21640 lines
No EOL
951 KiB
JSON
21640 lines
No EOL
951 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5ad5bc00-d988-48bb-9293-2135950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:11:57.000Z",
|
|
"modified": "2018-04-20T09:11:57.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5ad5bc00-d988-48bb-9293-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:11:57.000Z",
|
|
"modified": "2018-04-20T09:11:57.000Z",
|
|
"name": "OSINT - Talos/Cisco Threat Roundup for April 6 - 13",
|
|
"published": "2018-04-20T09:12:59Z",
|
|
"object_refs": [
|
|
"indicator--5ad5bc17-d2b4-4902-8453-2133950d210f",
|
|
"indicator--5ad5bc17-bb60-4d19-a86c-2133950d210f",
|
|
"indicator--5ad5bc18-7ee8-4354-ba91-2133950d210f",
|
|
"indicator--5ad5bc18-1580-4efa-b81c-2133950d210f",
|
|
"indicator--5ad5bc18-346c-4a97-a0f9-2133950d210f",
|
|
"indicator--5ad5bc27-d3f0-4174-86a2-2105950d210f",
|
|
"indicator--5ad5bc28-8c90-49e9-8dd9-2105950d210f",
|
|
"indicator--5ad5bc28-15b0-4355-836e-2105950d210f",
|
|
"indicator--5ad5bc28-6cd4-4054-8e52-2105950d210f",
|
|
"observed-data--5ad5bc34-d378-4050-9152-2134950d210f",
|
|
"url--5ad5bc34-d378-4050-9152-2134950d210f",
|
|
"indicator--5ad5bc56-ba44-4b4d-a342-4a3d950d210f",
|
|
"indicator--5ad5bc56-ae30-40dd-b2ac-49b9950d210f",
|
|
"indicator--5ad5bc57-a220-41bf-94f1-457a950d210f",
|
|
"indicator--5ad5bc57-1784-41fc-b9b5-4dae950d210f",
|
|
"indicator--5ad5bc57-c3f8-4904-8e25-4e98950d210f",
|
|
"indicator--5ad5bc58-2758-4247-bcc6-4aac950d210f",
|
|
"indicator--5ad5bc58-adf0-4b60-806e-4abb950d210f",
|
|
"indicator--5ad5bc59-4570-49e8-88fb-431d950d210f",
|
|
"indicator--5ad5bc59-8f48-4308-8bfb-49d8950d210f",
|
|
"indicator--5ad5bc59-aa78-41b1-9d73-46bb950d210f",
|
|
"indicator--5ad5bc5a-de94-4d91-901d-4658950d210f",
|
|
"indicator--5ad5bc5a-4b04-477d-890c-4d36950d210f",
|
|
"indicator--5ad5bc5b-7e08-4f15-af49-478d950d210f",
|
|
"indicator--5ad5bc5b-f808-4a39-b552-4db5950d210f",
|
|
"indicator--5ad5bc5c-da98-4b7a-b9f6-4201950d210f",
|
|
"indicator--5ad5bc5c-c52c-4d38-8067-450f950d210f",
|
|
"indicator--5ad5bc5c-5da8-42af-951d-4d53950d210f",
|
|
"indicator--5ad5bc5d-e9b0-40b1-acc7-44b3950d210f",
|
|
"indicator--5ad5bc5d-fd5c-4e4e-980c-49e6950d210f",
|
|
"indicator--5ad5bc5e-ec34-4911-b09f-4b75950d210f",
|
|
"indicator--5ad5bc5e-d19c-4bc2-bcd7-4bef950d210f",
|
|
"indicator--5ad5bc5f-fe68-49c6-a3c9-4a6e950d210f",
|
|
"indicator--5ad5bc5f-1d74-4651-a100-450a950d210f",
|
|
"indicator--5ad5bc60-df30-4572-bdf6-47f5950d210f",
|
|
"indicator--5ad5bc60-0670-4423-ad02-4b87950d210f",
|
|
"indicator--5ad5bca9-d554-437a-bcaa-46f8950d210f",
|
|
"indicator--5ad5bcbe-06c4-474e-ab97-4145950d210f",
|
|
"observed-data--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f",
|
|
"domain-name--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f",
|
|
"indicator--5ad5bd2a-1fdc-4e2b-bf6d-2135950d210f",
|
|
"indicator--5ad5bd2b-4298-4151-a76a-2135950d210f",
|
|
"indicator--5ad5bd2b-dac8-4912-aec3-2135950d210f",
|
|
"indicator--5ad5bd2b-7418-468b-ae9d-2135950d210f",
|
|
"indicator--5ad5bd4d-1490-4fae-95c6-4454950d210f",
|
|
"indicator--5ad5bd4d-4a24-4c7e-b423-4ea0950d210f",
|
|
"indicator--5ad5bd4e-5980-4712-9599-4250950d210f",
|
|
"indicator--5ad5bd4e-af4c-41b7-a076-4962950d210f",
|
|
"indicator--5ad5bd4f-2c18-405a-adab-43d6950d210f",
|
|
"indicator--5ad5bd4f-71ac-439d-a73d-45fd950d210f",
|
|
"indicator--5ad5bd4f-52ec-437a-997b-414b950d210f",
|
|
"indicator--5ad5bd50-e740-490f-86fa-4ee2950d210f",
|
|
"indicator--5ad5bd50-f0d0-47a7-a915-4991950d210f",
|
|
"indicator--5ad5bd50-a1cc-4857-aa5d-44f2950d210f",
|
|
"indicator--5ad5bd6d-0178-4d74-8d40-4ba1950d210f",
|
|
"observed-data--5ad5bd6e-7378-4136-8027-41a4950d210f",
|
|
"windows-registry-key--5ad5bd6e-7378-4136-8027-41a4950d210f",
|
|
"indicator--5ad5bd6e-c170-4c8b-856b-4635950d210f",
|
|
"observed-data--5ad5bd6e-86dc-418e-9aa9-4362950d210f",
|
|
"windows-registry-key--5ad5bd6e-86dc-418e-9aa9-4362950d210f",
|
|
"indicator--5ad5bd6f-2d30-421e-9ba1-430d950d210f",
|
|
"indicator--5ad5bd6f-e854-47a9-9995-4661950d210f",
|
|
"indicator--5ad5bd70-aa20-4e06-9194-4635950d210f",
|
|
"indicator--5ad5bd70-1c58-4be6-aef8-4f0e950d210f",
|
|
"indicator--5ad5bd70-c500-4493-9481-4d18950d210f",
|
|
"observed-data--5ad5bd71-4894-4eb5-a879-493a950d210f",
|
|
"windows-registry-key--5ad5bd71-4894-4eb5-a879-493a950d210f",
|
|
"indicator--5ad5bd71-a870-415f-8710-4ae5950d210f",
|
|
"indicator--5ad5bd72-a33c-4f97-8452-4c2d950d210f",
|
|
"indicator--5ad5bd72-8f20-4bf5-9743-43ec950d210f",
|
|
"indicator--5ad5bd72-706c-4609-92d7-4930950d210f",
|
|
"indicator--5ad5bd73-a3b0-4af3-ba12-47f1950d210f",
|
|
"indicator--5ad5bd73-6a70-4b8b-af9b-4afc950d210f",
|
|
"observed-data--5ad5bd74-37f4-46c9-a6bc-459a950d210f",
|
|
"windows-registry-key--5ad5bd74-37f4-46c9-a6bc-459a950d210f",
|
|
"indicator--5ad5bd74-85b4-4cf0-919e-4868950d210f",
|
|
"indicator--5ad5bd95-354c-49a7-95bf-2135950d210f",
|
|
"indicator--5ad5bd96-3784-4d69-a211-2135950d210f",
|
|
"indicator--5ad5bd96-1d30-4389-9fb6-2135950d210f",
|
|
"indicator--5ad5bd97-e4b4-4de5-95ab-2135950d210f",
|
|
"indicator--5ad5bd97-6bbc-4b0b-9aa6-2135950d210f",
|
|
"indicator--5ad5bd98-ed34-4052-ae05-2135950d210f",
|
|
"indicator--5ad5bd98-cf6c-4d74-a084-2135950d210f",
|
|
"indicator--5ad5bd98-e250-4bd5-a891-2135950d210f",
|
|
"indicator--5ad5bd99-d9a0-47ea-a8be-2135950d210f",
|
|
"indicator--5ad5bd99-4084-48e3-b142-2135950d210f",
|
|
"indicator--5ad5bd9a-a804-41f0-a284-2135950d210f",
|
|
"indicator--5ad5bd9a-95c0-4312-a2af-2135950d210f",
|
|
"indicator--5ad5bd9a-6830-4f10-9018-2135950d210f",
|
|
"indicator--5ad5bd9b-2c78-44ff-85f3-2135950d210f",
|
|
"indicator--5ad5bd9b-8d54-4ba2-b249-2135950d210f",
|
|
"indicator--5ad5bd9c-cad0-43fd-892d-2135950d210f",
|
|
"indicator--5ad5bd9c-f994-4ea5-8975-2135950d210f",
|
|
"indicator--5ad5bd9c-031c-40d6-98bf-2135950d210f",
|
|
"indicator--5ad5bd9d-e554-4fc7-ba1d-2135950d210f",
|
|
"indicator--5ad5bd9d-1e1c-434f-bbb3-2135950d210f",
|
|
"indicator--5ad5bd9e-5030-431e-8562-2135950d210f",
|
|
"indicator--5ad5bd9e-30e8-4ffa-968b-2135950d210f",
|
|
"indicator--5ad5bd9f-7848-4529-bb8e-2135950d210f",
|
|
"indicator--5ad5bd9f-a110-4657-ae42-2135950d210f",
|
|
"indicator--5ad5bd9f-daa4-41b1-8eaa-2135950d210f",
|
|
"indicator--5ad5bea5-9404-45af-be5e-2443950d210f",
|
|
"indicator--5ad5bea5-be08-40da-84a4-2443950d210f",
|
|
"indicator--5ad5bea5-9c44-4bf6-afee-2443950d210f",
|
|
"indicator--5ad5bea5-76fc-4b80-bced-2443950d210f",
|
|
"indicator--5ad5bea5-eb9c-472a-8557-2443950d210f",
|
|
"indicator--5ad5bea5-ac8c-40ef-b307-2443950d210f",
|
|
"indicator--5ad5bea5-6ea8-407f-95c6-2443950d210f",
|
|
"indicator--5ad5bea5-1f94-4184-b3e3-2443950d210f",
|
|
"indicator--5ad5bea5-e660-4caf-90e5-2443950d210f",
|
|
"indicator--5ad5bea5-ad90-4ea3-9e89-2443950d210f",
|
|
"indicator--5ad5bea5-56ac-4c9f-9041-2443950d210f",
|
|
"indicator--5ad5bea5-ed08-4849-bd91-2443950d210f",
|
|
"indicator--5ad5bea5-8940-486f-9da7-2443950d210f",
|
|
"indicator--5ad5bea5-0ffc-473b-8bec-2443950d210f",
|
|
"indicator--5ad5bea5-9528-41d6-aac3-2443950d210f",
|
|
"indicator--5ad5bea5-26d4-4a61-a6f6-2443950d210f",
|
|
"indicator--5ad5bea5-2bfc-420c-833f-2443950d210f",
|
|
"indicator--5ad5bea5-4c18-42bd-9eec-2443950d210f",
|
|
"indicator--5ad5bee6-e57c-4fb9-ba55-2134950d210f",
|
|
"indicator--5ad5bee7-50fc-4a49-b96d-2134950d210f",
|
|
"indicator--5ad5bee7-50d8-4a9d-abb0-2134950d210f",
|
|
"indicator--5ad5bee7-bff0-428b-9e2c-2134950d210f",
|
|
"indicator--5ad5bee8-3f50-41ef-9cf6-2134950d210f",
|
|
"indicator--5ad5bee8-bf58-4dd4-875a-2134950d210f",
|
|
"indicator--5ad5bee9-bec0-44e4-a6d2-2134950d210f",
|
|
"indicator--5ad5bee9-016c-4288-a267-2134950d210f",
|
|
"indicator--5ad5bee9-610c-41ee-9b39-2134950d210f",
|
|
"indicator--5ad5beea-4204-4cc4-9acf-2134950d210f",
|
|
"indicator--5ad5beea-41f8-4227-ad39-2134950d210f",
|
|
"indicator--5ad5beeb-8114-421c-81fc-2134950d210f",
|
|
"indicator--5ad5beeb-4c24-49b5-8ea1-2134950d210f",
|
|
"indicator--5ad5beec-7568-4a94-85b2-2134950d210f",
|
|
"indicator--5ad5beec-a088-46a9-93ae-2134950d210f",
|
|
"indicator--5ad5beec-e600-4b55-9e92-2134950d210f",
|
|
"indicator--5ad5beed-0220-4adf-9ea2-2134950d210f",
|
|
"indicator--5ad5beed-73f0-40ba-a922-2134950d210f",
|
|
"indicator--5ad5beee-b710-4fe7-8159-2134950d210f",
|
|
"indicator--5ad5beee-39c8-495b-a7b5-2134950d210f",
|
|
"indicator--5ad5beee-1e90-4d38-a935-2134950d210f",
|
|
"indicator--5ad5beef-b80c-4f61-bfb4-2134950d210f",
|
|
"indicator--5ad5beef-7498-49aa-abd0-2134950d210f",
|
|
"indicator--5ad5bef0-b040-4436-b953-2134950d210f",
|
|
"indicator--5ad5bef0-511c-42ee-8fe7-2134950d210f",
|
|
"observed-data--5ad5c543-92b8-4648-af41-45a0950d210f",
|
|
"mutex--5ad5c543-92b8-4648-af41-45a0950d210f",
|
|
"indicator--5ad5d370-bae8-429c-862d-4a8c950d210f",
|
|
"indicator--5ad5d371-c774-497c-8e27-4706950d210f",
|
|
"indicator--5ad5d3a3-e298-4956-989d-243b950d210f",
|
|
"indicator--5ad5d3a4-07a4-49e5-9c58-243b950d210f",
|
|
"indicator--5ad5d3a4-3bc0-42e1-b7cc-243b950d210f",
|
|
"indicator--5ad5d3a5-f828-4ef1-b2ea-243b950d210f",
|
|
"indicator--5ad5d3a5-f920-4475-afea-243b950d210f",
|
|
"indicator--5ad5d3a5-dc18-4c46-be57-243b950d210f",
|
|
"indicator--5ad5d3a6-de3c-4eb1-ac25-243b950d210f",
|
|
"indicator--5ad5d3a6-1fb8-4ff9-b1c9-243b950d210f",
|
|
"indicator--5ad5d3a7-cbd0-42f5-aa2e-243b950d210f",
|
|
"indicator--5ad5d3a7-c294-49cf-ac38-243b950d210f",
|
|
"indicator--5ad5d3a7-dba4-4f49-a12c-243b950d210f",
|
|
"indicator--5ad5d3a8-4e2c-4dbe-9db6-243b950d210f",
|
|
"indicator--5ad5d3a8-c514-46bc-a3e1-243b950d210f",
|
|
"indicator--5ad5d3a9-e248-4f8c-b955-243b950d210f",
|
|
"indicator--5ad5d3a9-7924-4802-ba83-243b950d210f",
|
|
"indicator--5ad5d3a9-c654-4aa7-9bd9-243b950d210f",
|
|
"indicator--5ad5d3aa-fbc8-422b-93f5-243b950d210f",
|
|
"indicator--5ad5d3aa-0b2c-491a-9b07-243b950d210f",
|
|
"indicator--5ad5d3ab-9598-4729-821c-243b950d210f",
|
|
"indicator--5ad5d3ab-1980-401f-af4c-243b950d210f",
|
|
"indicator--5ad5d3ab-ceb4-4edf-b75e-243b950d210f",
|
|
"indicator--5ad5d3ac-f5a0-48d0-948a-243b950d210f",
|
|
"indicator--5ad5d3ac-1ac4-4e14-af1f-243b950d210f",
|
|
"indicator--5ad5d3ad-b024-4bd7-9640-243b950d210f",
|
|
"indicator--5ad5d3ad-599c-4727-8962-243b950d210f",
|
|
"indicator--5ad5d964-4598-41ca-9c0f-a0a3950d210f",
|
|
"indicator--5ad5d964-11b8-4b37-a4f1-a0a3950d210f",
|
|
"indicator--5ad5d964-d98c-404f-8a50-a0a3950d210f",
|
|
"indicator--5ad5d9ac-c5ac-4c4e-8211-a1d4950d210f",
|
|
"indicator--5ad5d9ad-7214-4623-bdc6-a1d4950d210f",
|
|
"indicator--5ad5d9ad-0f34-4b2d-9f8e-a1d4950d210f",
|
|
"indicator--5ad5f0f5-1140-4653-a5ee-4b3b950d210f",
|
|
"indicator--5ad5f0f6-4e00-4a26-a357-4ffb950d210f",
|
|
"indicator--5ad5f0f6-8b6c-4695-bd9d-4c5b950d210f",
|
|
"indicator--5ad5f0f7-88ec-437c-984f-4014950d210f",
|
|
"indicator--5ad5f0f8-c34c-457c-aeb3-4438950d210f",
|
|
"indicator--5ad5f0f8-5860-4a44-93bd-4ba2950d210f",
|
|
"indicator--5ad5f0f8-1bb8-4caf-b2e7-431d950d210f",
|
|
"indicator--5ad5f0f9-6a40-46c1-bd92-45c3950d210f",
|
|
"indicator--5ad5f0f9-63f8-4f8c-97a5-4e18950d210f",
|
|
"indicator--5ad5f0fa-6de8-4b15-8027-4191950d210f",
|
|
"indicator--5ad5f0fa-1df8-4e66-90d0-4557950d210f",
|
|
"indicator--5ad5f0fb-7134-4d0e-b0f5-4eb3950d210f",
|
|
"indicator--5ad5f0fb-74dc-43d0-8b39-43ce950d210f",
|
|
"indicator--5ad5f0fc-f2e4-4b91-8b27-4d61950d210f",
|
|
"indicator--5ad5f0fe-67fc-464c-b0d2-4bb6950d210f",
|
|
"indicator--5ad5f0ff-657c-457e-a74e-4b17950d210f",
|
|
"indicator--5ad5f0ff-e98c-4f46-a8fd-4980950d210f",
|
|
"indicator--5ad5f100-1c08-4320-b4d4-428b950d210f",
|
|
"indicator--5ad5f100-2800-496f-993a-4b96950d210f",
|
|
"indicator--5ad5f101-9ff0-4170-a6a9-4b43950d210f",
|
|
"indicator--5ad5f101-3e6c-4095-9810-4b7d950d210f",
|
|
"indicator--5ad5f210-eda0-4291-ac47-4b67950d210f",
|
|
"indicator--5ad5f211-bf5c-4b0b-97b3-4038950d210f",
|
|
"indicator--5ad5f211-bd54-47d6-bb3a-4a99950d210f",
|
|
"indicator--5ad5f212-36ac-45c0-bd4a-4769950d210f",
|
|
"indicator--5ad5f212-a40c-4b2a-8361-4d16950d210f",
|
|
"indicator--5ad5f213-2dc8-410e-a58d-4eb8950d210f",
|
|
"indicator--5ad5f213-a4e4-44fe-96af-401f950d210f",
|
|
"indicator--5ad5f213-cf88-43e9-bfb1-4702950d210f",
|
|
"indicator--5ad5f214-52e8-4a64-847b-4df9950d210f",
|
|
"indicator--5ad5f3cb-f368-4ad1-bc5f-4cf2950d210f",
|
|
"indicator--5ad5f3cc-dd28-4c1d-9af4-4cdc950d210f",
|
|
"indicator--5ad5f3cd-a07c-455b-8173-4e32950d210f",
|
|
"indicator--5ad5f3cd-6278-4b4f-8810-442a950d210f",
|
|
"indicator--5ad5f3ce-6690-4d18-a2c1-4133950d210f",
|
|
"indicator--5ad5f3ce-1a1c-4d2a-b2b9-4327950d210f",
|
|
"indicator--5ad5f3ce-2198-4ffc-bffa-411f950d210f",
|
|
"indicator--5ad5f3cf-7c58-4a5b-9781-4a06950d210f",
|
|
"indicator--5ad5f3cf-eed4-48e1-bde5-4068950d210f",
|
|
"indicator--5ad5f3d0-d0c8-42e6-b303-4076950d210f",
|
|
"indicator--5ad5f3d0-aff8-4da4-8fa1-4153950d210f",
|
|
"indicator--5ad5f3d1-9bf0-40a6-9a60-41a0950d210f",
|
|
"indicator--5ad5f3d1-bb88-46bb-83eb-42b0950d210f",
|
|
"indicator--5ad5f3d1-c0f0-4fe5-9d6e-4de7950d210f",
|
|
"indicator--5ad5f3d2-0064-413f-b95f-4074950d210f",
|
|
"indicator--5ad5f3d2-362c-4c19-81a0-4b69950d210f",
|
|
"indicator--5ad5f3d3-6f60-4351-8b4f-4d33950d210f",
|
|
"indicator--5ad5f3d3-6620-41d9-86f7-41fd950d210f",
|
|
"indicator--5ad5f3d4-e690-42cd-a28e-4e80950d210f",
|
|
"observed-data--5ad5f851-4c38-4407-a13b-436d950d210f",
|
|
"windows-registry-key--5ad5f851-4c38-4407-a13b-436d950d210f",
|
|
"observed-data--5ad5f852-fca4-4c49-862f-4202950d210f",
|
|
"windows-registry-key--5ad5f852-fca4-4c49-862f-4202950d210f",
|
|
"observed-data--5ad5f852-c810-4df5-a5f8-45a8950d210f",
|
|
"windows-registry-key--5ad5f852-c810-4df5-a5f8-45a8950d210f",
|
|
"observed-data--5ad5f853-8f58-492a-8488-4ad7950d210f",
|
|
"windows-registry-key--5ad5f853-8f58-492a-8488-4ad7950d210f",
|
|
"observed-data--5ad5f853-6b7c-45d1-bc66-49eb950d210f",
|
|
"windows-registry-key--5ad5f853-6b7c-45d1-bc66-49eb950d210f",
|
|
"indicator--5ad6f368-0d14-45d4-914d-4411950d210f",
|
|
"indicator--5ad6f368-9a7c-4654-a670-47ff950d210f",
|
|
"indicator--5ad6f369-00c4-46b6-8aea-4a91950d210f",
|
|
"indicator--5ad6f369-bd00-4721-a3f3-4d28950d210f",
|
|
"indicator--5ad6f369-2740-4db8-98d0-4b31950d210f",
|
|
"observed-data--5ad6f36a-5780-4671-b8a3-42c4950d210f",
|
|
"domain-name--5ad6f36a-5780-4671-b8a3-42c4950d210f",
