8-12f730b6e89f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--12bd1d1c-2a46-4e79-98d5-eae0dbe24a99",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:16.000Z",
|
|
"modified": "2018-09-23T09:23:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b0be3c5fe298fb2b894394e808d5ffaf' AND file:hashes.SHA1 = 'e9651427d918b6191a49f3ef0dd0b60645bad61d' AND file:hashes.SHA256 = 'c8a25dc2f75bef7a29ebbf657fb5f8e8f8c29716cc0a2c20e1babd405c3ab030']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4768255e-5d81-42c8-88e6-3898a9ba5e48",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:15.000Z",
|
|
"modified": "2018-09-23T09:23:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:34",
|
|
"category": "Other",
|
|
"uuid": "5488f9b8-b338-4455-aa1c-f8cb9dc814e3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c8a25dc2f75bef7a29ebbf657fb5f8e8f8c29716cc0a2c20e1babd405c3ab030/analysis/1537527034/",
|
|
"category": "External analysis",
|
|
"uuid": "b715a309-d793-4907-8641-c9d09159511c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/69",
|
|
"category": "Other",
|
|
"uuid": "4c404547-0977-462e-9b87-83f32e164cca"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2a2da217-2a5a-49eb-a6b7-5d3fcd1ea2f7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:19.000Z",
|
|
"modified": "2018-09-23T09:23:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4e57987d0897878eb2241f9d52303713' AND file:hashes.SHA1 = '984e4f37cf5c51623110dfa908bcefde86241f96' AND file:hashes.SHA256 = '547044cb73f1c18ccd92cd28afded37756f749a9338ed7c04306c1de46889d6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ed58894e-580c-40a0-897c-80b7b475b9b8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:17.000Z",
|
|
"modified": "2018-09-23T09:23:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:28",
|
|
"category": "Other",
|
|
"uuid": "8cdaf742-8fe7-49f8-a1f3-8bab58095a4c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/547044cb73f1c18ccd92cd28afded37756f749a9338ed7c04306c1de46889d6b/analysis/1537527088/",
|
|
"category": "External analysis",
|
|
"uuid": "84034c2f-137b-40eb-a2ec-395a067a273c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"uuid": "68a78e19-e9b3-49ca-9814-2a9b9208e934"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--401d0cd8-f794-4bfc-9e5c-61431a13da43",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:21.000Z",
|
|
"modified": "2018-09-23T09:23:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '785b24a55dd41c94060efe8b39dc6d4c' AND file:hashes.SHA1 = 'ff2044144f2ad4a6d98dd94da1d0f53f500351c6' AND file:hashes.SHA256 = 'ce2c2d8be3dcbf71e191d4926a0362d67586fc607ceb27fffad18278fe721de5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6a919fd4-ff22-438d-ba20-cfa5a8afa461",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:21.000Z",
|
|
"modified": "2018-09-23T09:23:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:38",
|
|
"category": "Other",
|
|
"uuid": "4e40495f-f951-4c9c-902d-7dbfab86d8f6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ce2c2d8be3dcbf71e191d4926a0362d67586fc607ceb27fffad18278fe721de5/analysis/1537527098/",
|
|
"category": "External analysis",
|
|
"uuid": "7b92a444-c328-4d26-884b-50e462b2cc92"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Other",
|
|
"uuid": "42a29693-f1ee-45c0-8b22-0f15beb929de"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8f3ce353-a61f-4425-a1a4-1e01f04ed4ad",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:25.000Z",
|
|
"modified": "2018-09-23T09:23:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a73d3f749e42e2b614f89c4b3ce97fe1' AND file:hashes.SHA1 = 'd8936d694837a5d399c0c83ea3cfc7946c356f1c' AND file:hashes.SHA256 = 'c6f43fd39a89aea67895598aaadebb39ad18135541cead0f67dcea7197341fd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5eff387f-c392-44d6-bee8-659b30d49041",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:24.000Z",
|
|
"modified": "2018-09-23T09:23:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T07:20:52",
|
|
"category": "Other",
|
|
"uuid": "bce0cc6b-5109-4bee-9c05-8035981d5994"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c6f43fd39a89aea67895598aaadebb39ad18135541cead0f67dcea7197341fd6/analysis/1537600852/",
|
|
"category": "External analysis",
|
|
"uuid": "f299a54a-4ae7-498e-a05f-ce2cca0ee8f3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/67",
|
|
"category": "Other",
|
|
"uuid": "f6b58b35-bb94-4340-a081-6c5d37e47c6f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c12a9ac4-cdab-4f7b-b273-de78445ab0d8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:28.000Z",
|
|
"modified": "2018-09-23T09:23:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b925250786571058dae5a7cbea71d28' AND file:hashes.SHA1 = 'e45f44ba4e791c7bdeea06d7426dab4210caa73a' AND file:hashes.SHA256 = '442fa4a30d83c78cf13a42e8f5ef8ff09709ed2c5c14952a7f22edea00e12ce2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--547d81bd-058f-4817-9acb-a062287e5b5f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:26.000Z",
|
|
"modified": "2018-09-23T09:23:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T06:20:55",
|
|
"category": "Other",
|
|
"uuid": "ba7526f2-a0a1-4d65-87c1-60b19cc8845c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/442fa4a30d83c78cf13a42e8f5ef8ff09709ed2c5c14952a7f22edea00e12ce2/analysis/1537597255/",
|
|
"category": "External analysis",
|
|
"uuid": "17f8fb14-cfcd-4a24-aa3a-027dc3643a3c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/68",
|
|
"category": "Other",
|
|
"uuid": "f76f47a7-edfe-44aa-b7d9-69a81875ee6c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--11bced4f-9039-4e82-838d-5688c1bddb37",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:30.000Z",
|
|
"modified": "2018-09-23T09:23:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7deeb1b3cce6528add4f9489ce1ec5d6' AND file:hashes.SHA1 = '70d5e2f4364457bd9ac93ba63e9b872c0b0871bd' AND file:hashes.SHA256 = '820c116a4ae66866c68e4538bdbecef902c97450b8f0356c62df937a4a18cf22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f600dcd4-6430-4be1-beeb-a60e806f90c1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:28.000Z",
|
|
"modified": "2018-09-23T09:23:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T00:57:45",
|
|
"category": "Other",
|
|
"uuid": "fe3c4a25-2850-4226-9004-c3c7ec24418c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/820c116a4ae66866c68e4538bdbecef902c97450b8f0356c62df937a4a18cf22/analysis/1537577865/",
|
|
"category": "External analysis",
|
|
"uuid": "c6dd2e99-e630-40cb-ad5f-8d0d66579cd0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/68",
|
|
"category": "Other",
|
|
"uuid": "fb31eba8-6d45-4873-99c0-a0a7dd2dd1ab"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--49f6313e-e099-4213-a317-6d85c224e83e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:32.000Z",
|
|
"modified": "2018-09-23T09:23:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f3ed0632cadd2d6beffb9d33db4188ed' AND file:hashes.SHA1 = '552080bb79e365712708eab4bef9096aa24c5ba2' AND file:hashes.SHA256 = 'f00cb6e8e88b57d23cc45f937ab96e67ad6a4c75fd61a4e4f86ead1187c53dae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--73cf0468-dea2-45f7-90d3-4c207761f92c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:30.000Z",
|
|
"modified": "2018-09-23T09:23:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T05:54:46",
|
|
"category": "Other",
|
|
"uuid": "96ad75bf-75cf-479b-b3fb-c7266b40bd0c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f00cb6e8e88b57d23cc45f937ab96e67ad6a4c75fd61a4e4f86ead1187c53dae/analysis/1537595686/",