|
|
"indicator--5ad6f36a-a7b4-4397-9ce8-45e2950d210f",
|
|
"indicator--5ad6f36b-6cd4-4054-a272-4445950d210f",
|
|
"observed-data--5ad6f49a-fb1c-48bc-94f9-4419950d210f",
|
|
"mutex--5ad6f49a-fb1c-48bc-94f9-4419950d210f",
|
|
"indicator--5ad6f509-2e3c-4b5e-a4b4-48a3950d210f",
|
|
"indicator--5ad6f50a-1a78-49de-8491-4aa3950d210f",
|
|
"indicator--5ad6f50a-42c8-48b9-bf8a-46c7950d210f",
|
|
"indicator--5ad6f50a-b92c-4855-88ac-492e950d210f",
|
|
"indicator--5ad6f50b-d154-4795-b7f3-47e7950d210f",
|
|
"indicator--5ad6f50b-d714-4dce-9ed7-4f30950d210f",
|
|
"indicator--5ad6f50b-b668-4b71-bfcb-4a28950d210f",
|
|
"indicator--5ad6f50c-07dc-4e7e-844e-49dd950d210f",
|
|
"indicator--5ad6f50c-31ec-4ca7-9ecc-4e7a950d210f",
|
|
"indicator--5ad6f50d-e290-458b-befc-4bbe950d210f",
|
|
"indicator--5ad6f50d-1a8c-4844-ad53-40f5950d210f",
|
|
"indicator--5ad6f50e-2550-41da-a161-445b950d210f",
|
|
"indicator--5ad6f50e-f01c-4cec-88c9-4232950d210f",
|
|
"indicator--5ad6f50e-efa0-4487-9291-4e90950d210f",
|
|
"indicator--5ad6f50f-c064-4e25-a17f-4fcb950d210f",
|
|
"indicator--5ad6f50f-3194-4722-9575-48af950d210f",
|
|
"indicator--5ad6f510-5a7c-4901-930f-4c91950d210f",
|
|
"indicator--5ad71113-447c-41a1-9bd4-4e24950d210f",
|
|
"observed-data--5ad71113-7aa4-4bfd-b9ac-49c5950d210f",
|
|
"windows-registry-key--5ad71113-7aa4-4bfd-b9ac-49c5950d210f",
|
|
"indicator--5ad73c88-56bc-4414-803a-7ba2950d210f",
|
|
"indicator--5ad73c88-9f88-4029-b6c6-7ba2950d210f",
|
|
"indicator--5ad73c89-3e98-4607-87f0-7ba2950d210f",
|
|
"indicator--5ad73c89-055c-4812-80a0-7ba2950d210f",
|
|
"indicator--5ad73c8a-57d8-4f69-a836-7ba2950d210f",
|
|
"indicator--5ad73c8a-27ec-4308-81b8-7ba2950d210f",
|
|
"indicator--5ad73c8b-584c-4667-a86f-7ba2950d210f",
|
|
"indicator--5ad73c8b-42c8-4947-a2c8-7ba2950d210f",
|
|
"indicator--5ad73c8c-d530-4489-820d-7ba2950d210f",
|
|
"indicator--5ad73c8c-99d0-48b7-be88-7ba2950d210f",
|
|
"indicator--5ad73c8c-20f8-44cc-8a1b-7ba2950d210f",
|
|
"indicator--5ad73c8d-1654-4e71-a6d4-7ba2950d210f",
|
|
"indicator--5ad73c8d-2888-4ed3-a247-7ba2950d210f",
|
|
"indicator--5ad73c8e-57e0-4131-aa43-7ba2950d210f",
|
|
"indicator--5ad73c8e-83b4-4b62-9db9-7ba2950d210f",
|
|
"indicator--5ad73c8f-df38-4dfa-a837-7ba2950d210f",
|
|
"indicator--5ad73c8f-ae2c-445e-8e26-7ba2950d210f",
|
|
"indicator--5ad73c90-5394-4e42-87b1-7ba2950d210f",
|
|
"indicator--5ad73c90-3768-45e1-b5e5-7ba2950d210f",
|
|
"indicator--5ad73c91-f2bc-45d2-8433-7ba2950d210f",
|
|
"indicator--5ad73c91-d9f0-4c95-aff6-7ba2950d210f",
|
|
"indicator--5ad73c92-da9c-43f3-95ae-7ba2950d210f",
|
|
"indicator--5ad73c92-e460-4485-bc27-7ba2950d210f",
|
|
"indicator--5ad73c93-67c8-4844-b5eb-7ba2950d210f",
|
|
"indicator--5ad73c93-7f38-4ee0-8843-7ba2950d210f",
|
|
"indicator--5ad73c93-efb8-439d-b748-7ba2950d210f",
|
|
"indicator--5ad73c94-2d30-45ff-9fff-7ba2950d210f",
|
|
"indicator--5ad73d16-6bbc-47dd-8e71-21a4950d210f",
|
|
"indicator--5ad73d16-3c70-4009-8cfd-21a4950d210f",
|
|
"indicator--5ad73d17-86a0-40c3-a66d-21a4950d210f",
|
|
"indicator--5ad73d17-da38-40bf-9fb6-21a4950d210f",
|
|
"indicator--5ad73d17-67b4-42a8-ba91-21a4950d210f",
|
|
"observed-data--5ad73d18-fa24-4b78-94c1-21a4950d210f",
|
|
"domain-name--5ad73d18-fa24-4b78-94c1-21a4950d210f",
|
|
"indicator--5ad73d19-80bc-426e-add3-21a4950d210f",
|
|
"indicator--5ad73d19-f07c-4db8-8e0b-21a4950d210f",
|
|
"indicator--5ad73d19-0744-48a0-b32e-21a4950d210f",
|
|
"indicator--5ad73d1a-7044-4255-9e6f-21a4950d210f",
|
|
"indicator--5ad73d1a-1034-4e73-a261-21a4950d210f",
|
|
"indicator--5ad73d1b-b110-4c26-a2b6-21a4950d210f",
|
|
"indicator--5ad73d1b-75b0-491c-8bac-21a4950d210f",
|
|
"indicator--5ad73d1b-de28-44b4-a3b5-21a4950d210f",
|
|
"indicator--5ad73d1c-5f18-49a5-abd6-21a4950d210f",
|
|
"indicator--5ad73d1c-6158-42bc-8cc9-21a4950d210f",
|
|
"indicator--5ad73d1d-71e8-4b2f-a09c-21a4950d210f",
|
|
"indicator--5ad73d1d-fbb4-4047-afb3-21a4950d210f",
|
|
"indicator--5ad73d1d-3654-4e9d-8677-21a4950d210f",
|
|
"indicator--5ad73d1e-2150-46e9-9409-21a4950d210f",
|
|
"indicator--5ad73d1e-5ee4-43e8-b824-21a4950d210f",
|
|
"indicator--5ad73d1f-014c-4906-8d8c-21a4950d210f",
|
|
"indicator--5ad73d1f-5508-42c7-bac1-21a4950d210f",
|
|
"indicator--5ad73d1f-7944-4903-b661-21a4950d210f",
|
|
"indicator--5ad73d20-7894-432b-ae81-21a4950d210f",
|
|
"indicator--5ad73d20-f584-458b-9057-21a4950d210f",
|
|
"indicator--5ad73d21-0dc8-4cc0-902c-21a4950d210f",
|
|
"indicator--5ad73d21-5ac0-4c8b-8c2f-21a4950d210f",
|
|
"indicator--5ad73d21-230c-412b-9b25-21a4950d210f",
|
|
"indicator--5ad73d22-75c0-410d-abaf-21a4950d210f",
|
|
"indicator--5ad73d22-91cc-4678-99df-21a4950d210f",
|
|
"indicator--5ad73d23-6508-4f7f-800c-21a4950d210f",
|
|
"indicator--5ad73d23-3ff4-40f7-b773-21a4950d210f",
|
|
"indicator--5ad73f73-19b8-4bfc-8b13-7ba5950d210f",
|
|
"indicator--5ad73fa0-6ed0-456b-8abc-7b9e950d210f",
|
|
"indicator--5ad73fa0-d070-4d34-866b-7b9e950d210f",
|
|
"indicator--5ad73fa1-70a4-4800-81f9-7b9e950d210f",
|
|
"indicator--5ad73fa1-fde8-43a9-b2f1-7b9e950d210f",
|
|
"indicator--5ad73fa2-33ac-4795-9641-7b9e950d210f",
|
|
"indicator--5ad73fa2-13e0-409e-a743-7b9e950d210f",
|
|
"indicator--5ad73fa3-fb38-4d1d-8955-7b9e950d210f",
|
|
"indicator--5ad73fa3-c334-4f35-97ee-7b9e950d210f",
|
|
"indicator--5ad73fa3-a3b4-46e6-85e7-7b9e950d210f",
|
|
"indicator--5ad73fa4-0dc8-4f29-94b6-7b9e950d210f",
|
|
"indicator--5ad73fa4-3f20-40a2-ae9e-7b9e950d210f",
|
|
"indicator--5ad73fa5-3d2c-40a2-9c8b-7b9e950d210f",
|
|
"indicator--5ad73fa5-a420-4e9f-a25d-7b9e950d210f",
|
|
"indicator--5ad73fa5-3bdc-4d75-a2d2-7b9e950d210f",
|
|
"indicator--5ad73fa6-8fd4-47f8-83e6-7b9e950d210f",
|
|
"indicator--5ad73fa6-765c-4471-a3b3-7b9e950d210f",
|
|
"indicator--5ad73fa7-5400-4faf-bd8b-7b9e950d210f",
|
|
"indicator--5ad73fa7-711c-4f2d-ae86-7b9e950d210f",
|
|
"indicator--5ad73fa7-47dc-4f2e-8c5a-7b9e950d210f",
|
|
"indicator--5ad73fa8-f2b4-4348-9cf4-7b9e950d210f",
|
|
"indicator--5ad73fa8-8e1c-4c31-a3ba-7b9e950d210f",
|
|
"indicator--5ad73fa9-d408-42db-a368-7b9e950d210f",
|
|
"indicator--5ad73fa9-f584-442c-9f41-7b9e950d210f",
|
|
"indicator--5ad73fa9-e6f4-4f0d-9fd4-7b9e950d210f",
|
|
"indicator--5ad73faa-75ac-41d4-ad16-7b9e950d210f",
|
|
"indicator--5ad73faa-cbb4-4d33-b945-7b9e950d210f",
|
|
"indicator--5ad73fab-79a4-43fd-84c1-7b9e950d210f",
|
|
"indicator--5ad73fab-d5f8-42d8-b922-7b9e950d210f",
|
|
"indicator--d8250151-a555-4e5e-9239-e4d6a705c550",
|
|
"x-misp-object--f18a6769-9119-4ce8-8261-38c8c36c6d48",
|
|
"indicator--5667d69e-d4e0-49ff-b66d-ee9c0d1606a0",
|
|
"x-misp-object--2777d3d2-815c-4e73-92b3-e7c5f6a6bb4f",
|
|
"indicator--5a0f795c-3740-4127-ae11-5719c06e4613",
|
|
"x-misp-object--ff6c2680-4cca-4e84-aeef-dbf889d731cb",
|
|
"indicator--7f770580-9cd5-4055-8779-f7214ff95236",
|
|
"x-misp-object--ee0ed29e-9ebc-4abb-b406-61d5e5e7d74f",
|
|
"indicator--16dd834b-161d-4a5d-a463-e0fe0c82ddb8",
|
|
"x-misp-object--c2c034d9-7fc9-4b07-b85e-b77886481632",
|
|
"indicator--1c3353ab-72a9-4b8d-bf7b-26b82f95bcab",
|
|
"x-misp-object--ca39f2b2-ab66-4b27-b7c6-c0e6031aa3c6",
|
|
"indicator--4bbac67b-db88-4ff1-b57e-99611cfee662",
|
|
"x-misp-object--7d0a5db8-4b69-4b06-b514-861ac2bcc9c8",
|
|
"indicator--38195b20-39ab-4f46-a15f-4cac8fa71f0b",
|
|
"x-misp-object--b9326c01-9fbc-4562-9806-9eb7f18f1658",
|
|
"indicator--23168de0-12c0-4447-aecb-32d09f2215d6",
|
|
"x-misp-object--6ffec30e-27e2-4994-b80e-41bbfc7b35ca",
|
|
"indicator--3797aea4-eab0-4f22-9e6d-a1a543cb0009",
|
|
"x-misp-object--bc2915ec-2b50-47b9-abaa-3481306c33d2",
|
|
"indicator--d9bd8f68-4507-4e45-b3b2-51b238bf210c",
|
|
"x-misp-object--e050e2a6-56c7-45ff-82a3-771b9fed5773",
|
|
"indicator--bdfb2aaf-fbc1-4f37-a1c2-3d2e7ab849e4",
|
|
"x-misp-object--0b1fa52a-e14a-41b1-870c-6f2f34beb767",
|
|
"indicator--5bf3dff0-e75c-4c33-b4a1-eb598f12b360",
|
|
"x-misp-object--52911c0c-a5de-4e05-b24b-f95bc38926b4",
|
|
"indicator--614923b5-0de4-4fc9-a207-736b5e32740d",
|
|
"x-misp-object--8ea75fc7-ff1e-45ce-806b-6542e4d5da9c",
|
|
"indicator--995bfffe-f2bd-4180-9982-f4700327897d",
|
|
"x-misp-object--bdda72e7-74f6-4a7e-9ce2-860f07a867cc",
|
|
"indicator--3d6d671b-63e1-4e34-add1-f1ac1def5d61",
|
|
"x-misp-object--73b55eba-1b5c-4404-a1fe-f8776317e5db",
|
|
"indicator--4faa8c04-91b8-4cae-a6e4-b7e025fba6fb",
|
|
"x-misp-object--2c7fb252-23a4-4d0f-a7d2-38ef26d62292",
|
|
"indicator--973396c7-45b7-4106-addf-ac2d80c845bf",
|
|
"x-misp-object--caf0696e-f479-451b-87c4-55c4e29e725c",
|
|
"indicator--54f5c200-a42b-4430-bbf0-b9669a922753",
|
|
"x-misp-object--3c6123b5-074a-48ac-8e18-eacd3427f3e0",
|
|
"indicator--31544fd1-56dd-45f2-b82e-92735845680d",
|
|
"x-misp-object--3c388591-92db-40b6-ae4b-b929b333b015",
|
|
"indicator--112a8e0b-9c16-4653-b33c-dd0c9395e5f1",
|
|
"x-misp-object--3c1121a3-79bf-4e3d-9f13-9a8b93a071cb",
|
|
"indicator--94710067-d371-4822-8b18-19de4086162d",
|
|
"x-misp-object--682b1d3f-030c-4473-ba89-9cd2fe00057c",
|
|
"indicator--4801e439-9b95-4e31-b323-19141dc9f661",
|
|
"x-misp-object--49706bc5-c3ca-4603-9c8c-27e7b7da5aea",
|
|
"indicator--a323b8bb-713c-49d2-9182-c5c82a7ad35d",
|
|
"x-misp-object--3b0a52e2-f7d8-4624-9306-b85a5d163797",
|
|
"indicator--471e1471-53fb-4110-b102-8cce0d58cf5b",
|
|
"x-misp-object--afea6952-1d7c-42e2-8600-2db8d77a821e",
|
|
"indicator--7db6a294-00d5-4a9d-b4ff-29e484eb8d4a",
|
|
"x-misp-object--4f42f6bc-bc09-4beb-b412-645e35f3d61c",
|
|
"indicator--30ffb028-4ee1-479d-ad8e-b16c1c787b24",
|
|
"x-misp-object--cdd6e30a-cb0d-4276-8b1c-208f8db7873c",
|
|
"indicator--58e315b7-b23a-4232-a7df-24c01f2c6147",
|
|
"x-misp-object--a8ef1585-9219-4fd3-82c4-fd44b510ec44",
|
|
"indicator--eead743e-4f7b-417e-ab5b-754be3ab4639",
|
|
"x-misp-object--44db359a-2322-4199-b7b2-ad7047055145",
|
|
"indicator--c462c18c-5dd2-474d-9bdb-683249100648",
|
|
"x-misp-object--51803a65-599e-4c65-a62e-47cedcfdf679",
|
|
"indicator--24579f89-a5e2-40a1-b402-1a3f503a9fee",
|
|
"x-misp-object--4df065d3-0e9e-474e-99f0-ddcfd2163f78",
|
|
"indicator--8e397422-74ed-45d1-9b6a-68a3333869ce",
|
|
"x-misp-object--3136bde9-7b09-4380-9688-b316ff8030a3",
|
|
"indicator--a9fa6c94-efe8-4dbf-b103-c24ab19cbbf7",
|
|
"x-misp-object--62a360ce-dbdb-4fbb-8e80-7ce96f87946c",
|
|
"indicator--f165aa6e-5d89-4258-8673-39c9f6b9948c",
|
|
"x-misp-object--85cfd077-9915-43ee-80d6-d145645df836",
|
|
"indicator--475a6596-dcd2-4cd5-bde7-91710d2635ae",
|
|
"x-misp-object--20aa948a-2c13-4806-97db-a0b7b736ef88",
|
|
"indicator--f66345c9-da87-4634-807e-95b40b3f7829",
|
|
"x-misp-object--4f729230-95ef-4dd1-8e92-e3ca84fde7b0",
|
|
"indicator--3ec767cb-63b7-4634-936d-ec2c72b7f414",
|
|
"x-misp-object--e68803ee-8f52-4a45-b1ad-fadc751112e0",
|
|
"indicator--2f1a76d0-7049-4e63-b652-573bad749c33",
|
|
"x-misp-object--66400a8a-058c-46d1-be9e-5e0a8e28a098",
|
|
"indicator--e7bf71e1-5ed5-46ce-8ba8-a1f4f00e8d19",
|
|
"x-misp-object--92a63283-9df8-4cf5-831d-a1d429ae0a04",
|
|
"indicator--1c7451e3-1e01-469b-87a2-8fe5a7a8a1b3",
|
|
"x-misp-object--4f0576c0-d450-4279-9daa-96479dfa26ee",
|
|
"indicator--fe05184f-77b8-4157-80b7-07aa043c9936",
|
|
"x-misp-object--2f79727e-28c0-423d-9ed6-8cbf85e2b518",
|
|
"indicator--3732f786-fed1-4ec0-81a2-cf90bac3e268",
|
|
"x-misp-object--dc2dd4e7-efc4-4d62-8c13-1af4257ee137",
|
|
"indicator--3bf3ae13-b58d-4f5d-8469-5a34c8122639",
|
|
"x-misp-object--409f2f05-3619-4f32-9c87-2ba0be7d1f14",
|
|
"indicator--ca3966ec-726d-4dcb-81f4-39c21bce3b57",
|
|
"x-misp-object--54df5a27-b7e9-4370-b86a-434bc5c4bfb0",
|
|
"indicator--54175632-8cf7-4b49-934a-da9ed750f839",
|
|
"x-misp-object--1602037e-3d0a-4d7c-aad4-690589211f3d",
|
|
"indicator--22060082-286e-4e92-a9de-5932cc66684c",
|
|
"x-misp-object--da7a7be3-a8bf-4a4b-942e-6366ca70d287",
|
|
"indicator--bc3cbc70-c086-48a4-8c6e-faf4f66dc4fd",
|
|
"x-misp-object--fe8692b8-47ed-49ae-ac84-c200cf0fb40b",
|
|
"indicator--f971946a-c11f-4e87-958e-b1216469856d",
|
|
"x-misp-object--7fc03e03-5dfe-4d7b-9ca9-d4f2c47233fb",
|
|
"indicator--820f1598-4c73-4860-8239-acc32c501496",
|
|
"x-misp-object--686748b5-288c-48a2-9596-1fc1e96df87b",
|
|
"indicator--9b31f6f2-1afa-4cc1-b1c9-3939d61c351e",
|
|
"x-misp-object--c3012495-b7ed-4916-9049-53b6c65ac11b",
|
|
"indicator--4febf0f3-b71a-45e4-baed-ebd75779a918",
|
|
"x-misp-object--872d5324-22bb-4366-a495-9cfe1ab1fcb8",
|
|
"indicator--b366383d-8567-41d5-8bd2-098a72d6410b",
|
|
"x-misp-object--c18455f9-0c99-40ad-9307-b6c207b78199",
|
|
"indicator--338c09b1-8889-4266-bc9c-9b6198986d8e",
|
|
"x-misp-object--ed59d7cd-6596-4802-b2c8-8bc71943c90f",
|
|
"indicator--9b0cbf41-9f55-4c12-af30-95638bcb9724",
|
|
"x-misp-object--ddd0eeec-07f6-4e82-aa68-2237276ef93e",
|
|
"indicator--23d68864-87dc-40f6-8bdb-0382a2de717f",
|
|
"x-misp-object--6a099e7c-a5dd-400b-8bca-df7575a5f1e0",
|
|
"indicator--bf50fe3f-7ce4-4162-bee5-5b58898ff862",
|
|
"x-misp-object--e031d087-ef4b-4824-9859-b46854c2939b",
|
|
"indicator--a2d09237-7842-4a7c-9966-66901fed8c9d",
|
|
"x-misp-object--f2130b6f-d3b1-4d06-9938-964ee58f732c",
|
|
"indicator--93d0b571-4b57-409a-8616-fe681227c5b0",
|
|
"x-misp-object--ef46be73-9a3e-44c3-83c2-4ede304d137b",
|
|
"indicator--d3888401-a744-46ca-af6a-ebd96da536f0",
|
|
"x-misp-object--d0fb5f61-30c3-4b2e-a514-31fc3fff048f",
|
|
"indicator--48f7985a-f575-46f2-b2a6-d8f9f349e20d",
|
|
"x-misp-object--1ef1d86b-f368-4bf7-899f-8e2141bf5ae7",
|
|
"indicator--bbb9a50d-b258-4447-b8a5-c15bf7581ae8",
|
|
"x-misp-object--0a443b7d-1866-4230-b65b-dedabfe03e83",
|
|
"indicator--34f4e2b6-3c81-4759-984f-86d7b4918862",
|
|
"x-misp-object--332bc7c4-5a4e-4d1f-ad95-ba547a1bd03d",
|
|
"indicator--d1fc796f-8f35-4217-a3cc-d034728cab47",
|
|
"x-misp-object--91de0b6e-f4f2-43e9-8ea7-3f3e5341eecb",
|
|
"indicator--8d5831df-85b4-49dd-ac0e-a65280af1025",
|
|
"x-misp-object--0475bcfd-dcdf-44d2-87b0-2083883a290c",
|
|
"indicator--2bd61b04-6327-416d-b613-a56d7c4a6dfe",
|
|
"x-misp-object--610984d9-b024-4156-9823-26b761e17e15",
|
|
"indicator--7bebd57c-bb57-4da1-a8b1-97fb53694f80",
|
|
"x-misp-object--4d3f77ed-8659-4a4c-8a0f-65c772c7a7fe",
|
|
"indicator--b91d5808-92ad-4fa7-9b4d-7348cc563091",
|
|
"x-misp-object--7994aa0e-7f14-4988-8820-5ffe04a261d1",
|
|
"indicator--f46250f9-0e9b-4e25-9bee-b06e384c3a53",
|
|
"x-misp-object--c4796178-b6f0-433b-96a2-9b72e558e59a",
|
|
"indicator--911c04f4-f1f2-44c4-8242-c69e588493f0",
|
|
"x-misp-object--d436e73b-9629-4c08-988b-73650cd12315",
|
|
"indicator--c878521d-9b6b-4046-a3d2-fc9798c3c8df",