|
|
"category": "External analysis",
|
|
"uuid": "72bf76a4-c8ea-4557-881b-16251170e0b8"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/68",
|
|
"category": "Other",
|
|
"uuid": "4d5624b7-6a15-459c-8ad0-bd4d3e81716f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--33541140-082c-4308-942a-ef0d299c56a5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:34.000Z",
|
|
"modified": "2018-09-23T09:23:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bd4b579f889bbe681b9d3ab11768ca07' AND file:hashes.SHA1 = '753a6fd11eafd17d4aa79d9f3825a256e444ba1b' AND file:hashes.SHA256 = '6f8b7a9483441f87e1aa17808432feb8db1eb7a44fcd9c1023effb27acd3e249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--408e6466-ddd8-4840-ada2-14ff5c5163b5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:33.000Z",
|
|
"modified": "2018-09-23T09:23:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:39",
|
|
"category": "Other",
|
|
"uuid": "8d964669-4cc2-4a73-811d-db08f8d1a08a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6f8b7a9483441f87e1aa17808432feb8db1eb7a44fcd9c1023effb27acd3e249/analysis/1537527039/",
|
|
"category": "External analysis",
|
|
"uuid": "8b4ae7e8-b161-454e-b5e3-3da5d4298e73"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/69",
|
|
"category": "Other",
|
|
"uuid": "dcbfb9b3-a021-4859-ba1b-cafdc1ff99b5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--40baef43-65a2-44a6-a996-68b5cb71c8a6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:37.000Z",
|
|
"modified": "2018-09-23T09:23:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2c405d608b600655196a4aa13bdb3790' AND file:hashes.SHA1 = '4fa96ef13030265a11f04c8ae486764d55d9a409' AND file:hashes.SHA256 = '96cfe4961aa1eb44c6ef1b0bf07dae771b9dba32fb8c0ff6a20f1cc6acfdcc14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8198ecf8-eb74-4d87-a6b7-16155bd5901b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:35.000Z",
|
|
"modified": "2018-09-23T09:23:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:21",
|
|
"category": "Other",
|
|
"uuid": "9d462747-6e04-4f91-9d03-66ed0a7bace9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/96cfe4961aa1eb44c6ef1b0bf07dae771b9dba32fb8c0ff6a20f1cc6acfdcc14/analysis/1537527081/",
|
|
"category": "External analysis",
|
|
"uuid": "912880e9-9f93-4d0d-82ef-d4eddd3406ac"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/68",
|
|
"category": "Other",
|
|
"uuid": "92805593-8893-4841-8951-33872c182a0d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--86d0b603-5f6d-4561-994e-23ed074fc952",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:39.000Z",
|
|
"modified": "2018-09-23T09:23:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0fb92524625fffda3425d08c94c014a1' AND file:hashes.SHA1 = '53d6219113eac8740ed379d6512dffea4b44b04b' AND file:hashes.SHA256 = '31cdc43d47e72c34837ebc25c6207f214af5130d2d6b6d918e45064ed82f8e99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--18076f4e-3c02-423f-9441-f5cba4f88f01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:40.000Z",
|
|
"modified": "2018-09-23T09:23:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T08:07:44",
|
|
"category": "Other",
|
|
"uuid": "c7f43192-c139-41e2-8d1f-351d9f803d93"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/31cdc43d47e72c34837ebc25c6207f214af5130d2d6b6d918e45064ed82f8e99/analysis/1537517264/",
|
|
"category": "External analysis",
|
|
"uuid": "4b84f5b5-612b-4859-ad7b-ef3c4459cfed"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/69",
|
|
"category": "Other",
|
|
"uuid": "c83ef59d-0368-46e7-8d03-d7416351abfe"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--60fef33c-fd9a-4bdb-a962-d3004d1de221",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:44.000Z",
|
|
"modified": "2018-09-23T09:23:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '517c81b6d05bf285d095e0fd91cb6f03' AND file:hashes.SHA1 = '8bc85a1d0fbeb8e936477e689a1c189cb02367f4' AND file:hashes.SHA256 = '5a133f744e772a3f0f9c4edad20cc8d9edbef12e1f3f7ef69c44b262bd6fa637']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--74fab901-678d-4742-b4a2-d8686e4520ae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:42.000Z",
|
|
"modified": "2018-09-23T09:23:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:02:29",
|
|
"category": "Other",
|
|
"uuid": "311b9cb0-0ac4-4b94-a93f-40f358c077cb"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5a133f744e772a3f0f9c4edad20cc8d9edbef12e1f3f7ef69c44b262bd6fa637/analysis/1537552949/",
|
|
"category": "External analysis",
|
|
"uuid": "3cf25b6d-d436-472d-a527-96a5c5e3c6d0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/69",
|
|
"category": "Other",
|
|
"uuid": "a025846a-23ed-419b-9533-7f30ced3d442"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2eceb572-6770-4ebf-84b5-f91e784adbf0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:46.000Z",
|
|
"modified": "2018-09-23T09:23:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2a96042e605146ead06b2ee4835baec3' AND file:hashes.SHA1 = 'a402cf9d79cd6918ec23b526908557e7cb38ad0f' AND file:hashes.SHA256 = '9fb0b4f9f841b8a5f9d71bbbea6c58e79fdbf7a35aff91486eaaa9eb214a52b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b3fda510-d265-4f97-8b83-6b4a848eb34e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:44.000Z",
|
|
"modified": "2018-09-23T09:23:44.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:19",
|
|
"category": "Other",
|
|
"uuid": "aae8e05b-4f43-4b6a-957b-b77f9a7dd6cd"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9fb0b4f9f841b8a5f9d71bbbea6c58e79fdbf7a35aff91486eaaa9eb214a52b2/analysis/1537527079/",
|
|
"category": "External analysis",
|
|
"uuid": "11aeac13-0021-474b-a37b-22417bd0cff7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/68",
|
|
"category": "Other",
|
|
"uuid": "4365abea-d575-4222-8bda-01b5e2517e40"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9ee93194-67a8-41fe-88a4-3092be74a68f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:48.000Z",
|
|
"modified": "2018-09-23T09:23:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '26d7f7aa3135e99581119f40986a8ac3' AND file:hashes.SHA1 = '1fc17289ac0b7bde86d565e488d66c526ee2b5fb' AND file:hashes.SHA256 = '1d713ad7ee3a43432d6188707943ee9ef07241bbc7bda376a068989d7a248143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--46e1e879-67d9-453d-8f4c-12052e0a72bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:46.000Z",
|
|
"modified": "2018-09-23T09:23:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:14:57",
|
|
"category": "Other",
|
|
"uuid": "04f75a60-f331-428f-a2b7-18e37fd3dd05"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1d713ad7ee3a43432d6188707943ee9ef07241bbc7bda376a068989d7a248143/analysis/1537553697/",
|
|
"category": "External analysis",
|
|
"uuid": "2cb22900-2efb-439c-b7c3-0fbf5fbfea53"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/69",
|
|
"category": "Other",
|
|
"uuid": "38040505-7ef5-4bde-aee2-141556d4d8de"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9062c8f4-f246-46a1-8371-000255b8c458",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:50.000Z",
|
|
"modified": "2018-09-23T09:23:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '41c7e09170037fafe95bb691df021a20' AND file:hashes.SHA1 = '7e975f194907e3038614ea0f08f7da9d0a5b21f1' AND file:hashes.SHA256 = '3dee749aeacb71e9f62b61d261619fe2e823d42565d8238a76f0ba25a3683cc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--654be604-ab9f-492f-aa60-356709e29b03",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:49.000Z",
|
|
"modified": "2018-09-23T09:23:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:16:31",
|
|
"category": "Other",
|
|
"uuid": "78a91379-6c11-40f6-8ed0-335e2ff8f1b5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3dee749aeacb71e9f62b61d261619fe2e823d42565d8238a76f0ba25a3683cc0/analysis/1537553791/",
|
|
"category": "External analysis",
|
|
"uuid": "e5010591-fb57-48ba-a389-2fd7fe0ad078"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/69",
|
|
"category": "Other",
|
|
"uuid": "416cea2b-1b73-4bd2-9fac-d93a85961a87"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a03621d4-1dee-41cd-be0b-f06db29d0474",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:53.000Z",
|
|
"modified": "2018-09-23T09:23:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dde2c03d6168089affdca3b5ec41f661' AND file:hashes.SHA1 = '5dc1ab28af6baf74bebff6c33a4d4cb59b6bb6fc' AND file:hashes.SHA256 = '8de2bf21916db6691f4e56b11e000d0c1b898188b54f39284f16f9e4159f776c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4d7091dc-cbcb-4122-9e7a-b68faa0e3671",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:51.000Z",
|
|
"modified": "2018-09-23T09:23:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:47",
|
|
"category": "Other",
|
|
"uuid": "691d29c9-ae7d-4c16-803e-d7f32a1425a2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8de2bf21916db6691f4e56b11e000d0c1b898188b54f39284f16f9e4159f776c/analysis/1537527047/",
|
|
"category": "External analysis",
|
|
"uuid": "8853bf99-a715-45b5-992b-d5d6b0404dac"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/69",
|
|
"category": "Other",
|
|
"uuid": "59af1045-4916-4a59-9970-63f6b8754473"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9b8c0002-f7e5-42d9-949a-d744ff60cfe1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:55.000Z",
|
|
"modified": "2018-09-23T09:23:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cda1961d63aaee991ff97845705e08b8' AND file:hashes.SHA1 = '207689ed6e7ca36b13475fd364f08844788d769f' AND file:hashes.SHA256 = '408bb7ce6e84fa8a368287b4f8ea07d6d710e5cd07de897dc6e33113ffef44c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:23:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6b2ca901-bd60-41d2-b81a-7cde3dded069",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:53.000Z",
|
|
"modified": "2018-09-23T09:23:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T13:23:16",
|
|
"category": "Other",
|
|
"uuid": "b256de89-23f1-43a8-a028-31100c5c186b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/408bb7ce6e84fa8a368287b4f8ea07d6d710e5cd07de897dc6e33113ffef44c9/analysis/1537622596/",
|
|
"category": "External analysis",
|
|
"uuid": "42763bb0-e74e-466e-bf57-5fbeea7c1a5c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/69",
|
|
"category": "Other",
|
|
"uuid": "e00574ca-f4db-4c87-9f08-daa4fd526985"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--216519b0-9afd-49cc-b1f2-5079ced8ffad",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:00.000Z",
|
|
"modified": "2018-09-23T09:24:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e07ca9f773bd772a41a6698c6fd6e551' AND file:hashes.SHA1 = 'bcf831adb7da755f5bd94796004956235da191ac' AND file:hashes.SHA256 = '1fa633c329f814971afdf13ceea18f13a017a6b7aacf3f8c3ce02a8da4b09903']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8edbd400-2aaa-44aa-9c12-9fa86f18d5e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:23:58.000Z",
|
|
"modified": "2018-09-23T09:23:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T16:03:39",
|
|
"category": "Other",
|
|
"uuid": "5ba3be12-a6b8-4f75-9342-b8c55a0a277a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1fa633c329f814971afdf13ceea18f13a017a6b7aacf3f8c3ce02a8da4b09903/analysis/1537632219/",
|
|
"category": "External analysis",
|
|
"uuid": "01825ddc-761e-49cf-849a-804b37033285"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/67",
|
|
"category": "Other",
|
|
"uuid": "40ff8b70-4827-48d1-8d16-85ac8e5868f2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--893909c7-2fe3-4d5d-970c-c7c98307aad8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:02.000Z",
|
|
"modified": "2018-09-23T09:24:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0e80fca91103fe46766dcb0763c6f6af' AND file:hashes.SHA1 = 'cef1805dd588debbc513771540c8613c631a57ef' AND file:hashes.SHA256 = 'c3109787f761b043dbbaeb5b5db1ab949d74149eb751c99936f8cc7c43947ea0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--de329633-daf0-4348-b3a6-eed567af4abc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:00.000Z",
|
|
"modified": "2018-09-23T09:24:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:10",
|
|
"category": "Other",
|
|
"uuid": "17cdcef3-8561-4829-afd2-da32a324a47c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c3109787f761b043dbbaeb5b5db1ab949d74149eb751c99936f8cc7c43947ea0/analysis/1537527070/",
|
|
"category": "External analysis",
|
|
"uuid": "f4fd084a-4db2-4bc9-aa4d-0d14b5e1f512"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/69",
|
|
"category": "Other",
|
|
"uuid": "005854c9-dfb3-488d-99ab-afd2a59acd36"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--200176a6-d502-4898-950c-b5f1ac32f33c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:04.000Z",
|
|
"modified": "2018-09-23T09:24:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '81e1332d15b29e8a19d0e97459d0a1de' AND file:hashes.SHA1 = '0f11eca9d2b8d9e8f5d3cd2865ca2751ae8743d7' AND file:hashes.SHA256 = '6465d869d3eecaed3f9093afaba14c78b46de0ed6783a6277f1e81b75e7862c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dd666867-c1e8-4f2d-9ada-d47a2b83614c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:04.000Z",
|
|
"modified": "2018-09-23T09:24:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:40",
|
|
"category": "Other",
|
|
"uuid": "1d7d47f4-ec42-4c47-a98e-d4243e8356a5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6465d869d3eecaed3f9093afaba14c78b46de0ed6783a6277f1e81b75e7862c0/analysis/1537527100/",
|
|
"category": "External analysis",
|
|
"uuid": "a95d28db-33d1-4179-909c-144115d0fbd1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/68",
|
|
"category": "Other",
|
|
"uuid": "735a7655-3838-4409-b979-995cd47bf900"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d4363749-0e9f-48ab-937e-e7eece93189c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:08.000Z",
|
|
"modified": "2018-09-23T09:24:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a37ce66d3003ebf04d249ab049acb22' AND file:hashes.SHA1 = '0f17f7607993ab7c7091aba196b9f79061203841' AND file:hashes.SHA256 = '69025136e1845fffd9f2f35b087aa5a9423791abf3c259516332c141048d7231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5403d646-770d-4cb5-a224-bd7d33f29a39",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:06.000Z",
|
|
"modified": "2018-09-23T09:24:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T05:59:46",
|
|
"category": "Other",
|
|
"uuid": "b21a4376-2532-47a7-905b-00d0c8dea519"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/69025136e1845fffd9f2f35b087aa5a9423791abf3c259516332c141048d7231/analysis/1537595986/",
|
|
"category": "External analysis",
|
|
"uuid": "41f43c56-2a3b-4068-9ddb-6818128423ca"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/68",
|
|
"category": "Other",
|
|
"uuid": "01cc3396-18f9-4194-8849-944b95875039"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54431c61-b7fa-4db5-9ddd-fa46b90871e5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:10.000Z",