|
|
"x-misp-object--03a28507-7341-429a-afef-14f0e4faeae6",
|
|
"indicator--ac554dac-0487-4973-be4d-4d2efbcfc1b9",
|
|
"x-misp-object--49e363d6-17fc-41dc-b434-a102e236ceba",
|
|
"indicator--7606e8b5-261a-40ea-99e1-383c9a1c85f7",
|
|
"x-misp-object--a0ebe82c-5513-4e78-9d9c-2b1ee9be03c0",
|
|
"indicator--5ad5d64c-0d2c-486c-99c7-a0bb950d210f",
|
|
"indicator--5ad5d680-5248-4175-bd12-d066950d210f",
|
|
"indicator--5ad5d764-6f6c-4d61-aed1-48bc950d210f",
|
|
"indicator--5ad5d7de-2ab4-472e-9bba-2440950d210f",
|
|
"indicator--5ad5d82c-72a8-406a-a4cb-a0bd950d210f",
|
|
"indicator--5ad5d855-b3e0-450a-bfbd-d095950d210f",
|
|
"indicator--5ad5df94-d030-4f98-bae7-44c8950d210f",
|
|
"indicator--5ad5fa35-f650-49aa-81ab-4655950d210f",
|
|
"indicator--5ad5fa7f-2914-45a7-98fc-45bd950d210f",
|
|
"indicator--5ad5faa2-477c-4823-9ba7-4e7c950d210f",
|
|
"indicator--5ad5fad4-36a0-4a9d-b4ae-40b8950d210f",
|
|
"indicator--5ad5fd0d-c14c-4e4f-8529-41a2950d210f",
|
|
"indicator--5ad5fd2c-951c-499f-9a2d-4650950d210f",
|
|
"indicator--5ad5fefa-8fac-478c-bef3-4f19950d210f",
|
|
"indicator--5ad5ff8f-9db8-443b-9835-40b9950d210f",
|
|
"indicator--5ad5ffb4-6e7c-4470-9b29-4c86950d210f",
|
|
"indicator--5ad5fff2-a58c-40ca-9898-41a7950d210f",
|
|
"indicator--5ad60018-0020-4e76-bbc1-4034950d210f",
|
|
"indicator--5ad601c5-1420-47fd-918b-42c2950d210f",
|
|
"indicator--5ad60217-e4bc-4470-b1e6-43fd950d210f",
|
|
"indicator--5ad60231-3f60-4002-88a6-8ee9950d210f",
|
|
"indicator--5ad602de-93f8-4977-bd92-4336950d210f",
|
|
"indicator--5ad6030d-01fc-4395-b374-4e42950d210f",
|
|
"indicator--5ad60339-e7a8-4868-affe-4f0a950d210f",
|
|
"indicator--5ad60491-c5b0-4344-9c7b-4ebf950d210f",
|
|
"indicator--5ad604cf-5324-47a7-b121-4717950d210f",
|
|
"indicator--5ad604f8-dd50-4b52-9771-4024950d210f",
|
|
"indicator--5ad6050d-ee58-4332-b5df-4b28950d210f",
|
|
"indicator--5ad60529-26b8-4106-a709-41da950d210f",
|
|
"indicator--5ad60569-4b3c-4e88-b761-42c4950d210f",
|
|
"indicator--5ad6058c-5b7c-4b6e-9ba7-4cdb950d210f",
|
|
"indicator--5ad605a9-8c94-486a-bf56-4b33950d210f",
|
|
"indicator--5ad605c4-f4c4-4066-8c84-41a1950d210f",
|
|
"indicator--5ad6f828-d124-4a8a-b98c-486c950d210f",
|
|
"indicator--5ad6f8ba-c420-4555-b293-4d40950d210f",
|
|
"indicator--5ad6f91a-2de4-4254-9d2c-4a3e950d210f",
|
|
"indicator--5ad6f9bb-17b8-45f7-95c1-4b2d950d210f",
|
|
"indicator--5ad6f9e4-6c78-41af-a9b3-4281950d210f",
|
|
"indicator--5ad6f9fc-db4c-4b83-bf35-4316950d210f",
|
|
"indicator--5ad6fa19-558c-4a98-acec-4b42950d210f",
|
|
"indicator--5ad7118c-1138-4b45-8e7d-459f950d210f",
|
|
"indicator--5ad711dd-2f60-48cb-8064-47a1950d210f",
|
|
"indicator--5ad7141a-7b48-45e6-b995-4900950d210f",
|
|
"indicator--5ad71704-9bf0-4378-bb92-4080950d210f",
|
|
"indicator--5ad71723-79f0-4756-a2b4-476f950d210f",
|
|
"indicator--5ad71760-a4ac-4bbf-be00-4450950d210f",
|
|
"indicator--5ad7178f-2830-42b7-b039-4712950d210f",
|
|
"indicator--5ad717a7-fb54-41c9-b567-47a0950d210f",
|
|
"indicator--5ad736e3-c084-4e9a-b288-7b76950d210f",
|
|
"indicator--5ad73722-7364-4e67-9abd-20c4950d210f",
|
|
"indicator--5ad73ecf-f4a4-48dd-bc42-7ba2950d210f",
|
|
"indicator--5ad73ef5-ea08-492d-9124-219b950d210f",
|
|
"indicator--3e803fec-57d0-4a64-bffa-8c406bfa4df8",
|
|
"x-misp-object--1d03fb64-13be-4f35-87e1-ad4700b35b8c",
|
|
"indicator--1d4884a7-3654-4522-9024-5916811aa592",
|
|
"x-misp-object--b4b37264-5f7b-43ed-9857-782b9d942a9d",
|
|
"indicator--b5665818-45ad-4e55-872a-d64f9564f57c",
|
|
"x-misp-object--e2c5a4be-2cfe-4eed-8a62-52f5a8918745",
|
|
"indicator--ce15aa39-ec50-4981-8929-3019908b5ceb",
|
|
"x-misp-object--00da20c8-dd00-4c56-bfb0-46add8af6839",
|
|
"indicator--1c88e6ef-671c-48e1-a0d0-9932be1a8cc5",
|
|
"x-misp-object--452c6b20-11a0-41ca-bc89-a8e7de5f2779",
|
|
"indicator--f128ac41-042d-495c-939c-11d3d83d1b19",
|
|
"x-misp-object--05cc5c9e-5cf4-406f-8a8e-c7653cb7dcb5",
|
|
"indicator--e0f188cf-3ab6-4014-9327-4c09757acf99",
|
|
"x-misp-object--08068585-edc1-40fa-a64d-5080ad1e0311",
|
|
"indicator--efdd79ca-bfbd-425d-816a-1de5a615d4f8",
|
|
"x-misp-object--ee5376c5-6962-420f-aec1-e6ac03cf5ab3",
|
|
"indicator--513cd9b4-6715-4444-81de-c6d9f0a86318",
|
|
"x-misp-object--f7d51df1-5efb-42cb-891d-24f914eb835f",
|
|
"indicator--8009eae4-08fe-4674-8c61-3d790fdeb86a",
|
|
"x-misp-object--13ef15ad-c73c-4ae3-b7bb-4827d33f81f3",
|
|
"indicator--f1f3104e-c6b4-4111-a006-5c69509c7f75",
|
|
"x-misp-object--b7e219d4-82e9-40f3-9812-d833f1c4bf60",
|
|
"indicator--73ac235c-e3db-4617-a968-47e2ea6f6b8b",
|
|
"x-misp-object--279cd6bd-aa55-47a5-af76-2826253108bc",
|
|
"indicator--e2119423-0173-4009-b875-e913f911653d",
|
|
"x-misp-object--47f144bd-561a-4e14-b508-d7313f28add9",
|
|
"indicator--526cfc6f-1c12-422e-89ba-f6de05aab48f",
|
|
"x-misp-object--42544fa3-e8aa-4f6b-8869-2b12571c968f",
|
|
"indicator--68952c57-5f30-4f16-b04a-6cadc596e4c6",
|
|
"x-misp-object--0745ebfe-aea5-421a-8e0f-0c298339d924",
|
|
"indicator--7d22be2e-b385-4542-bafd-8cda3281f8af",
|
|
"x-misp-object--6c18a448-9381-44bb-b7ba-97b81413fc84",
|
|
"indicator--b0b5debd-236b-418d-8531-a3bca58059e6",
|
|
"x-misp-object--4d5cd1b8-e117-411c-afae-a3d69e619e90",
|
|
"indicator--aa497e72-a431-479b-8077-5ac653a7ef21",
|
|
"x-misp-object--451113c2-f016-43ed-a80e-dd42f3b61bf3",
|
|
"indicator--a1283755-9512-4fb4-952b-2f4d65e1281e",
|
|
"x-misp-object--24d66f9a-7b0a-4668-8c5c-6ca6050b9148",
|
|
"indicator--9942e1a6-6aff-4d41-9c65-ac96ad725488",
|
|
"x-misp-object--ea2d92b0-2297-4284-9a47-20f003e7649f",
|
|
"indicator--ef41bd1f-8663-4df6-a8f0-a32f05ee2929",
|
|
"x-misp-object--c7efea86-38e8-48f9-bbf4-7ed8e0cccd7d",
|
|
"indicator--40076ee5-8c95-4b32-830d-016ea2cebaf2",
|
|
"x-misp-object--1b50d528-62f5-4f78-9df4-40a2e5a095bd",
|
|
"indicator--c4ce6a07-a96e-491d-912d-93b9c2853c3b",
|
|
"x-misp-object--35102d8f-3918-45f0-b06f-e56249794342",
|
|
"indicator--f93d9038-ecd3-4445-86e9-3887a797a5b7",
|
|
"x-misp-object--5c3c3c27-41c9-4498-be03-8b7e20ef7a01",
|
|
"indicator--4a801296-d29c-4f5f-8b79-cb38789995ae",
|
|
"x-misp-object--b23c1243-8546-43e6-b6ac-bdc9a52e5bd4",
|
|
"indicator--c9b13b31-1a5d-4a7e-a46f-d8dea222c73f",
|
|
"x-misp-object--edd1a003-7c62-43a9-a8a4-f00159990874",
|
|
"indicator--9766aaf4-2b4d-42a8-b271-07a8430ff750",
|
|
"x-misp-object--9f9e8c03-a143-42d7-b717-70ed7682d916",
|
|
"indicator--de30466c-306a-4ff8-a134-3016bd00c2da",
|
|
"x-misp-object--d77bdd19-aec1-4b36-b72e-1d67bb46e2ee",
|
|
"indicator--be24abb2-78bb-4d0a-9dff-b8d9d47ac518",
|
|
"x-misp-object--7988c9d7-a714-433c-a302-4a38a99896d7",
|
|
"indicator--ff8766ca-b4b6-4c3d-a8db-7c64fa5d5166",
|
|
"x-misp-object--82da5b6c-dc6e-4612-be44-ee4bbd7a65e8",
|
|
"indicator--c33e937c-3313-4bd8-9d42-8a213ad27271",
|
|
"x-misp-object--a9affe73-79d3-46e1-9175-550e62f9d545",
|
|
"indicator--5e70ded6-3a06-4520-86d4-77316815da01",
|
|
"x-misp-object--a6d5940d-d687-4031-89c7-d527a7cb1083",
|
|
"indicator--31abe87c-b601-4581-ba6c-55e716214d8e",
|
|
"x-misp-object--d6f9fda9-bb3e-4a6d-951a-ef2b7b91810b",
|
|
"indicator--ea39a79f-3211-4917-8ba8-11798108d030",
|
|
"x-misp-object--36ca324b-a75e-40dc-a318-a368d201799b",
|
|
"indicator--ba5fa1e3-8824-42b7-8158-8885efa936dc",
|
|
"x-misp-object--4b6521e7-b216-4bb7-8b2e-d03294f7a176",
|
|
"indicator--049ddb48-7266-48ef-946e-c19acf93d44b",
|
|
"x-misp-object--44a5a106-6496-434f-837c-f4b710cbcfac",
|
|
"indicator--797ea4f5-30c7-40ac-baf6-28db7149f503",
|
|
"x-misp-object--1086f8ba-2d76-4d9b-b26a-5e18c595f194",
|
|
"indicator--0ed8ca28-2829-4ca6-ba71-03b2a41bf521",
|
|
"x-misp-object--d249aa60-eb0b-4861-a6b4-87b813998e73",
|
|
"indicator--a91eac4f-7259-4a12-8838-2b0f051d6696",
|
|
"x-misp-object--6088b568-f7ad-4a41-a8d8-d4522a466ac9",
|
|
"indicator--e6ea2fd2-8462-4e6f-9a19-cce766827d36",
|
|
"x-misp-object--16acc5bd-90ec-431b-bbca-953b2b06ece8",
|
|
"indicator--ecdf5094-5fc6-44c6-8c47-412f3bb5b255",
|
|
"x-misp-object--98a86f21-1cc1-4708-9b3e-74e14dfe7f48",
|
|
"indicator--77cfb676-5e8d-4566-84e1-4e6817db2990",
|
|
"x-misp-object--f604786f-c9dd-4c19-ab31-aa89044f4a1b",
|
|
"indicator--96745ec9-e044-4f68-a3cb-383e0fa9f872",
|
|
"x-misp-object--b55b4b48-6ba3-44f3-b8da-903bfd98ea29",
|
|
"indicator--3f85b4db-24d4-40a8-a7d8-71d30219b53e",
|
|
"x-misp-object--c55b37c5-82e6-4fc8-a929-4118f95504af",
|
|
"indicator--1852f268-9a82-42b0-8a9e-d7e52d16abbd",
|
|
"x-misp-object--f6ec3f23-3273-49b5-8dea-910fbcf248b5",
|
|
"indicator--37bf3b5d-cb41-409f-94e9-f50be725a4af",
|
|
"x-misp-object--f354861e-6452-4a92-a456-69b235657f4d",
|
|
"indicator--fd71e68d-d005-441d-8ee0-7b5c1812bf8b",
|
|
"x-misp-object--4c74c847-cc7b-492c-87b0-f33694b4c6ec",
|
|
"indicator--139196f6-be99-47ed-b809-73d2853fa944",
|
|
"x-misp-object--0a753999-8af3-41ac-8ddd-dcc50453ed70",
|
|
"indicator--cc2b374f-3d33-44e7-a28a-aa0e6581036e",
|
|
"x-misp-object--78ef6597-c29d-407c-90da-5c9ac51c0d20",
|
|
"indicator--2b1058c5-64f7-4e3b-a392-29bf82262d28",
|
|
"x-misp-object--d46ebad3-0ea9-4fa6-9449-2ed4fd77bda5",
|
|
"indicator--a2904375-8986-41ef-b6b7-4cafbad88a0e",
|
|
"x-misp-object--dd8685d4-ae68-4e10-9a02-4ff2a38bd092",
|
|
"indicator--61c11e5f-54fb-43cc-9485-ccf4f7f6c41a",
|
|
"x-misp-object--23867c24-4af9-4a2f-bedc-dda5c1b39c75",
|
|
"indicator--964d2d64-c17a-4c3e-91bd-80776bc6644f",
|
|
"x-misp-object--6c20a0c5-39a6-49c9-aaf2-9fb0b1938633",
|
|
"indicator--9393f4f9-b9fc-416b-92bd-4c090307ae39",
|
|
"x-misp-object--f22c7776-6135-4800-9901-5a4de6adee83",
|
|
"indicator--c97afdae-f971-4e34-8ce8-c3f0151f6e38",
|
|
"x-misp-object--395fc03d-627f-47dd-a7db-71cf2e558e15",
|
|
"indicator--e1867223-f5e0-4877-a819-9612307f3867",
|
|
"x-misp-object--c3feebd9-263b-4900-a98c-8bec8b9440f8",
|
|
"indicator--b805ea51-f04a-4f6a-8ecf-c9ec51fa83cb",
|
|
"x-misp-object--15222292-8bfb-4e86-91fa-b0e4ec0adc58",
|
|
"indicator--eb42f6f1-2c60-490e-8e04-79cdc4144a37",
|
|
"x-misp-object--8c0ecebc-54db-4732-b8e6-8a3e388aadaf",
|
|
"indicator--7967e5b8-00eb-4320-9412-e01a082c07ec",
|
|
"x-misp-object--7300f602-1abc-44a4-9093-a7e2165d7a91",
|
|
"indicator--6007d8cd-f034-477a-9e08-2fd715e5e884",
|
|
"x-misp-object--27e7462f-edef-4bff-b8fc-d526b1399b40",
|
|
"indicator--04a6579c-e5e5-4b9f-8941-c896ddbea402",
|
|
"x-misp-object--3c579ecb-1bdd-491f-bcae-9aeb77253f1d",
|
|
"indicator--95c00602-db58-40f5-91c5-3b5abeb62f34",
|
|
"x-misp-object--5ef6db2d-f867-495b-9515-aee0b0c69572",
|
|
"indicator--927a32d1-3581-4660-a7cb-b3b983b1d2b6",
|
|
"x-misp-object--f5e79c89-6ae1-40b3-8d64-7ccc44962818",
|
|
"indicator--33ada061-a11c-4b80-bfe1-2a219c8b4216",
|
|
"x-misp-object--4d75191a-9322-46a4-8bb1-28edd400300e",
|
|
"indicator--231da622-eca5-46f9-8b3d-7a60271bbf5a",
|
|
"x-misp-object--d8b83106-c718-4884-bc69-e1ec3157b231",
|
|
"indicator--900b2299-4d91-4311-8eb6-3d8dcde3c53e",
|
|
"x-misp-object--ba9454c8-868b-4c61-99a5-7f1c6eaba02e",
|
|
"indicator--123260f2-c093-487a-8da6-0a38a26956b0",
|
|
"x-misp-object--52bb8f52-813c-42b9-b810-935626ee2a80",
|
|
"indicator--b9967b9a-c9d0-48cf-8c84-d7527995794e",
|
|
"x-misp-object--bf02e3cf-264a-406b-bafe-860ff8d96eae",
|
|
"indicator--1aa193f1-c768-4a16-a2cb-0c0381dba191",
|
|
"x-misp-object--6bd8fb6f-dd9f-4d3f-aa56-e4c18e904991",
|
|
"indicator--67459c2e-6974-4168-a4bb-0c94041b7a1c",
|
|
"x-misp-object--d2ae4a97-361c-42ac-90f2-42867b1bec12",
|
|
"indicator--7ee2136a-174e-41ca-8e77-c55b330a2d7d",
|
|
"x-misp-object--4dcb2323-6adc-4e6f-9a4c-4da633df6bfa",
|
|
"indicator--a558cc1a-df6e-4ddd-bd8c-694a27a2e298",
|
|
"x-misp-object--ff7f2a21-2be3-447a-9137-7fd1eb8a7100",
|
|
"indicator--966e7ca9-3fb4-4d2a-8c16-b8911848b40b",
|
|
"x-misp-object--6b683fae-c19a-4048-a4df-87877482042a",
|
|
"indicator--871505a5-67b3-4e0e-a061-771e9e689bf3",
|
|
"x-misp-object--da838904-52a0-4aba-a34c-444c519ca9e9",
|
|
"indicator--b1c027bf-e678-4107-9332-782883a20df5",
|
|
"x-misp-object--e18d455e-9797-4cfd-bc4e-7f58784671eb",
|
|
"indicator--2eaac486-82b0-49c2-8dc7-c0e0d1334bc5",
|
|
"x-misp-object--4880b0ee-33df-4e81-8a32-8f53fabe84e0",
|
|
"indicator--f74b8766-0e2c-48dd-97fe-7a6bcbd3683f",
|
|
"x-misp-object--d5e5151a-6fe7-4aea-8c1b-f384641f3de1",
|
|
"indicator--5e508395-c56b-44f3-8d8f-c27378c24948",
|
|
"x-misp-object--91d65c73-3c78-4c78-9b43-04795a21d2dc",
|
|
"indicator--ce1148cb-ccbb-4534-a264-987b0a02387e",
|
|
"x-misp-object--7b05f522-f1e9-4890-b0bc-3dcbcd58388e",
|
|
"indicator--8ed19c62-1efa-47b5-bd86-5ce3ea96eea3",
|
|
"x-misp-object--ba0df232-2b85-4c6e-ad5f-0bf6e12cc26a",
|
|
"indicator--c750f8a8-1526-41bf-9e8c-3ac273664df7",
|
|
"x-misp-object--1d1ce1a4-cf6c-4dee-83fd-c67c479b0e7b",
|
|
"indicator--0b93c146-e37e-43df-8900-5c0faf08a5f5",
|
|
"x-misp-object--066ffd6c-1f8a-4876-b8e7-4c6c950c58d8",
|
|
"relationship--aeb1b27a-342d-47fe-8811-1ff006ad28fd",
|
|
"relationship--f513dd53-0116-49b0-88ca-5c277bb0f177",
|
|
"relationship--53413958-9202-43c4-8b20-995269e4b13d",
|
|
"relationship--ec0c2ea8-2a59-460c-9c95-8961d7fd7511",
|
|
"relationship--2eaf13e2-7b68-4b46-af9e-7f9cf99274ee",
|
|
"relationship--705c72c8-3e68-4c82-87d9-830db40274bb",
|
|
"relationship--59f5e5ad-0688-4519-839d-c1664983c9c2",
|
|
"relationship--86ace387-b45c-49b8-9e50-7572f28d9217",
|
|
"relationship--81c851f0-a8a9-423e-ab8f-744989fc7d10",
|
|
"relationship--79cb4d1f-5223-41a5-b762-58cf9264888c",
|
|
"relationship--c70a7907-af61-4c7a-b38e-ee6d90312d2f",
|
|
"relationship--deef7b62-a715-434d-9142-7291cba7befe",
|
|
"relationship--cbda5d89-4c17-4901-a705-8ee56a95b3c0",
|
|
"relationship--abc27080-fcbb-45fc-a080-b668be290e68",
|
|
"relationship--88ddd1b4-3149-4575-a744-d258deb20cd8",
|
|
"relationship--92d898a0-9f5e-4654-96e9-ca011159b3a9",
|
|
"relationship--d07146f7-0137-414f-995d-ebc27af83e03",
|
|
"relationship--68390a3c-af55-4a92-abd3-5c9bd2a8afa2",
|
|
"relationship--67a33928-1c08-4f3a-b275-b8c1529613b0",
|
|
"relationship--5478c2ce-7c55-4b78-9275-ba2d80968474",
|
|
"relationship--259aae57-7643-48cd-9a08-4864c9592649",
|
|
"relationship--fa9ee0a4-c4d4-4cd3-b401-1acef113b628",
|
|
"relationship--20f191d8-8dce-4c82-b328-e809f85a993d",
|
|
"relationship--fb0aae79-1f6b-4282-a83a-3d263874941f",
|
|
"relationship--4f4de85a-8cc9-4e84-95f9-7693eb86c2a0",
|
|
"relationship--90e16fbf-3fe9-45f8-92b8-cd1c1e961a10",
|
|
"relationship--9d15e6d0-1b31-4c27-92df-cc4d682d33b1",
|
|
"relationship--2a09145c-eaab-4547-8d8c-53c91ad82fe8",
|
|
"relationship--f5929fc7-a00f-48d7-93bd-3ea82e7fc1cc",
|
|