|
|
"modified": "2018-09-23T09:24:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1aca8cd40d9b84cab225d333b09f9ba5' AND file:hashes.SHA1 = '349e3085536de1ab124149e94efc4c4008545286' AND file:hashes.SHA256 = '431f1baea52dfc8a2a23493bb55889261908bbd8f1eefe2fdf8ac569937f9f8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1972ab26-0e0f-472b-b3a4-05f32c6a32dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:09.000Z",
|
|
"modified": "2018-09-23T09:24:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T06:51:53",
|
|
"category": "Other",
|
|
"uuid": "57ce629e-64d5-42de-b69d-11016ff1a91f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/431f1baea52dfc8a2a23493bb55889261908bbd8f1eefe2fdf8ac569937f9f8c/analysis/1537599113/",
|
|
"category": "External analysis",
|
|
"uuid": "2986d076-2350-41d7-bcbb-2a93dc02304f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/69",
|
|
"category": "Other",
|
|
"uuid": "7102094b-3f06-48a7-b2f6-7ec8ea325a42"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d3b9b550-70bc-4b05-b507-a7911c258e24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:12.000Z",
|
|
"modified": "2018-09-23T09:24:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ec7e11cfca01af40f4d96cbbacb41fed' AND file:hashes.SHA1 = '462bf1962f02c8c357c0940364cd70997dc7776e' AND file:hashes.SHA256 = 'd7e85833739dc6ed8a3f54033d61cd30c4220ecdc2eb4d8f091b0367bf64f59c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--57bc1a5a-7459-4e99-9885-3bc537d052ff",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:11.000Z",
|
|
"modified": "2018-09-23T09:24:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-20T15:02:09",
|
|
"category": "Other",
|
|
"uuid": "20114871-1d39-42dc-aedd-85b6f54d6244"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d7e85833739dc6ed8a3f54033d61cd30c4220ecdc2eb4d8f091b0367bf64f59c/analysis/1537455729/",
|
|
"category": "External analysis",
|
|
"uuid": "43e0fb84-6f36-4a31-a1cf-03655255013b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/68",
|
|
"category": "Other",
|
|
"uuid": "9974c89d-b28f-4d29-a0c1-9cd3c54b43e2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--08294d45-b4a1-4194-b9b4-bb765dbd463f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:15.000Z",
|
|
"modified": "2018-09-23T09:24:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fccb13c00df25d074a78f1eeeb04a0e7' AND file:hashes.SHA1 = 'f72279b94387f073976cb7061741d849ba2a263f' AND file:hashes.SHA256 = 'f704bd6f49ae93b350f0d90fdd761ab4c7574f2c4d290bd2c1282e23fe88f58e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--99192dc5-3c81-482b-9e07-2e6f5eae5b33",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:16.000Z",
|
|
"modified": "2018-09-23T09:24:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T06:23:35",
|
|
"category": "Other",
|
|
"uuid": "d4b119b4-581b-4439-b5c0-ae911413e771"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f704bd6f49ae93b350f0d90fdd761ab4c7574f2c4d290bd2c1282e23fe88f58e/analysis/1537597415/",
|
|
"category": "External analysis",
|
|
"uuid": "a69ece83-d944-47ee-b8a0-24746a1aa5e1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/67",
|
|
"category": "Other",
|
|
"uuid": "e8bf04d2-f79c-479a-a764-80ff37dba0e0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2f36441d-4dcc-49e2-82d7-c7f4ffc4d3f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:20.000Z",
|
|
"modified": "2018-09-23T09:24:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2b5ddabf1c6fd8670137cade8b60a034' AND file:hashes.SHA1 = '738278d8a376ad572aa5583516c0909c0089b7ec' AND file:hashes.SHA256 = '91bf714310d5e9a42122b41049072965043e1701c9aca3578e16876a886a68f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1666fac9-c4b0-469d-adab-f8e2dc1ca905",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:18.000Z",
|
|
"modified": "2018-09-23T09:24:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T12:14:36",
|
|
"category": "Other",
|
|
"uuid": "ab3f3848-5e7c-4476-b014-fe47608df2cf"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/91bf714310d5e9a42122b41049072965043e1701c9aca3578e16876a886a68f7/analysis/1537532076/",
|
|
"category": "External analysis",
|
|
"uuid": "5ed76317-4957-404b-ae58-f8e2fb822c82"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/68",
|
|
"category": "Other",
|
|
"uuid": "b2b89d80-1ba8-4f0c-aed2-c48e348bdf69"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5606b9ce-f33e-4d9a-85ac-70a6bd0e845f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:22.000Z",
|
|
"modified": "2018-09-23T09:24:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7c498b7ad4c12c38b1f4eb12044a9def' AND file:hashes.SHA1 = '763f147337c71aa9f08a30b3626d40f870727195' AND file:hashes.SHA256 = '994191fb7d00a7158931a34c26726574462253ff2b2453ce48591ab76f59444d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--595c71e0-4fc9-43ca-9468-981dba632990",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:21.000Z",
|
|
"modified": "2018-09-23T09:24:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:14:47",
|
|
"category": "Other",
|
|
"uuid": "818ae21d-f82f-465b-8aa2-4613e89924e7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/994191fb7d00a7158931a34c26726574462253ff2b2453ce48591ab76f59444d/analysis/1537553687/",
|
|
"category": "External analysis",
|
|
"uuid": "54811721-96a2-4501-8d97-dea510bb1a0d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/69",
|
|
"category": "Other",
|
|
"uuid": "d79190da-e590-4a59-8599-d63178992879"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4d772880-84d3-4f35-a5f2-51e10ba2eb64",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:25.000Z",
|
|
"modified": "2018-09-23T09:24:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8abb22771fd3ca34d6def30ba5c5081c' AND file:hashes.SHA1 = '271d9ab0cc11dd45e8a85c8a986d70677e95f97f' AND file:hashes.SHA256 = 'ee57f9e1319afcf4b37ca46ccf777cc97da94044059d794708817310d0a6bb9e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--79093120-8a60-4b1d-8695-3071390f3c2a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:23.000Z",
|
|
"modified": "2018-09-23T09:24:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:42",
|
|
"category": "Other",
|
|
"uuid": "d89df763-5687-457c-92f2-767e3455bada"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ee57f9e1319afcf4b37ca46ccf777cc97da94044059d794708817310d0a6bb9e/analysis/1537527102/",
|
|
"category": "External analysis",
|
|
"uuid": "fbbefdf2-9b7c-445a-a49b-375db769c7a1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/67",
|
|
"category": "Other",
|
|
"uuid": "2ea8663f-b278-4024-bda4-bcb4eecbec7e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e328e0a4-924e-4b83-8c1a-ebf29203972b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:27.000Z",
|
|
"modified": "2018-09-23T09:24:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '03d762794a6fe96458d8228bb7561629' AND file:hashes.SHA1 = '40c74e8748241099ed88c0b5e5a59591451c5f62' AND file:hashes.SHA256 = '95881013ec51a1a156ee32b5bdc43b108dc7494fb03472020c05ec1025bebe28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f68d805d-2ca3-42e5-abd6-b1f811644985",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:25.000Z",
|
|
"modified": "2018-09-23T09:24:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:07",
|
|
"category": "Other",
|
|
"uuid": "f9a79c4d-f477-4dbe-b6dd-70e603030897"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/95881013ec51a1a156ee32b5bdc43b108dc7494fb03472020c05ec1025bebe28/analysis/1537527067/",
|
|
"category": "External analysis",