"relationship--ee051d8f-ee4b-49c9-a534-b394b581023c",
|
|
"relationship--8ca0a5e1-d149-4093-a314-341978723835",
|
|
"relationship--900a697f-b3a6-42c8-a1a8-2794f0e0d175",
|
|
"relationship--ab0e267a-7645-4797-a69e-3d79bfb457a1",
|
|
"relationship--9ecc2a20-e85e-4518-9e87-b7c9d4293f43",
|
|
"relationship--b129c3bf-ef1c-448a-bc40-e4f663f99f93",
|
|
"relationship--b2c02ff1-18fa-4f84-b4e6-468df3df4339",
|
|
"relationship--16a2ca59-8e37-4e06-aa67-93a933931408",
|
|
"relationship--162ac781-c5cd-415f-9ac3-050460173f3e",
|
|
"relationship--8a5e4034-9ac2-48d5-9bb9-5e36af3bd31d",
|
|
"relationship--9ec7827b-0dd7-4a65-957d-ad8a6e19a6b4",
|
|
"relationship--ef0973da-3965-4b91-b47e-04b96595ee25",
|
|
"relationship--a615abe7-96df-4f68-97ba-08e8d3b74eeb",
|
|
"relationship--da52817a-19bb-4071-b96f-53511b30a27b",
|
|
"relationship--4e9e7834-f945-41d4-95b7-86c25d44f61c",
|
|
"relationship--c1600516-3e67-4fde-8be8-32b2b73210c2",
|
|
"relationship--6450b19d-a614-41a2-8bcc-1d0103af4c75",
|
|
"relationship--221e2a72-be54-4537-9b4b-0bf95ae35c93",
|
|
"relationship--20c2ab40-cedf-4fa7-a177-375d5f8f6885",
|
|
"relationship--a424c92f-fbee-4fbe-8157-6dfeba329057",
|
|
"relationship--b3ab01b7-8385-4def-aa9f-9c93c987f902",
|
|
"relationship--20a457d5-26ec-4475-8dd5-61dab4ded549",
|
|
"relationship--beb207a2-6bb1-4084-bd20-e6615c27e6da",
|
|
"relationship--04be0f1b-5e79-4dff-90a6-9a78b443500e",
|
|
"relationship--62ad4326-02bf-47ab-b0cc-f79585e93d77",
|
|
"relationship--e20408e9-58a0-4722-a07b-850620582044",
|
|
"relationship--93b642f4-01f0-486f-b0ac-b3cd80313335",
|
|
"relationship--9a0148f7-5e5d-47bc-9361-63881815617e",
|
|
"relationship--ee7446f0-26d3-4adb-ae05-5039d90dcf6c",
|
|
"relationship--b71fb009-4bee-49ff-b60b-1e17a795ed4e",
|
|
"relationship--f27cd957-54f3-4437-90ba-64a6fa2ea451",
|
|
"relationship--711b9012-aec0-413e-a117-a85130feeeb8",
|
|
"relationship--999c16e3-6819-4d14-ac26-0fe2b971edd0",
|
|
"relationship--eec8c1a5-1c81-45bc-a90c-a5450e1cce85",
|
|
"relationship--6f511e0a-4267-4156-9a90-3b328d0e4d9e",
|
|
"relationship--3d004b74-ec80-4a38-8170-e96c8c504e68",
|
|
"relationship--06c15cf8-763a-42df-9899-a3b95d25bac4",
|
|
"relationship--25337171-cae3-4641-b485-1c1a522861dc",
|
|
"relationship--6089b2a0-17af-4550-9abe-6a41a953f0f0",
|
|
"relationship--a51876ee-4676-4001-8a27-cdb8ee72dc52",
|
|
"relationship--338103f7-cc64-4ccc-a7be-a301d602395f",
|
|
"relationship--624709da-f03a-4312-9167-218081e25095",
|
|
"relationship--cd847c4f-a667-44d4-ae52-fa50cdda3313",
|
|
"relationship--53e13e10-8b96-49cc-906c-63381cbc4a6b",
|
|
"relationship--779506e9-26ba-4d5d-b3d4-90cbdd037b6d",
|
|
"relationship--b655a041-ee55-4fd4-9b42-bfc06bfac19d",
|
|
"relationship--f071a8c5-4ab6-4da9-835f-7ab29e950cc2",
|
|
"relationship--ab47ff73-0973-4272-8a6e-ca6588df7b62",
|
|
"relationship--e9776ba0-80a7-43a2-80c4-073b3ba94aee",
|
|
"relationship--5c9c1816-6cdb-4742-bab9-b927a24f28ab",
|
|
"relationship--c484af95-ddfb-49bf-8a63-33dee07b3422",
|
|
"relationship--c044fcc2-5939-4afc-9924-873858cdf1af",
|
|
"relationship--501fa497-f4bd-42e0-ae37-a580753d586c",
|
|
"relationship--191c3ec4-a7f0-46eb-9dfe-4448ce41afe4",
|
|
"relationship--4a42fd96-0a06-44b3-863e-29c3e21c0dfc",
|
|
"relationship--0843286f-e24d-4602-aeaf-ae072a912f76",
|
|
"relationship--95b33020-3b0b-41bf-8508-1d366872aeb5",
|
|
"relationship--6732c0b9-2daf-461c-9d18-cebb3be2f3da",
|
|
"relationship--418fb285-d8e3-4282-b494-16bd660b469c",
|
|
"relationship--98ad2590-0aa5-4646-9843-1e9a88672291",
|
|
"relationship--d1f14654-f236-48d9-b07f-8ba83f40bd27",
|
|
"relationship--c8a53d92-0abf-45e1-9e67-9c71bf6bc326",
|
|
"relationship--aafc91f9-0b63-4439-85d6-d1cb939b349e",
|
|
"relationship--7ed29d8d-59f9-4855-bfeb-4bcaa6bea8a6",
|
|
"relationship--c92afaa9-7902-46c4-84b7-50922697007c",
|
|
"relationship--03167b56-0c2d-4086-833a-33f3eb444563",
|
|
"relationship--fbb26d35-666f-4e47-b2de-26c9407b5556",
|
|
"relationship--4278a607-18d2-4c1e-bc6b-89cc0c68d140",
|
|
"relationship--c89fdabd-fa5c-4994-a1ee-2882dc243f6f",
|
|
"relationship--d0ee69e3-8490-4474-91bf-9f7af1437c9f",
|
|
"relationship--beed884e-b838-4c95-856d-64f0f0b8fdfb",
|
|
"relationship--5904f154-8950-46b8-8c66-c1de1f1a8569",
|
|
"relationship--641b3fd5-025e-4b04-a7fa-093843a064ae",
|
|
"relationship--25a9c89e-f1f9-43d8-af1e-4c96b4a73a2b",
|
|
"relationship--27d543e8-4189-4968-8b82-af3732a07ec6",
|
|
"relationship--93b7a7bd-1164-4526-b192-78fc823bc570",
|
|
"relationship--71e73acd-52d0-4f10-a44d-4946b7ec7d19",
|
|
"relationship--29cf049b-5586-4806-b05d-31b94a7d1346",
|
|
"relationship--6eb54c29-b810-4067-8133-d68ebbf1d9b3",
|
|
"relationship--1eb7d282-c8a4-4403-858b-2d00f1cfac1b",
|
|
"relationship--6ea340aa-78c6-477b-98cd-16ef0d290481",
|
|
"relationship--a5e19476-f53e-445b-ac02-92d058bcd91a",
|
|
"relationship--c4f712e2-476d-4317-a9cd-590cad4c4ca3",
|
|
"relationship--ba321ec4-0429-4b7a-aef6-140cdf76546d",
|
|
"relationship--cdf31a08-ce11-4b36-8a9f-02e50bda3b68",
|
|
"relationship--121c2ec6-f47b-49d7-984f-2c276d273adb",
|
|
"relationship--5c5388b0-44e0-4f06-9111-8eb6a8dbd54d",
|
|
"relationship--f4ef31f3-f893-4184-a259-0de53aedd081",
|
|
"relationship--8e987c91-a6dc-4467-8e4b-b9a405aaf1f1",
|
|
"relationship--036ecc8b-72ca-48cd-bf96-e479ddb2bb97",
|
|
"relationship--e000c227-c7b6-42f7-99e0-1e810bbf0ca7",
|
|
"relationship--b1fa69c6-f715-46d4-86a3-ebb771b094cc",
|
|
"relationship--387aa0fe-b863-442f-bf82-ebf74d315845",
|
|
"relationship--1cf96210-67c2-4374-87a0-c42d0acac5d3",
|
|
"relationship--1d9dcb16-aa43-4d71-96d4-e19ad35696c6",
|
|
"relationship--0ea2c1b5-74cf-4aeb-aa01-735238c6392c",
|
|
"relationship--4298125a-670c-4cbf-9134-1116b9b8ba4a",
|
|
"relationship--ef5d72f0-f2c7-4735-9aa5-0076a124d315",
|
|
"relationship--a0a10d30-8431-4bcd-a0f2-6e1e79884a42",
|
|
"relationship--eaca633b-48ca-4b15-855b-fd5e81408a16",
|
|
"relationship--2cb1753c-71bb-488f-aa08-8bffd52c92b5",
|
|
"relationship--42d04483-2802-4ecd-b737-e5f5877d960d",
|
|
"relationship--be4a4a33-f2e2-4697-aa87-a4a23e832b8d",
|
|
"relationship--9f1e59ab-22d8-40e7-baa9-6f2322268cd6",
|
|
"relationship--d8d93dc5-28e9-46c5-9114-b8b3841e95b2",
|
|
"relationship--2beda80b-6ffc-42c2-bb0f-c201a98a441c",
|
|
"relationship--13ffac55-54d2-407e-9109-09bc23295222",
|
|
"relationship--2a2b90f6-bc84-49b8-9611-97b5525c6d49",
|
|
"relationship--20be3246-0f68-41c2-b482-15efb2610558",
|
|
"relationship--4c7b36c6-1c68-4a2b-9563-5158d92fca26",
|
|
"relationship--a42f8342-d8f4-4f34-a4ab-f4529c8fa280",
|
|
"relationship--551cb2e4-4a0a-4fb6-80c1-476942b84f49",
|
|
"relationship--ae9619ae-f8dc-437c-8965-459b5b54b9b8",
|
|
"relationship--627a8610-342b-4c48-a199-9d61bc471af4",
|
|
"relationship--cfd52477-3fed-4f72-b74a-9f971e528b2d",
|
|
"relationship--09d96cbb-8652-45ef-b6d1-8e49bb4d1f2e",
|
|
"relationship--51e168bb-1d10-4611-9987-b50f83be1eb6",
|
|
"relationship--4f2c219d-f8d1-4af7-a269-c3442c8f28c9",
|
|
"relationship--8acc8015-fb95-420b-ace5-c68a5fe01968",
|
|
"relationship--52670aff-e09a-49a1-93ef-7022382e0c82",
|
|
"relationship--7ffb8561-3805-4e3a-8715-fc09beb622ec",
|
|
"relationship--a5049574-321b-4205-8791-8b02ae5129b2",
|
|
"relationship--83809770-e294-4958-b2e3-4b114ba8176d",
|
|
"relationship--3098cbcc-e939-40e9-ae87-c5d0aedbe623",
|
|
"relationship--3aca9ea7-756d-4e96-a601-a1ccd29d2183"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc17-d2b4-4902-8453-2133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:08.000Z",
|
|
"modified": "2018-04-20T09:07:08.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.77.68.17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc17-bb60-4d19-a86c-2133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:08.000Z",
|
|
"modified": "2018-04-20T09:07:08.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.78.78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc18-7ee8-4354-ba91-2133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:09.000Z",
|
|
"modified": "2018-04-20T09:07:09.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.63.57.87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc18-1580-4efa-b81c-2133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:09.000Z",
|
|
"modified": "2018-04-20T09:07:09.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.192.16.184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc18-346c-4a97-a0f9-2133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:09.000Z",
|
|
"modified": "2018-04-20T09:07:09.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.37.56.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc27-d3f0-4174-86a2-2105950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:10.000Z",
|
|
"modified": "2018-04-20T09:07:10.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[domain-name:value = 'gpt9.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc28-8c90-49e9-8dd9-2105950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:10.000Z",
|
|
"modified": "2018-04-20T09:07:10.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[domain-name:value = 'optcdn.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc28-15b0-4355-836e-2105950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:11.000Z",
|
|
"modified": "2018-04-20T09:07:11.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[domain-name:value = 'www.userbest.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc28-6cd4-4054-8e52-2105950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:11.000Z",
|
|
"modified": "2018-04-20T09:07:11.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[domain-name:value = 'optitm.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5bc34-d378-4050-9152-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:12.000Z",
|
|
"modified": "2018-04-20T09:07:12.000Z",
|
|
"first_observed": "2018-04-20T09:07:12Z",
|
|
"last_observed": "2018-04-20T09:07:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5ad5bc34-d378-4050-9152-2134950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5ad5bc34-d378-4050-9152-2134950d210f",
|
|
"value": "https://blog.talosintelligence.com/2018/04/threat-round-up-0406-0413.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc56-ba44-4b4d-a342-4a3d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '599d9e37c39ec47a50b512e01449a37ff3c3354ed0b9b4de2ca7e8f2d3a33bfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc56-ae30-40dd-b2ac-49b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '4d0f0b7c9a3b8694895275fcc45aa1df3e6f2ad0c58563a40ac80776c705f821']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc57-a220-41bf-94f1-457a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '0aeb76bb929ea68275b904412054c3b15a73fd6479ee3daecd5ffd4c407eb721']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc57-1784-41fc-b9b5-4dae950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'c76394aaf293cbf4bf3b9d7a94c251feac11435204664d700bb4bd87da3c1898']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc57-c3f8-4904-8e25-4e98950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '66c2586add3eac9184972cfc7a6172532c16dc0d1e1f874e4cd3fa2276657c2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc58-2758-4247-bcc6-4aac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '02cb3c5568577ed9658fcf68b9f776d720e2f7355090b10875f0f9bb2b8ed161']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc58-adf0-4b60-806e-4abb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '5f7f8a6fd32cf4d91efe01c2f1b7c4fd5f509b504af134a08c6c688ba9597ea6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc59-4570-49e8-88fb-431d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '3c9c3423951655b97251bf5d3d12fe59fcf96d4274c4887b88744438371fe61b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc59-8f48-4308-8bfb-49d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '4e496591b9c2c9722c07746edfc7892b178b8965bb4c452322caab68b2d5f262']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc59-aa78-41b1-9d73-46bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '2eed2f22d055d605a8387d35610e4e82815eb29b7212de12088202efa54d3c31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5a-de94-4d91-901d-4658950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '0073f6d57c2e4ca1871dc1a5e270160e734b2d79bd9b7b55b82a8ddc53aaac0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5a-4b04-477d-890c-4d36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'c21fdd9a5d244aed75890c59094789c2f46815983084f4bc5966ae28630908a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5b-7e08-4f15-af49-478d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '98f7b5afa98edbfcb4a6f502d9d29e6bb0912a6bcb7a14abe3a9a60e0487b201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5b-f808-4a39-b552-4db5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'c7e92cc3f88c7180e2774f2641c593ebebedee3424314fdd8fa8365f6cd0000a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5c-da98-4b7a-b9f6-4201950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '1937b1e07be1737d79a3a4b1ea9c5ab0a56f1c3ce44d2e34d705a7b69b9346cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5c-c52c-4d38-8067-450f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '310848da5dd6e75c8df5bc00223582a7b7e6fbef90ca45222948eaba546be3bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5c-5da8-42af-951d-4d53950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '40a0f808c1fd873c364850d95e2f0adb0ca24740945702de5c0552a5afc60612']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5d-e9b0-40b1-acc7-44b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'b609c46124d069b2299de3896a5cc2f7540e4effcba462e7f5300573666efd4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5d-fd5c-4e4e-980c-49e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'd7e95936470c9747f9c803d3839159e86112afbe49d68b578775f1c29141d502']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5e-ec34-4911-b09f-4b75950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '036d8c2a089ea0870fa37060c96928789a8b373ca0795d1c06db443b53dc5882']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5e-d19c-4bc2-bcd7-4bef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '2b7662b93abcd312eb2c4d66c246af9dc7c43a511fae5dddd11617bf2ced16c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5f-fe68-49c6-a3c9-4a6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '5795c26debe0c06d1f1968730a84efeed69f0493b23f8411b3ea60781e7a24a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc5f-1d74-4651-a100-450a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '6856286bb8ac5961f58831e7e4fa6debe7a4a399e5ffa56d37e7ca78f1588871']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc60-df30-4572-bdf6-47f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '6db67b808d476e3412034571798447aafbbe320a0884a417a7d7fae604440c6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bc60-0670-4423-ad02-4b87950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:20:43.000Z",