|
|
"uuid": "d077e984-f5a3-4264-bc15-8afc1ab14de9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/69",
|
|
"category": "Other",
|
|
"uuid": "4014253e-6237-45ec-86d2-4d1b348fbdad"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aaa932f1-27fc-4b69-99e4-e9527513add2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:29.000Z",
|
|
"modified": "2018-09-23T09:24:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '250c9ec3e77d1c6d999ce782c69fc21b' AND file:hashes.SHA1 = 'b160ca664a5d3ba289a23cc4d3c66e9675975e43' AND file:hashes.SHA256 = 'd5f6dc5af6665db971f1e5089bbca7bf6248e6639def261f56acfaba0da1861a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--36342d4f-ebe7-4272-bd15-6abd88981366",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:28.000Z",
|
|
"modified": "2018-09-23T09:24:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:14:39",
|
|
"category": "Other",
|
|
"uuid": "d389151b-4a2b-44b4-b63e-3e8e6232a882"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d5f6dc5af6665db971f1e5089bbca7bf6248e6639def261f56acfaba0da1861a/analysis/1537553679/",
|
|
"category": "External analysis",
|
|
"uuid": "d7223e27-fcc5-4d18-985f-b606d65ae736"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/69",
|
|
"category": "Other",
|
|
"uuid": "07ef57cc-3095-4913-b26c-28c115e93324"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e3c08415-3761-493f-ab5f-46a60c2b5830",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:32.000Z",
|
|
"modified": "2018-09-23T09:24:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ae004a5d4f1829594d830956c55d6ae4' AND file:hashes.SHA1 = 'a9baf3cf77485c0dfe3fc09188092aabb5f55bda' AND file:hashes.SHA256 = '0985e033c75049f93a6f07c9b2dc1e399ac9e6102d6058830776205c3ff32393']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d1dd2986-4d7c-45d2-b177-2a5ef49a1f1f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:30.000Z",
|
|
"modified": "2018-09-23T09:24:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:33",
|
|
"category": "Other",
|
|
"uuid": "40bb842a-f4ab-44ce-9b5e-5a1e3bf38017"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0985e033c75049f93a6f07c9b2dc1e399ac9e6102d6058830776205c3ff32393/analysis/1537527033/",
|
|
"category": "External analysis",
|
|
"uuid": "bd662f96-080f-4e76-983d-f1381d11e10a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/69",
|
|
"category": "Other",
|
|
"uuid": "bec06257-8c73-46ac-a1a7-90c0e097d730"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--df0dc30f-3ab6-4bdb-97fd-61b70e505147",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:34.000Z",
|
|
"modified": "2018-09-23T09:24:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5ee2958b130f9cda8f5f3fc1dc5249cf' AND file:hashes.SHA1 = '2786f2723c295212df70e08b07b5aafb584ba128' AND file:hashes.SHA256 = '2a909e555249dc15fc8cb178da2526212c784cefde7f4fbc22eee089e11d060e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8532e44e-c664-4319-b177-4062d5e40a07",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:32.000Z",
|
|
"modified": "2018-09-23T09:24:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T06:16:07",
|
|
"category": "Other",
|
|
"uuid": "79d41dfc-041d-4155-8b81-e292cd1b9b33"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2a909e555249dc15fc8cb178da2526212c784cefde7f4fbc22eee089e11d060e/analysis/1537596967/",
|
|
"category": "External analysis",
|
|
"uuid": "dc1d5b68-7e91-4ae1-924f-fea103db1a80"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/68",
|
|
"category": "Other",
|
|
"uuid": "e9998100-adac-4900-b3eb-7542ef8ae2e9"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--93fae3f6-e720-457e-a48d-2d3251e9047f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:36.000Z",
|
|
"modified": "2018-09-23T09:24:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '36c23c569205d6586984a2f6f8c3a39e' AND file:hashes.SHA1 = '5e1e23239c8fbd89bf874ba64e696db4bb9fa44f' AND file:hashes.SHA256 = 'c84a6b692b472d78e0142d115cb09d15dfe4f2547686bb26c3b16c0f945ee0ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e6d14f75-48c0-421b-b621-16e2d93917c0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:34.000Z",
|
|
"modified": "2018-09-23T09:24:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:24",
|
|
"category": "Other",
|
|
"uuid": "c5809754-34ae-4fc9-8bac-91da2836a740"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c84a6b692b472d78e0142d115cb09d15dfe4f2547686bb26c3b16c0f945ee0ae/analysis/1537527084/",
|
|
"category": "External analysis",
|
|
"uuid": "97936639-3524-4b6c-99cb-cf2f62a93a40"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/69",
|
|
"category": "Other",
|
|
"uuid": "7d7fca0d-26ed-4945-9d9f-52816139112f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f721368d-152a-4a10-9f40-c1c015a8385a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:38.000Z",
|
|
"modified": "2018-09-23T09:24:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b301cd0e42803b0373438e9d4ca01421' AND file:hashes.SHA1 = '8ac255415efb6768a2136ff25aed6d32980a12c7' AND file:hashes.SHA256 = 'ee64447d7d51a0d474a6a363580c7e2f2b84143df30e5ade6152e9f6db1f4b16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--145158fa-6c29-415b-b0c9-b91bab07747f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:40.000Z",
|
|
"modified": "2018-09-23T09:24:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:37",
|
|
"category": "Other",
|
|
"uuid": "ceefe017-631d-40b5-b139-953c3deebb1a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ee64447d7d51a0d474a6a363580c7e2f2b84143df30e5ade6152e9f6db1f4b16/analysis/1537527037/",
|
|
"category": "External analysis",
|
|
"uuid": "cd20ce2d-d4a5-4389-86c3-3b0d36ee27bb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/69",
|
|
"category": "Other",
|
|
"uuid": "08493676-604e-4fa9-93cc-e358826c08a8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--096d4d0d-d240-47e6-8f38-f27e8bbc8b42",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:44.000Z",
|
|
"modified": "2018-09-23T09:24:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f0c29f89ffdb0f3f03e663ef415b9e4e' AND file:hashes.SHA1 = '0ea9c43d6c99f7c11a4408fa9683421a42c6a2db' AND file:hashes.SHA256 = 'ebd1d8c2a5cdd803e4b59606feb9bc79f107983f9891855ac8c1e101f13f466f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9dc55be7-4b0b-4242-8d39-af30c40210ff",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:42.000Z",
|
|
"modified": "2018-09-23T09:24:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:49",
|
|
"category": "Other",
|
|
"uuid": "914fc52e-a7a9-4aef-8173-2fb01d37864e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ebd1d8c2a5cdd803e4b59606feb9bc79f107983f9891855ac8c1e101f13f466f/analysis/1537527049/",
|
|
"category": "External analysis",
|
|
"uuid": "1e785c4a-36f2-4c39-9456-64c230c96d18"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/67",
|
|
"category": "Other",
|
|
"uuid": "a048c253-d3e9-457c-8a41-9311d77fd490"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3712a790-eff0-4ee4-beb1-a56f89ce034a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:46.000Z",
|
|
"modified": "2018-09-23T09:24:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'adc3a4dfbdfe7640153ed0ea1c3cf125' AND file:hashes.SHA1 = '6df96e6a5c25eede231b919892d01533f9507de8' AND file:hashes.SHA256 = '772a6005bd2a13ccd2f1e90ac4835c2a90718a9b7f331b9e822886ba6aefd6df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5e74a189-6e48-4dd9-853c-250b3832f28d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:44.000Z",
|
|