|
|
"modified": "2018-04-17T09:20:43.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'acaa87b92f1e2ee316033624e4760ca4f9c781e82b72949c46861c7652cf74c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bca9-d554-437a-bcaa-46f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:12.000Z",
|
|
"modified": "2018-04-20T09:07:12.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.171.248.178']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bcbe-06c4-474e-ab97-4145950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:13.000Z",
|
|
"modified": "2018-04-20T09:07:13.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[domain-name:value = 'dns1.soprodns.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:14.000Z",
|
|
"modified": "2018-04-20T09:07:14.000Z",
|
|
"first_observed": "2018-04-20T09:07:14Z",
|
|
"last_observed": "2018-04-20T09:07:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--5ad5bcbe-780c-4a6d-bfbf-4fd4950d210f",
|
|
"value": "ipv4bot.whatismyipaddress.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd2a-1fdc-4e2b-bf6d-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:14.000Z",
|
|
"modified": "2018-04-20T09:07:14.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.54.117.217']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd2b-4298-4151-a76a-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:15.000Z",
|
|
"modified": "2018-04-20T09:07:15.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.65.121.51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd2b-dac8-4912-aec3-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:15.000Z",
|
|
"modified": "2018-04-20T09:07:15.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.200.23.95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd2b-7418-468b-ae9d-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:15.000Z",
|
|
"modified": "2018-04-20T09:07:15.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.250.149.195']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4d-1490-4fae-95c6-4454950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:16.000Z",
|
|
"modified": "2018-04-20T09:07:16.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.atopgixn.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4d-4a24-4c7e-b423-4ea0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:16.000Z",
|
|
"modified": "2018-04-20T09:07:16.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.gstringguitarco.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4e-5980-4712-9599-4250950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:17.000Z",
|
|
"modified": "2018-04-20T09:07:17.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.mymugcity.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4e-af4c-41b7-a076-4962950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:17.000Z",
|
|
"modified": "2018-04-20T09:07:17.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.snhvwa.men']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4f-2c18-405a-adab-43d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:18.000Z",
|
|
"modified": "2018-04-20T09:07:18.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.mankafei.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4f-71ac-439d-a73d-45fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:18.000Z",
|
|
"modified": "2018-04-20T09:07:18.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.9999zh.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd4f-52ec-437a-997b-414b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:18.000Z",
|
|
"modified": "2018-04-20T09:07:18.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.dltecgeradores.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd50-e740-490f-86fa-4ee2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:19.000Z",
|
|
"modified": "2018-04-20T09:07:19.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.zswlu.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd50-f0d0-47a7-a915-4991950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:19.000Z",
|
|
"modified": "2018-04-20T09:07:19.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.bitstubs.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd50-a1cc-4857-aa5d-44f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:20.000Z",
|
|
"modified": "2018-04-20T09:07:20.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[domain-name:value = 'www.allsystemstoupgrades.win']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd6d-0178-4d74-8d40-4ba1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:20.000Z",
|
|
"modified": "2018-04-20T09:07:20.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrv.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5bd6e-7378-4136-8027-41a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:20.000Z",
|
|
"modified": "2018-04-20T09:07:20.000Z",
|
|
"first_observed": "2018-04-20T09:07:20Z",
|
|
"last_observed": "2018-04-20T09:07:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5bd6e-7378-4136-8027-41a4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5bd6e-7378-4136-8027-41a4950d210f",
|
|
"key": "%TEMP%\\Gsdf0d"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd6e-c170-4c8b-856b-4635950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:21.000Z",
|
|
"modified": "2018-04-20T09:07:21.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsnD1EF.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5bd6e-86dc-418e-9aa9-4362950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:21.000Z",
|
|
"modified": "2018-04-20T09:07:21.000Z",
|
|
"first_observed": "2018-04-20T09:07:21Z",
|
|
"last_observed": "2018-04-20T09:07:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5bd6e-86dc-418e-9aa9-4362950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5bd6e-86dc-418e-9aa9-4362950d210f",
|
|
"key": "%TEMP%\\zvu"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd6f-2d30-421e-9ba1-430d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:22.000Z",
|
|
"modified": "2018-04-20T09:07:22.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logim.jpeg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd6f-e854-47a9-9995-4661950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:22.000Z",
|
|
"modified": "2018-04-20T09:07:22.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Microsoft\\\\Windows\\\\WebCache\\\\WebCacheV01.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd70-aa20-4e06-9194-4635950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:22.000Z",
|
|
"modified": "2018-04-20T09:07:22.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp\\\\System.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd70-1c58-4be6-aef8-4f0e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:23.000Z",
|
|
"modified": "2018-04-20T09:07:23.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logri.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd70-c500-4493-9481-4d18950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:23.000Z",
|
|
"modified": "2018-04-20T09:07:23.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5bd71-4894-4eb5-a879-493a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:24.000Z",
|
|
"modified": "2018-04-20T09:07:24.000Z",
|
|
"first_observed": "2018-04-20T09:07:24Z",
|
|
"last_observed": "2018-04-20T09:07:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5bd71-4894-4eb5-a879-493a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5bd71-4894-4eb5-a879-493a950d210f",
|
|
"key": "%ProgramFiles(x86)%\\Gsdf0d"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd71-a870-415f-8710-4ae5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:24.000Z",
|
|
"modified": "2018-04-20T09:07:24.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsc8B5E.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd72-a33c-4f97-8452-4c2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:24.000Z",
|
|
"modified": "2018-04-20T09:07:24.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27log.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd72-8f20-4bf5-9743-43ec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:25.000Z",
|
|
"modified": "2018-04-20T09:07:25.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp\\\\System.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd72-706c-4609-92d7-4930950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:25.000Z",
|
|
"modified": "2018-04-20T09:07:25.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd73-a3b0-4af3-ba12-47f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:26.000Z",
|
|
"modified": "2018-04-20T09:07:26.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrc.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd73-6a70-4b8b-af9b-4afc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:26.000Z",
|
|
"modified": "2018-04-20T09:07:26.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5bd74-37f4-46c9-a6bc-459a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:26.000Z",
|
|
"modified": "2018-04-20T09:07:26.000Z",
|
|
"first_observed": "2018-04-20T09:07:26Z",
|
|
"last_observed": "2018-04-20T09:07:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5bd74-37f4-46c9-a6bc-459a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5bd74-37f4-46c9-a6bc-459a950d210f",
|
|
"key": "%AppData%\\K27P0CT0"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd74-85b4-4cf0-919e-4868950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:27.000Z",
|
|
"modified": "2018-04-20T09:07:27.000Z",
|
|
"description": "Files and or directories created",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd95-354c-49a7-95bf-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:41.000Z",
|
|
"modified": "2018-04-17T09:25:41.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '44f6b3cea3a371a7cd6161739dcc6f9f96a40c8c732b1acd8042a2991a9bbf73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd96-3784-4d69-a211-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:42.000Z",
|
|
"modified": "2018-04-17T09:25:42.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'd62ee1186d8a8c7d84b2a03e0bee1c13c47d133a55238ba7c367f9539e6c9b17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd96-1d30-4389-9fb6-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:42.000Z",
|
|
"modified": "2018-04-17T09:25:42.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'df9f1a4e2cb4247132c7442aedfe873c5e801ab048e0236407066c3acd5ec79b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd97-e4b4-4de5-95ab-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:43.000Z",
|
|
"modified": "2018-04-17T09:25:43.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'd8f1f59b81a985f538fc0a51c85c688794f94b28a06883ba9dadfb4b0c8bccd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd97-6bbc-4b0b-9aa6-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:43.000Z",
|
|
"modified": "2018-04-17T09:25:43.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '2ca04f3c65e3fd16b9c879c7db4cc8025279463dbb965e3954e35106fe952e86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd98-ed34-4052-ae05-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:44.000Z",
|
|
"modified": "2018-04-17T09:25:44.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '3538c0a7785ab6d418112d10cd6844ded5745064840d18d74d9b978dea1fe1a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd98-cf6c-4d74-a084-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:44.000Z",
|
|
"modified": "2018-04-17T09:25:44.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '09cc6c9e39425a71ccdc26ffd8a67179043b20f646286685eea24e6bb00b12d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd98-e250-4bd5-a891-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:44.000Z",
|
|
"modified": "2018-04-17T09:25:44.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '725752c4bda82acf554aad37fe97d08f4367c9a1e5d40b6fe17cdc94adf040fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd99-d9a0-47ea-a8be-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:45.000Z",
|
|
"modified": "2018-04-17T09:25:45.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '3d756dcf4397cb6b0d406b9f70eb18029965fce0110c0290af6ad73468aa2c1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd99-4084-48e3-b142-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:45.000Z",
|
|
"modified": "2018-04-17T09:25:45.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'ef4d20220eaecedc0b3069192843bd5eddc196b25a9e083fd16d19ae100374df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9a-a804-41f0-a284-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:46.000Z",
|
|
"modified": "2018-04-17T09:25:46.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '70d50a77db7cb028163638a7e58c354e1fbab4757323ad9eccfb51e9b257f83c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9a-95c0-4312-a2af-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:46.000Z",
|
|
"modified": "2018-04-17T09:25:46.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '35c996576eba666a33e26bc25122196de365465da8ebee70930b9c4ec6be7313']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9a-6830-4f10-9018-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:46.000Z",
|
|
"modified": "2018-04-17T09:25:46.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '330a8b46f74f5d4af759b18db64dfd9af2ef3e429d597cd4522148fb78633000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9b-2c78-44ff-85f3-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:47.000Z",
|
|
"modified": "2018-04-17T09:25:47.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'ac6fbd8f18bb93cfac31af73eb9cf6a1aa925b95d44b42b3659ecfd49209ec76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9b-8d54-4ba2-b249-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:47.000Z",
|
|
"modified": "2018-04-17T09:25:47.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '711155de0073adc2f68fc4088253f92f43a696bbf5d8f892f902724be37668f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9c-cad0-43fd-892d-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:48.000Z",
|
|
"modified": "2018-04-17T09:25:48.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'c1e6324086192a47c60daee91f9f906c2ceb03cac0c67a8ed3f0a31c37e3a991']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9c-f994-4ea5-8975-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:48.000Z",
|
|
"modified": "2018-04-17T09:25:48.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '5301f9401c7d7ac485d0169085222c64ec2de6f14783cad6150b7c6f0f368c7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9c-031c-40d6-98bf-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:48.000Z",
|
|
"modified": "2018-04-17T09:25:48.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '96847279dd3564a5d689bf310483fe351fac55e54a440d15e55f0bb7d35baab6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9d-e554-4fc7-ba1d-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:49.000Z",
|
|
"modified": "2018-04-17T09:25:49.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'aebb84da20c2c92da398b1e5fcc8adc6bfe893d5a8b56c5cd1beb42b3fa5f069']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9d-1e1c-434f-bbb3-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:49.000Z",
|
|
"modified": "2018-04-17T09:25:49.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '2a0904b6301b42ed0838633b161c947a781600fc884b0fc499f906a49ea38292']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9e-5030-431e-8562-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:50.000Z",
|
|
"modified": "2018-04-17T09:25:50.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '0e1c8a62bd632cd364d16dcf0839531c8dcb443269f4478f301e4adf758977a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9e-30e8-4ffa-968b-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:50.000Z",
|
|
"modified": "2018-04-17T09:25:50.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'f34354749657c44beee0b1d7f5cdc4a31c858eab565fc2592f96c69eb9d501e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9f-7848-4529-bb8e-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:51.000Z",
|
|
"modified": "2018-04-17T09:25:51.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '8ecfcfc939e40cc943df83f548286c2f7f519a53e195b3ae595e0bef39baee29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9f-a110-4657-ae42-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:51.000Z",
|
|
"modified": "2018-04-17T09:25:51.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = '21178d6e06ded3b1a43e98eb781220c37e729ef081bd160f168fc465313ea4ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bd9f-daa4-41b1-8eaa-2135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:25:51.000Z",
|
|
"modified": "2018-04-17T09:25:51.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[file:hashes.SHA256 = 'ef4b97346e1ee359feff43d136f3dd6031993fb47bdfd25520b4fc3279d3649b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:25:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-9404-45af-be5e-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:27.000Z",
|
|
"modified": "2018-04-20T09:07:27.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrv.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-be08-40da-84a4-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:28.000Z",
|
|
"modified": "2018-04-20T09:07:28.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Gsdf0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-9c44-4bf6-afee-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:28.000Z",
|
|
"modified": "2018-04-20T09:07:28.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsnD1EF.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-76fc-4b80-bced-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:29.000Z",
|
|
"modified": "2018-04-20T09:07:29.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\zvu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-eb9c-472a-8557-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:29.000Z",
|
|
"modified": "2018-04-20T09:07:29.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logim.jpeg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-ac8c-40ef-b307-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:30.000Z",
|
|
"modified": "2018-04-20T09:07:30.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Microsoft\\\\Windows\\\\WebCache\\\\WebCacheV01.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-6ea8-407f-95c6-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:30.000Z",
|
|
"modified": "2018-04-20T09:07:30.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp\\\\System.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-1f94-4184-b3e3-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:30.000Z",
|
|
"modified": "2018-04-20T09:07:30.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logri.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-e660-4caf-90e5-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:31.000Z",
|
|
"modified": "2018-04-20T09:07:31.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-ad90-4ea3-9e89-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:31.000Z",
|
|
"modified": "2018-04-20T09:07:31.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Gsdf0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-56ac-4c9f-9041-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:32.000Z",
|
|
"modified": "2018-04-20T09:07:32.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsc8B5E.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-ed08-4849-bd91-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:32.000Z",
|
|
"modified": "2018-04-20T09:07:32.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27log.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-8940-486f-9da7-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:32.000Z",
|
|
"modified": "2018-04-20T09:07:32.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp\\\\System.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-0ffc-473b-8bec-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:33.000Z",
|
|
"modified": "2018-04-20T09:07:33.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles(x86)\\\\%\\\\Gsdf0d\\\\mshlg4q6x.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-9528-41d6-aac3-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:33.000Z",
|
|
"modified": "2018-04-20T09:07:33.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0\\\\K27logrc.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-26d4-4a61-a6f6-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:34.000Z",
|
|
"modified": "2018-04-20T09:07:34.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsi8B7F.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-2bfc-420c-833f-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:34.000Z",
|
|
"modified": "2018-04-20T09:07:34.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\K27P0CT0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bea5-4c18-42bd-9eec-2443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:35.000Z",
|
|
"modified": "2018-04-20T09:07:35.000Z",
|
|
"description": "Files and or directories created - Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nstD210.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee6-e57c-4fb9-ba55-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:18.000Z",
|
|
"modified": "2018-04-17T09:31:18.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '082f1ce18a378ec6eb67565fb7bd89cd29db886b44fe4312a863382af9e13df7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee7-50fc-4a49-b96d-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:19.000Z",
|
|
"modified": "2018-04-17T09:31:19.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '0e1d3984bd6c33ba0fc108329e3906bd074d70ed44a4c7fa6d8f857531bbc437']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee7-50d8-4a9d-abb0-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:19.000Z",
|
|
"modified": "2018-04-17T09:31:19.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '380545cfde4acaf2c29969d175db1cecd28c5691693e097e52da5c0e886a8301']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee7-bff0-428b-9e2c-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:19.000Z",
|
|
"modified": "2018-04-17T09:31:19.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '13da7abee3f2ea4275c1434900db5ba9f620fde8743eb0ff2388b32897685e0b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee8-3f50-41ef-9cf6-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:20.000Z",
|
|
"modified": "2018-04-17T09:31:20.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '9dc0c514ea1aaa91c1255857cb261bd6c94f8565ffef4420b75c5d5320717b09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee8-bf58-4dd4-875a-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:20.000Z",
|
|
"modified": "2018-04-17T09:31:20.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '30103085dd67ac6e9bdf14255fc5c8b697d68b810e732b4ae29798b62e5ad677']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee9-bec0-44e4-a6d2-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:21.000Z",
|
|
"modified": "2018-04-17T09:31:21.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '663ecdfa115605418b2826e4de7e289b0cd12849b719c7a171ee7524bf22fe99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee9-016c-4288-a267-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:21.000Z",
|
|
"modified": "2018-04-17T09:31:21.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = 'cc203d955e3e33479423f7b2aea1f13c2ba5895da16159a779407e03e747d116']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bee9-610c-41ee-9b39-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:21.000Z",
|
|
"modified": "2018-04-17T09:31:21.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '3784e5b40ff8687265efe5dacfd5b6c9d744fe294f425703ddafbf687192eb8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beea-4204-4cc4-9acf-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:22.000Z",
|
|
"modified": "2018-04-17T09:31:22.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '0a52739b2a45b1002b78230df60dd42d2ffa0897197953639dd627bcc0454134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beea-41f8-4227-ad39-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:22.000Z",
|
|
"modified": "2018-04-17T09:31:22.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '1824bb4ea96c6107c6660b104d60073be3a9f5c3bdbbc2c801771fc34a03e01c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beeb-8114-421c-81fc-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:23.000Z",
|
|
"modified": "2018-04-17T09:31:23.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = 'a1175ff8f5544f4ec078e4d55db4b6aff7a7844e9df2057d3fe906cfa77d25f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beeb-4c24-49b5-8ea1-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:23.000Z",
|
|
"modified": "2018-04-17T09:31:23.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '61dede4113d1eda504f7360ae535cd88ede9425722db4a43577185d0312acd5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beec-7568-4a94-85b2-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:24.000Z",
|
|
"modified": "2018-04-17T09:31:24.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = 'ac755dfabf99ea6fc8c334dcef526d1dce3680200deeaac5e80077a27042af9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beec-a088-46a9-93ae-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:24.000Z",
|
|
"modified": "2018-04-17T09:31:24.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '786c1b55e5e73fd3c2231d7e6fa0565aacb4fb239807f42c2f0cb83f57186271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beec-e600-4b55-9e92-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:24.000Z",
|
|
"modified": "2018-04-17T09:31:24.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '4e27ccfd0c90aab501d16d45b1e9d13bde3e2d6c2ba6d230b7973dcc8567e556']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beed-0220-4adf-9ea2-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:25.000Z",
|
|
"modified": "2018-04-17T09:31:25.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = 'c7dcf76652af54cf4cbbfdfc4fa5cc8d4a8e1807d478eceee32270260dbfecf7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beed-73f0-40ba-a922-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:25.000Z",
|
|
"modified": "2018-04-17T09:31:25.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '228ffe97f34e097a0cb3b3288ee56a063da65d890b1f888d59d59f0ad2b3bb71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beee-b710-4fe7-8159-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:26.000Z",
|
|
"modified": "2018-04-17T09:31:26.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '39c05a8b0d635eb221023154423dd3e26c93d16bb5a16a2512c68bde62996023']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beee-39c8-495b-a7b5-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:26.000Z",
|
|
"modified": "2018-04-17T09:31:26.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '6bd38baca4b923c26628e9dcf9ee64d8bcc5c4ba9cb9f2298e32f8db7816de08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beee-1e90-4d38-a935-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:26.000Z",
|
|
"modified": "2018-04-17T09:31:26.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = 'cb2155b65879f66eb449b60a90c632c701fbea7ac8d4011e3b24b238c3302de0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beef-b80c-4f61-bfb4-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:27.000Z",
|
|
"modified": "2018-04-17T09:31:27.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '8fdabcedb02b4ae9364e53f38738710a1f6e9851077c29dbda34cf934229b47d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5beef-7498-49aa-abd0-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:27.000Z",
|
|
"modified": "2018-04-17T09:31:27.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = 'fdb559a29e0374fa7ce71d8661400fcc2d2db7d3486822a5cf1e0eba5c5634c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bef0-b040-4436-b953-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:28.000Z",