"modified": "2018-09-23T09:24:44.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T08:09:08",
|
|
"category": "Other",
|
|
"uuid": "153f23a6-5806-48f7-a58d-61ec5ec29106"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/772a6005bd2a13ccd2f1e90ac4835c2a90718a9b7f331b9e822886ba6aefd6df/analysis/1537603748/",
|
|
"category": "External analysis",
|
|
"uuid": "8935fcb0-c586-4bea-b5b8-d8aa04cab820"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Other",
|
|
"uuid": "bb89cf15-5539-4b7a-9bb5-bb2ea040e3f6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7410dfb2-70ca-4ad5-b3ee-08638d9953aa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:48.000Z",
|
|
"modified": "2018-09-23T09:24:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f9a24b063018613f7f290cc057b8c40' AND file:hashes.SHA1 = '6e4cb7bc37185459006dd43c7c4ae9332df8466c' AND file:hashes.SHA256 = '2c2198a5e6070c1eefe7e8b0b7dfd2ca88410189c23c1bb55c7c37f092c2352d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--40b9a0ba-ec89-4ba3-ab9b-f0748c4e2a98",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:46.000Z",
|
|
"modified": "2018-09-23T09:24:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T18:15:35",
|
|
"category": "Other",
|
|
"uuid": "ce0e0300-168e-4d43-aa27-0f6a8fe33cc9"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2c2198a5e6070c1eefe7e8b0b7dfd2ca88410189c23c1bb55c7c37f092c2352d/analysis/1537553735/",
|
|
"category": "External analysis",
|
|
"uuid": "39d7640e-d615-44ab-8472-0ce45c5b26b6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/69",
|
|
"category": "Other",
|
|
"uuid": "fd190951-615f-4d88-9995-ce86d08d6ee4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a4670dd5-f9d8-4d19-bb2a-dff62216e44a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:51.000Z",
|
|
"modified": "2018-09-23T09:24:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '611cefaee48c5f096fb644073247621c' AND file:hashes.SHA1 = '3ea9e4a1a80d669b2279b563fccf4975f6e8a926' AND file:hashes.SHA256 = '93b821ba549a0817a9b4d1a5ee71ae94303dc12c3cae5f69109ec53ec467a149']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0739d18a-e6e0-4bed-a3a9-fee46f321ab5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:49.000Z",
|
|
"modified": "2018-09-23T09:24:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:51:32",
|
|
"category": "Other",
|
|
"uuid": "002a2269-8e22-4179-a104-00a215b425ac"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/93b821ba549a0817a9b4d1a5ee71ae94303dc12c3cae5f69109ec53ec467a149/analysis/1537527092/",
|
|
"category": "External analysis",
|
|
"uuid": "96de1a2c-ed2c-4f18-b203-c21e94ecda70"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/68",
|
|
"category": "Other",
|
|
"uuid": "f832003d-bdf5-47e2-9393-ac13403831b8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--302ff607-05ac-448a-9eca-9d105b53c7bc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:53.000Z",
|
|
"modified": "2018-09-23T09:24:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07561810d818905851ce6ab2c1152871' AND file:hashes.SHA1 = '900804af148968f3bb18f94bc005b6bd6e7b0010' AND file:hashes.SHA256 = 'bcdf41a52496b9bb01b88b74bedba23b043380950109ec609c0c0a39ef708497']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--466bd179-9a77-4b81-9711-4a8cc4618965",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:51.000Z",
|
|
"modified": "2018-09-23T09:24:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T05:51:37",
|
|
"category": "Other",
|
|
"uuid": "f54c8fb8-3116-4fe7-8a93-572ceae6130a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bcdf41a52496b9bb01b88b74bedba23b043380950109ec609c0c0a39ef708497/analysis/1537595497/",
|
|
"category": "External analysis",
|
|
"uuid": "a75d89a4-f6c5-4c24-a197-04512cc83706"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/67",
|
|
"category": "Other",
|
|
"uuid": "6b3d9083-f8cd-4bba-afb1-674b8cca381a"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--79cf1dc1-d9e9-4767-88b0-771dc3f40f51",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:55.000Z",
|
|
"modified": "2018-09-23T09:24:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c8755d732be4dc13eecd8e4c49cfab94' AND file:hashes.SHA1 = '9578fc14ece54551022a72430f5ac0d0cc60b191' AND file:hashes.SHA256 = '86e4f1d0e875d6571509477dfc73f2926b67aa0b47909bd9cdd778b4d3491404']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:24:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2e50616f-6b22-4dc4-b68c-202538996bbe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:53.000Z",
|
|
"modified": "2018-09-23T09:24:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T10:50:41",
|
|
"category": "Other",
|
|
"uuid": "ec46618a-9986-49df-b286-05a397ec7379"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/86e4f1d0e875d6571509477dfc73f2926b67aa0b47909bd9cdd778b4d3491404/analysis/1537527041/",
|
|
"category": "External analysis",
|
|
"uuid": "e50200ff-fced-43cc-8954-022f3f5d6a59"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"uuid": "802b2b84-d12e-490b-bb60-b35c8bace9a7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7fb46cf4-5efc-4ca7-af99-e953213bb25a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:25:01.000Z",
|
|
"modified": "2018-09-23T09:25:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '31c81459c10d3f001d2ccef830239c16' AND file:hashes.SHA1 = 'ad1bf1e9fb6fbf68a7961b1062c522f801772db2' AND file:hashes.SHA256 = '330ff6ce812231aa91fd25e00ba5e9bf4b371484643258ea44474651c6044904']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:25:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1ccd1d7c-30d0-4939-b17d-986dd346f9c3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:24:59.000Z",
|
|
"modified": "2018-09-23T09:24:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-21T07:16:08",
|
|
"category": "Other",
|
|
"uuid": "6b1f8f6e-4913-4952-a4cc-c80cc34cbe93"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/330ff6ce812231aa91fd25e00ba5e9bf4b371484643258ea44474651c6044904/analysis/1537514168/",
|
|
"category": "External analysis",
|
|
"uuid": "bc779d7d-dab0-4eec-8788-6d6741b1e77c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/64",
|
|
"category": "Other",
|
|
"uuid": "e82e2ce7-bd48-4403-aaf2-c6b445c3630b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bdc39116-dd56-4658-86fa-724720005ee2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aa57085e5544d923f576e9f86adf9dc0' AND file:hashes.SHA1 = '7ffd8d6e12fb0e76b6364a648ab4acac39bc4dd9' AND file:hashes.SHA256 = 'd1a39587b2ca36f4b82c1a498d5ed4b1cac4da0961badf5c133f322cfe386231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-23T09:25:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d339236f-6ff9-4a44-9d14-63fb3017a91a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-23T09:25:01.000Z",
|
|
"modified": "2018-09-23T09:25:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-22T07:57:06",
|
|
"category": "Other",
|
|
"uuid": "7492a876-caaa-4569-9ee8-d9661a2729b7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d1a39587b2ca36f4b82c1a498d5ed4b1cac4da0961badf5c133f322cfe386231/analysis/1537603026/",
|
|
"category": "External analysis",
|
|
"uuid": "3ff093fd-00e6-4fc1-b946-46b18606eab3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/69",
|
|
"category": "Other",
|
|
"uuid": "68c7ae6f-7766-4a08-a07a-5b7cb499a68c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2f7dd272-fec8-4e38-b87f-49ab61cc702b",
|
|
"created": "2018-09-23T09:25:02.000Z",
|
|
"modified": "2018-09-23T09:25:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0cc22f92-12a5-441c-8abe-c99bdb9963e6",