|
|
"modified": "2018-04-17T09:31:28.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '4a6043017f598162263d52315c79bfcb5fbef86f19d51beb718fe8093dc1af16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5bef0-511c-42ee-8fe7-2134950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:31:28.000Z",
|
|
"modified": "2018-04-17T09:31:28.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:hashes.SHA256 = '2f9ca1b196aa915e3c87dabe20f353a4a69ee5998f8559ef8073194918dc7ea9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:31:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5c543-92b8-4648-af41-45a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:35.000Z",
|
|
"modified": "2018-04-20T09:07:35.000Z",
|
|
"first_observed": "2018-04-20T09:07:35Z",
|
|
"last_observed": "2018-04-20T09:07:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"mutex--5ad5c543-92b8-4648-af41-45a0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "mutex",
|
|
"spec_version": "2.1",
|
|
"id": "mutex--5ad5c543-92b8-4648-af41-45a0950d210f",
|
|
"name": "\\BaseNamedObjects\\00291FDE1ED259137753E922"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d370-bae8-429c-862d-4a8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:35.000Z",
|
|
"modified": "2018-04-20T09:07:35.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.99.75.151']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d371-c774-497c-8e27-4706950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:36.000Z",
|
|
"modified": "2018-04-20T09:07:36.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[domain-name:value = 'makewebomb.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a3-e298-4956-989d-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:47.000Z",
|
|
"modified": "2018-04-17T10:59:47.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'b4abd9556f093b7d80bdc755d502917310a807d5ee9d9f9bac19bb0c8d596dbc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a4-07a4-49e5-9c58-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:48.000Z",
|
|
"modified": "2018-04-17T10:59:48.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '1ca88b2c00b625bf596b93abafae873a6aec5bf1afeee1e116dc402cae69f83a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a4-3bc0-42e1-b7cc-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:48.000Z",
|
|
"modified": "2018-04-17T10:59:48.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '3f2925b26b0f0b0f141346d8a654a74704d9326492537de17518bd6fb11671e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a5-f828-4ef1-b2ea-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:49.000Z",
|
|
"modified": "2018-04-17T10:59:49.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'ba0a2f6e001bc9c02ee8c5fbcd6cceaa74ced5ec058dfda71623146f06ff2490']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a5-f920-4475-afea-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:49.000Z",
|
|
"modified": "2018-04-17T10:59:49.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'f68b0c32da95c0fb06c4cefb992e1a0039afed32f6cfcef083db39a0702a06c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a5-dc18-4c46-be57-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:49.000Z",
|
|
"modified": "2018-04-17T10:59:49.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '61ff6f5d48f02c0a5b7a28936f8aa9ebad2344f3552608fae2ce3f14a9bf14d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a6-de3c-4eb1-ac25-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:50.000Z",
|
|
"modified": "2018-04-17T10:59:50.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'a7d667e9d67d4b7db00c52572ca1e945b1aba8139dce9c647b8b9bce89ba45e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a6-1fb8-4ff9-b1c9-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:50.000Z",
|
|
"modified": "2018-04-17T10:59:50.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '6a1a4a21545538c2dd34ba9beec07cbfe17c8ff65a10f1bcdf8598a8f1b58e42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a7-cbd0-42f5-aa2e-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:51.000Z",
|
|
"modified": "2018-04-17T10:59:51.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '85d0021f75a2d312a27bc1c17702d09520006aff590d439a90d8045d2325a04e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a7-c294-49cf-ac38-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:51.000Z",
|
|
"modified": "2018-04-17T10:59:51.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '09574981553c2729c9779beee8e6007734f932a155de278eb46d9fc557c39400']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a7-dba4-4f49-a12c-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:51.000Z",
|
|
"modified": "2018-04-17T10:59:51.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e981fd64b4c1f1d50cdf3f21d3cd07dfb04dec58c518bee8697a187069997498']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a8-4e2c-4dbe-9db6-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:52.000Z",
|
|
"modified": "2018-04-17T10:59:52.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '7c83266775aceac7e54b9d7db2620245520a52e854a5e61f5c5f2452a60432de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a8-c514-46bc-a3e1-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:52.000Z",
|
|
"modified": "2018-04-17T10:59:52.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '3ed671f4ea7e92ef0e0bf61e7bacc0b7a2a82ccea73a53e7cde66e3497a86520']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a9-e248-4f8c-b955-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:53.000Z",
|
|
"modified": "2018-04-17T10:59:53.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '97702356739358d428d1e7c7ddcc8aa08379562b290edb12348cae2bc0ddbb32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a9-7924-4802-ba83-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:53.000Z",
|
|
"modified": "2018-04-17T10:59:53.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '9c6def0cb6963372a10888e6f702d80381559a29db1da32ab149273b3d10ca34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3a9-c654-4aa7-9bd9-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:53.000Z",
|
|
"modified": "2018-04-17T10:59:53.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'df58773cc519e82a8beebeca8035018168cb3cb26aa491aae89c8d68cec835a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3aa-fbc8-422b-93f5-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:54.000Z",
|
|
"modified": "2018-04-17T10:59:54.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '5eb40ac46872c6d26cd7ebdb0938a9375d7cdf28017a5c625d890a7d2ba7852d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3aa-0b2c-491a-9b07-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:54.000Z",
|
|
"modified": "2018-04-17T10:59:54.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'afcdd2fda5b3c9e78a977df31be307ea7323b746e07e35e4d3c39a3a3f4b4b79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ab-9598-4729-821c-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:55.000Z",
|
|
"modified": "2018-04-17T10:59:55.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'a854a9702c14be3508d35873e80577ee9b1296c993ee2a4269c283884775564e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ab-1980-401f-af4c-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:55.000Z",
|
|
"modified": "2018-04-17T10:59:55.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '431e6a8252837a5e1c7c98aa9b72c1df4b21e34ae8c7e73882294097f140466e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ab-ceb4-4edf-b75e-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:55.000Z",
|
|
"modified": "2018-04-17T10:59:55.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '1d7a1a4181706379a7f80ed926c47cb0ebc7beb953739c9b41cec20093c63914']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ac-f5a0-48d0-948a-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:56.000Z",
|
|
"modified": "2018-04-17T10:59:56.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '7b24f0523af239668ee8946c433c53d0c233b0290bbaca405885d39dff86fa1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ac-1ac4-4e14-af1f-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:56.000Z",
|
|
"modified": "2018-04-17T10:59:56.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = '444147472ba54f1f58776a84e98152ae28dfbca23602cb440a830fddd4a283cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ad-b024-4bd7-9640-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:57.000Z",
|
|
"modified": "2018-04-17T10:59:57.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'b33436701b6a54b78141a2812264f4b3ee93ac0a5ae0149e636e7db8c4f38a28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d3ad-599c-4727-8962-243b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T10:59:57.000Z",
|
|
"modified": "2018-04-17T10:59:57.000Z",
|
|
"description": "Win.Dropper.Fareit-6500687-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e5d34b53cb6e4e111e167cf13b608b87f7ab7d43d7f08f995ae9f2c1139e8f51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T10:59:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d964-4598-41ca-9c0f-a0a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:36.000Z",
|
|
"modified": "2018-04-20T09:07:36.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[domain-name:value = 'gandcrab.bit']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d964-11b8-4b37-a4f1-a0a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:37.000Z",
|
|
"modified": "2018-04-20T09:07:37.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[domain-name:value = 'nomoreransom.bit']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d964-d98c-404f-8a50-a0a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:37.000Z",
|
|
"modified": "2018-04-20T09:07:37.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[domain-name:value = 'nomoreransom.coin']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d9ac-c5ac-4c4e-8211-a1d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:37.000Z",
|
|
"modified": "2018-04-20T09:07:37.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\Microsoft\\\\Windows\\\\WebCache\\\\WebCacheV01.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d9ad-7214-4623-bdc6-a1d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:38.000Z",
|
|
"modified": "2018-04-20T09:07:38.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\Microsoft\\\\Windows\\\\Temporary Files\\\\Content.IE5\\\\SSZWDDXW\\\\W7RSB4SE.htm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d9ad-0f34-4b2d-9f8e-a1d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:38.000Z",
|
|
"modified": "2018-04-20T09:07:38.000Z",
|
|
"description": "Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\Microsoft\\\\zkwnlf.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f5-1140-4653-a5ee-4b3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:53.000Z",
|
|
"modified": "2018-04-17T13:04:53.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '4605f6041d93c6390c1ed856336c01a6cf3982bea1987c6de846752ca7006882']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f6-4e00-4a26-a357-4ffb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:54.000Z",
|
|
"modified": "2018-04-17T13:04:54.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'a10aefc70a3d3512cf54f74e39b3ee5cc5403c003179c57aeea7fb3895ed8ace']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f6-8b6c-4695-bd9d-4c5b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:54.000Z",
|
|
"modified": "2018-04-17T13:04:54.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'a0365a881396fa66719255cd617e5ef7e175343f28b7ee7ec347bf87811274c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f7-88ec-437c-984f-4014950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:55.000Z",
|
|
"modified": "2018-04-17T13:04:55.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '05be7b2de818dcb358a4f24d6050ae2b91d728c80a8af279894b5e701b060926']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f8-c34c-457c-aeb3-4438950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:56.000Z",
|
|
"modified": "2018-04-17T13:04:56.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'a32a315ae45f62d26cdd22281a69932c83f147fc4e820a9cc7bf05bcc4680777']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f8-5860-4a44-93bd-4ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:56.000Z",
|
|
"modified": "2018-04-17T13:04:56.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '6bd49db136718b3cef01348bc839e206d566a1e1c32e0537be61dfa2ee87de6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f8-1bb8-4caf-b2e7-431d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:56.000Z",
|
|
"modified": "2018-04-17T13:04:56.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'a677a593cebda3734ab26828b65fd93b54bbc02199a080a26da61afcff29ae48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f9-6a40-46c1-bd92-45c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:57.000Z",
|
|
"modified": "2018-04-17T13:04:57.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '84c269a1661a987058f51dea4644ec2703b28170324fbeab6920e40ad1a05a54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0f9-63f8-4f8c-97a5-4e18950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:57.000Z",
|
|
"modified": "2018-04-17T13:04:57.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'ad7c7472d980025e3edbab89988fec2d5776b4f72b0757c2b1dac54d1c991c37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0fa-6de8-4b15-8027-4191950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:58.000Z",
|
|
"modified": "2018-04-17T13:04:58.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '877d9c4195c38a9dc55c472f7c72ec3d6ad0d95a544458a2050edf22df3aac5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0fa-1df8-4e66-90d0-4557950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:58.000Z",
|
|
"modified": "2018-04-17T13:04:58.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '0a6cabedfabfbab3fba2057d30b1faab2f1b2d2d47a6227aa3b677af45f92da2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0fb-7134-4d0e-b0f5-4eb3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:59.000Z",
|
|
"modified": "2018-04-17T13:04:59.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '683339b58c7cbc066f84c625efa0248eb89bfcd24de916f5fe600c33867084e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0fb-74dc-43d0-8b39-43ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:04:59.000Z",
|
|
"modified": "2018-04-17T13:04:59.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '7bc897c2c55ff708cbccff1461d2406aaef7953686817bd2d6a39ad58af393f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:04:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0fc-f2e4-4b91-8b27-4d61950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:00.000Z",
|
|
"modified": "2018-04-17T13:05:00.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'e1e31a797b01f5f4ec694fb03d894e5ab331f41f3bc8c34bb407d390554bfe3a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0fe-67fc-464c-b0d2-4bb6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:02.000Z",
|
|
"modified": "2018-04-17T13:05:02.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'fa8c301685d5ceb6a97b75f3bb665871e3ddf5b47410179dd7a55f4f3cebf4ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0ff-657c-457e-a74e-4b17950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:03.000Z",
|
|
"modified": "2018-04-17T13:05:03.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '9b4536855237fe80447950bf86d1177489dbc1b231122e4a5d2157ba93c1b504']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f0ff-e98c-4f46-a8fd-4980950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:03.000Z",
|
|
"modified": "2018-04-17T13:05:03.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '19a5f6fc34e531409c787b00444671b44a5c11dec0dafab0e0ef699de29eea6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f100-1c08-4320-b4d4-428b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:04.000Z",
|
|
"modified": "2018-04-17T13:05:04.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'b4e2b99c18bf61acedaff5b1908a212470eb902ddfe8e164e01ffcfbab19834b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f100-2800-496f-993a-4b96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:04.000Z",
|
|
"modified": "2018-04-17T13:05:04.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = 'db5b0bb4d05292e6649fa84f076195d7a0cfb15516ce386f214dc2dd96a5e467']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f101-9ff0-4170-a6a9-4b43950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:05.000Z",
|
|
"modified": "2018-04-17T13:05:05.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '11117fe96292e5d5702f2c82e4b21c3cbc4234f13417b22ad963a9f746978482']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f101-3e6c-4095-9810-4b7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:05:05.000Z",
|
|
"modified": "2018-04-17T13:05:05.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:hashes.SHA256 = '33ab8e652c16836caf3b22518485757f417fab73a92e916f0c6aaf27b57f3be4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:05:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f210-eda0-4291-ac47-4b67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:39.000Z",
|
|
"modified": "2018-04-20T09:07:39.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\GetVersion.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f211-bf5c-4b0b-97b3-4038950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:39.000Z",
|
|
"modified": "2018-04-20T09:07:39.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%System32\\\\%\\\\pwkmbru\\\\dsieovx.sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f211-bd54-47d6-bb3a-4a99950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:40.000Z",
|
|
"modified": "2018-04-20T09:07:40.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%System32\\\\%\\\\pwkmbru\\\\dsieovxdrv.sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f212-36ac-45c0-bd4a-4769950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:40.000Z",
|
|
"modified": "2018-04-20T09:07:40.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3E3A.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f212-a40c-4b2a-8361-4d16950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:41.000Z",
|
|
"modified": "2018-04-20T09:07:41.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD4441.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f213-2dc8-410e-a58d-4eb8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:41.000Z",
|
|
"modified": "2018-04-20T09:07:41.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\igfxmtc\\\\dowmload.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f213-a4e4-44fe-96af-401f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:41.000Z",
|
|
"modified": "2018-04-20T09:07:41.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f213-cf88-43e9-bfb1-4702950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:42.000Z",
|
|
"modified": "2018-04-20T09:07:42.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3DCC.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f214-52e8-4a64-847b-4df9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:42.000Z",
|
|
"modified": "2018-04-20T09:07:42.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\InstallOptions.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3cb-f368-4ad1-bc5f-4cf2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:43.000Z",
|
|
"modified": "2018-04-20T09:07:43.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%System32\\\\%\\\\drivers\\\\spbiovxl.sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3cc-dd28-4c1d-9af4-4cdc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:43.000Z",
|
|
"modified": "2018-04-20T09:07:43.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\exhpugb\\\\dowmload.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3cd-a07c-455b-8173-4e32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:43.000Z",
|
|
"modified": "2018-04-20T09:07:43.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD7B8B.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3cd-6278-4b4f-8810-442a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:44.000Z",
|
|
"modified": "2018-04-20T09:07:44.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3ED5.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3ce-6690-4d18-a2c1-4133950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:44.000Z",
|
|
"modified": "2018-04-20T09:07:44.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\400F.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3ce-1a1c-4d2a-b2b9-4327950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:45.000Z",
|
|
"modified": "2018-04-20T09:07:45.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\msidntfs\\\\SSL\\\\cert.db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3ce-2198-4ffc-bffa-411f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:45.000Z",
|
|
"modified": "2018-04-20T09:07:45.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\ioSpecial.ini']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3cf-7c58-4a5b-9781-4a06950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:46.000Z",
|
|
"modified": "2018-04-20T09:07:46.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%System32\\\\%\\\\pwkmbru\\\\dsieovx.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3cf-eed4-48e1-bde5-4068950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:46.000Z",
|
|
"modified": "2018-04-20T09:07:46.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD73AE.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d0-d0c8-42e6-b303-4076950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:46.000Z",
|
|
"modified": "2018-04-20T09:07:46.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%LocalAppData\\\\%\\\\igfxmtc\\\\igfxmtc.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d0-aff8-4da4-8fa1-4153950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:47.000Z",
|
|
"modified": "2018-04-20T09:07:47.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\msidntfs\\\\SSL\\\\SecureTrust Network Root CA 2.cer']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d1-9bf0-40a6-9a60-41a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:47.000Z",
|
|
"modified": "2018-04-20T09:07:47.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\4119.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d1-bb88-46bb-83eb-42b0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:48.000Z",
|
|
"modified": "2018-04-20T09:07:48.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsy4211.tmp\\\\modern-wizard.bmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d1-c0f0-4fe5-9d6e-4de7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:48.000Z",
|
|
"modified": "2018-04-20T09:07:48.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD6BD1.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d2-0064-413f-b95f-4074950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:48.000Z",
|
|
"modified": "2018-04-20T09:07:48.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3DCC.tmp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d2-362c-4c19-81a0-4b69950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:49.000Z",
|
|
"modified": "2018-04-20T09:07:49.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD63F3.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d3-6f60-4351-8b4f-4d33950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:49.000Z",
|
|
"modified": "2018-04-20T09:07:49.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%WinDir\\\\%\\\\TEMP\\\\UDD8369.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d3-6620-41d9-86f7-41fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:50.000Z",
|
|
"modified": "2018-04-20T09:07:50.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\3FFE.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5f3d4-e690-42cd-a28e-4e80950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:50.000Z",
|
|
"modified": "2018-04-20T09:07:50.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nss41A2.tmp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5f851-4c38-4407-a13b-436d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:36:17.000Z",
|
|
"modified": "2018-04-17T13:36:17.000Z",
|
|
"first_observed": "2018-04-17T13:36:17Z",
|
|
"last_observed": "2018-04-17T13:36:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5f851-4c38-4407-a13b-436d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5f851-4c38-4407-a13b-436d950d210f",
|
|
"key": "\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CERTIFICATES\\9B4DFF593EC4945503B76D97E83BADF6893F2597"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5f852-fca4-4c49-862f-4202950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:51.000Z",
|
|
"modified": "2018-04-20T09:07:51.000Z",
|
|
"first_observed": "2018-04-20T09:07:51Z",
|
|
"last_observed": "2018-04-20T09:07:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5f852-fca4-4c49-862f-4202950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5f852-fca4-4c49-862f-4202950d210f",
|
|
"key": "\\Software\\Microsoft\\WBEM\\CIMOM"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5f852-c810-4df5-a5f8-45a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:36:18.000Z",
|
|
"modified": "2018-04-17T13:36:18.000Z",
|
|
"first_observed": "2018-04-17T13:36:18Z",
|
|
"last_observed": "2018-04-17T13:36:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5f852-c810-4df5-a5f8-45a8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5f852-c810-4df5-a5f8-45a8950d210f",
|
|
"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MAGSV\\Instances"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5f853-8f58-492a-8488-4ad7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:51.000Z",
|
|
"modified": "2018-04-20T09:07:51.000Z",
|
|
"first_observed": "2018-04-20T09:07:51Z",
|
|
"last_observed": "2018-04-20T09:07:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5f853-8f58-492a-8488-4ad7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5f853-8f58-492a-8488-4ad7950d210f",
|
|
"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MAGSV\\INSTANCES\\magsv"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad5f853-6b7c-45d1-bc66-49eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:36:19.000Z",
|
|
"modified": "2018-04-17T13:36:19.000Z",
|
|
"first_observed": "2018-04-17T13:36:19Z",
|
|
"last_observed": "2018-04-17T13:36:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad5f853-6b7c-45d1-bc66-49eb950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad5f853-6b7c-45d1-bc66-49eb950d210f",
|
|
"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\magsv"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f368-0d14-45d4-914d-4411950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:51.000Z",
|
|
"modified": "2018-04-20T09:07:51.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.58.217.174']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f368-9a7c-4654-a670-47ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:52.000Z",
|
|
"modified": "2018-04-20T09:07:52.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.222.235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f369-00c4-46b6-8aea-4a91950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:52.000Z",
|
|
"modified": "2018-04-20T09:07:52.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.58.206.78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f369-bd00-4721-a3f3-4d28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:53.000Z",
|
|
"modified": "2018-04-20T09:07:53.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.16.241.77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f369-2740-4db8-98d0-4b31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:53.000Z",
|
|
"modified": "2018-04-20T09:07:53.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.199.229.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad6f36a-5780-4671-b8a3-42c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:53.000Z",
|
|
"modified": "2018-04-20T09:07:53.000Z",
|
|
"first_observed": "2018-04-20T09:07:53Z",
|
|
"last_observed": "2018-04-20T09:07:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--5ad6f36a-5780-4671-b8a3-42c4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--5ad6f36a-5780-4671-b8a3-42c4950d210f",
|
|
"value": "google.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f36a-a7b4-4397-9