|
|
"target_ref": "x-misp-object--da0d86fe-cc52-4aa1-ac49-81aa420ba0ce"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7a18fbe3-b143-446b-8456-7b0bc5e36bc2",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--459914b4-6906-4498-bc5c-f8f6120bc810",
|
|
"target_ref": "x-misp-object--8623016d-644d-467c-8602-ff74ee05f7f8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--51459e6b-ecd6-4b28-bc98-629eeb0a40a5",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6eff1270-08db-4992-b573-f41d1aa05b2b",
|
|
"target_ref": "x-misp-object--13a3b942-0812-4f2a-a58e-f14b92b6e260"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3f1ea94f-bcf3-4097-87bc-d361615e4920",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d9155481-509c-4342-83e1-fdb989fece74",
|
|
"target_ref": "x-misp-object--2cbdceb9-9582-4d00-9603-95e109d2a651"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cbbeae70-f040-43e0-b955-60aba3839feb",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2f0b0487-3ff0-459a-a2d4-737449836d42",
|
|
"target_ref": "x-misp-object--784abc9d-1366-45a8-8d4a-5932ba6e86be"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--dd967d29-e2ba-4cc2-9aef-6d5fa18c839f",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d82f7273-8250-4f95-a746-79384c4fb401",
|
|
"target_ref": "x-misp-object--a7240cf5-787b-4e31-8bac-1bae79aff797"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--dc0816e9-e797-484e-b84f-68258643087f",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a658fb8e-6a95-4a1f-bd72-bd6cc86b8d49",
|
|
"target_ref": "x-misp-object--dd4cf0fe-bf88-4ba7-bfd6-660d9b012a47"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--22887f77-5784-48cf-8cb8-f61aa0e9a08f",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a9f0d30e-220b-4af6-bdc7-8fc67068f85b",
|
|
"target_ref": "x-misp-object--5e031e69-d3b3-419f-a7ca-f7db193fb446"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9dbace35-d642-4fbc-88d1-f54ab9223b8c",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c2eda666-d5fd-4299-abcf-511caa91b288",
|
|
"target_ref": "x-misp-object--1319a600-571b-4028-aef4-eebb0e290869"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--18fafddb-e9a5-4ca2-8e14-ca5b18baa21a",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2c797c1a-3ac9-436a-a91e-943dc5b54a90",
|
|
"target_ref": "x-misp-object--92fd93d5-e716-4a3a-aa37-cdbc161734bb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5eaf89ed-b320-4c44-bcdd-be381e76b3a4",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--72de1a87-86d9-447b-b11a-ee8083950255",
|
|
"target_ref": "x-misp-object--b3912e6d-dc4c-4620-8781-0b1139f165fb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9ea31943-807e-463b-9a99-985492e7d02b",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bff4dc5f-b475-4eab-b39e-6d76c399bdf1",
|
|
"target_ref": "x-misp-object--af91b79c-b917-4d0b-8589-13ae63b09b55"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--950df4dd-096b-45e4-96b2-2e4f6a753a02",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f735def4-50ac-47f3-b313-ae445d03de3d",
|
|
"target_ref": "x-misp-object--6a289522-91a7-4609-80d6-c4c109234f0a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--15beb13b-fef9-4c12-833b-d33764602d73",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--99f47a6f-c1c1-42d0-ba22-f020fc3c9f40",
|
|
"target_ref": "x-misp-object--1bf928af-721d-45a6-84f7-4be5aaa714c7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3df50b99-52cf-4c2f-839a-6fd0f499e6d1",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1c11c495-f526-4948-9088-020b5e6e2d38",
|
|
"target_ref": "x-misp-object--e2aebd7e-dc8e-417b-9cc2-6a50637071f6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b56025cc-c081-4cc2-ba82-85a0f5d80295",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ba0d3c10-f57e-4570-8e5a-55f03a491d87",
|
|
"target_ref": "x-misp-object--4dc2689b-d495-49a3-aee0-4b2e47f3f359"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e271c385-621b-48c7-a793-ac372f07c722",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f21277e4-9713-45b6-b667-9babb4dcbd54",
|
|
"target_ref": "x-misp-object--841e0c38-753d-4fce-a040-b602c82983bd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d278f9f6-1f3d-4e23-9f41-2732c05c93a2",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--63ff17d8-275b-4310-95d2-dc943fffa9f1",
|
|
"target_ref": "x-misp-object--526826c7-3e74-4e58-9b6b-22a80d3a9ba2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--eaaae797-fa98-4658-9d55-d558bfcec7fc",
|
|
"created": "2018-09-23T09:25:03.000Z",
|
|
"modified": "2018-09-23T09:25:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--12bd1d1c-2a46-4e79-98d5-eae0dbe24a99",
|
|
"target_ref": "x-misp-object--4768255e-5d81-42c8-88e6-3898a9ba5e48"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--70b93717-78d0-48a9-a554-e060c23986f8",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2a2da217-2a5a-49eb-a6b7-5d3fcd1ea2f7",
|
|
"target_ref": "x-misp-object--ed58894e-580c-40a0-897c-80b7b475b9b8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--391ed067-cac4-4905-984f-4a9355089bd9",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--401d0cd8-f794-4bfc-9e5c-61431a13da43",
|
|
"target_ref": "x-misp-object--6a919fd4-ff22-438d-ba20-cfa5a8afa461"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b7cb8004-e992-418b-b88e-f6864928ebb8",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8f3ce353-a61f-4425-a1a4-1e01f04ed4ad",
|
|
"target_ref": "x-misp-object--5eff387f-c392-44d6-bee8-659b30d49041"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a86f8608-d860-4066-9406-1e8cdc55d21d",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c12a9ac4-cdab-4f7b-b273-de78445ab0d8",
|
|
"target_ref": "x-misp-object--547d81bd-058f-4817-9acb-a062287e5b5f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--957f5498-22e6-40c8-bc5d-63a89aae6f37",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--11bced4f-9039-4e82-838d-5688c1bddb37",
|
|
"target_ref": "x-misp-object--f600dcd4-6430-4be1-beeb-a60e806f90c1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--936bb6ad-ad65-4538-a8d4-7595cbc0f6b7",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--49f6313e-e099-4213-a317-6d85c224e83e",
|
|
"target_ref": "x-misp-object--73cf0468-dea2-45f7-90d3-4c207761f92c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--107be009-5a01-4257-ba4c-2968941f983a",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--33541140-082c-4308-942a-ef0d299c56a5",
|
|
"target_ref": "x-misp-object--408e6466-ddd8-4840-ada2-14ff5c5163b5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--97d664e5-17e0-4bb6-a309-19c5105998bd",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--40baef43-65a2-44a6-a996-68b5cb71c8a6",
|
|
"target_ref": "x-misp-object--8198ecf8-eb74-4d87-a6b7-16155bd5901b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cddeeba0-e89b-4f60-a433-0f9feb621079",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--86d0b603-5f6d-4561-994e-23ed074fc952",
|
|
"target_ref": "x-misp-object--18076f4e-3c02-423f-9441-f5cba4f88f01"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--99843004-151d-4362-a089-5c50f205db57",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--60fef33c-fd9a-4bdb-a962-d3004d1de221",
|
|
"target_ref": "x-misp-object--74fab901-678d-4742-b4a2-d8686e4520ae"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e950110a-248b-49ca-bf7e-074317b052ff",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2eceb572-6770-4ebf-84b5-f91e784adbf0",
|
|
"target_ref": "x-misp-object--b3fda510-d265-4f97-8b83-6b4a848eb34e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--98daa3e5-e6f9-431d-af49-bb794f23a26c",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9ee93194-67a8-41fe-88a4-3092be74a68f",
|
|
"target_ref": "x-misp-object--46e1e879-67d9-453d-8f4c-12052e0a72bd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--095f302f-93df-4f85-a104-4845d86c8a53",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9062c8f4-f246-46a1-8371-000255b8c458",
|
|
"target_ref": "x-misp-object--654be604-ab9f-492f-aa60-356709e29b03"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0329d934-c390-4039-9503-cd9d5fa1e17b",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a03621d4-1dee-41cd-be0b-f06db29d0474",
|
|
"target_ref": "x-misp-object--4d7091dc-cbcb-4122-9e7a-b68faa0e3671"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d6138d8c-3fa1-4798-867f-e4071607a7f8",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9b8c0002-f7e5-42d9-949a-d744ff60cfe1",
|
|
"target_ref": "x-misp-object--6b2ca901-bd60-41d2-b81a-7cde3dded069"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e9c1654a-e3f7-4148-a424-6e04e48ca781",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--216519b0-9afd-49cc-b1f2-5079ced8ffad",
|
|
"target_ref": "x-misp-object--8edbd400-2aaa-44aa-9c12-9fa86f18d5e9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c3946a36-d62c-4458-98c0-19a884636d2a",
|
|
"created": "2018-09-23T09:25:04.000Z",
|
|
"modified": "2018-09-23T09:25:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--893909c7-2fe3-4d5d-970c-c7c98307aad8",
|
|
"target_ref": "x-misp-object--de329633-daf0-4348-b3a6-eed567af4abc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a0c8faf4-403d-4e6c-8ab1-e99b29280a96",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--200176a6-d502-4898-950c-b5f1ac32f33c",
|
|
"target_ref": "x-misp-object--dd666867-c1e8-4f2d-9ada-d47a2b83614c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4f0cd933-6043-47f2-8ef4-35cbbb9ae8db",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d4363749-0e9f-48ab-937e-e7eece93189c",
|
|
"target_ref": "x-misp-object--5403d646-770d-4cb5-a224-bd7d33f29a39"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0fcbcbb6-4141-49a5-844e-471b67710d77",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--54431c61-b7fa-4db5-9ddd-fa46b90871e5",
|
|
"target_ref": "x-misp-object--1972ab26-0e0f-472b-b3a4-05f32c6a32dd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e2772bdd-a959-45a0-8861-f5d0d4c16c6c",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d3b9b550-70bc-4b05-b507-a7911c258e24",
|
|
"target_ref": "x-misp-object--57bc1a5a-7459-4e99-9885-3bc537d052ff"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--952ecf7f-60a4-4f59-8a47-7f40eff84847",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--08294d45-b4a1-4194-b9b4-bb765dbd463f",
|
|
"target_ref": "x-misp-object--99192dc5-3c81-482b-9e07-2e6f5eae5b33"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--550b0edf-9de0-4820-9004-2aff046ec52d",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2f36441d-4dcc-49e2-82d7-c7f4ffc4d3f5",
|
|
"target_ref": "x-misp-object--1666fac9-c4b0-469d-adab-f8e2dc1ca905"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--49989cc8-aebc-4b43-8647-72969fee0f2c",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5606b9ce-f33e-4d9a-85ac-70a6bd0e845f",
|
|
"target_ref": "x-misp-object--595c71e0-4fc9-43ca-9468-981dba632990"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--52e12978-5b80-4e17-9560-4bcadfccfddb",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4d772880-84d3-4f35-a5f2-51e10ba2eb64",
|
|
"target_ref": "x-misp-object--79093120-8a60-4b1d-8695-3071390f3c2a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cac59a01-e01f-49d1-bf50-66c570298c0b",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e328e0a4-924e-4b83-8c1a-ebf29203972b",
|
|
"target_ref": "x-misp-object--f68d805d-2ca3-42e5-abd6-b1f811644985"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c43fbf4b-0d76-4799-b3fd-33ca125a2645",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--aaa932f1-27fc-4b69-99e4-e9527513add2",
|
|
"target_ref": "x-misp-object--36342d4f-ebe7-4272-bd15-6abd88981366"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--325de365-33f0-438f-b38d-dd3ebc893f73",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e3c08415-3761-493f-ab5f-46a60c2b5830",
|
|
"target_ref": "x-misp-object--d1dd2986-4d7c-45d2-b177-2a5ef49a1f1f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--18721874-1041-48bf-a9ba-e1995f18297c",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--df0dc30f-3ab6-4bdb-97fd-61b70e505147",
|
|
"target_ref": "x-misp-object--8532e44e-c664-4319-b177-4062d5e40a07"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6de86617-6fa8-4df1-a675-54f356191e74",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--93fae3f6-e720-457e-a48d-2d3251e9047f",
|
|
"target_ref": "x-misp-object--e6d14f75-48c0-421b-b621-16e2d93917c0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c3844f19-24ca-4361-98e2-f9e9b4931282",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f721368d-152a-4a10-9f40-c1c015a8385a",
|
|
"target_ref": "x-misp-object--145158fa-6c29-415b-b0c9-b91bab07747f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9b041e52-a277-4907-887a-2b5359e0f527",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--096d4d0d-d240-47e6-8f38-f27e8bbc8b42",
|
|
"target_ref": "x-misp-object--9dc55be7-4b0b-4242-8d39-af30c40210ff"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c09fd7b6-8a4f-4e5e-8427-a36328634c9c",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3712a790-eff0-4ee4-beb1-a56f89ce034a",
|
|
"target_ref": "x-misp-object--5e74a189-6e48-4dd9-853c-250b3832f28d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f0fb8ca2-f110-4ca5-b65c-de1be7429cfc",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7410dfb2-70ca-4ad5-b3ee-08638d9953aa",
|
|
"target_ref": "x-misp-object--40b9a0ba-ec89-4ba3-ab9b-f0748c4e2a98"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7b75223d-aadf-45cc-8f9f-df9acdc612c8",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a4670dd5-f9d8-4d19-bb2a-dff62216e44a",
|
|
"target_ref": "x-misp-object--0739d18a-e6e0-4bed-a3a9-fee46f321ab5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1e58e6c6-e7b3-4ae7-9e45-00782b420419",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--302ff607-05ac-448a-9eca-9d105b53c7bc",
|
|
"target_ref": "x-misp-object--466bd179-9a77-4b81-9711-4a8cc4618965"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--01a2dc2b-b6d0-48d3-9e5c-8726bb8c602b",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--79cf1dc1-d9e9-4767-88b0-771dc3f40f51",
|
|
"target_ref": "x-misp-object--2e50616f-6b22-4dc4-b68c-202538996bbe"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f9f798c7-74a8-497b-ab71-8ee2b63fe839",
|
|
"created": "2018-09-23T09:25:05.000Z",
|
|
"modified": "2018-09-23T09:25:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7fb46cf4-5efc-4ca7-af99-e953213bb25a",
|
|
"target_ref": "x-misp-object--1ccd1d7c-30d0-4939-b17d-986dd346f9c3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d6bb6f97-3df4-4589-87b2-da0036e0a007",
|
|
"created": "2018-09-23T09:25:06.000Z",
|
|
"modified": "2018-09-23T09:25:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bdc39116-dd56-4658-86fa-724720005ee2",
|
|
"target_ref": "x-misp-object--d339236f-6ff9-4a44-9d14-63fb3017a91a"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |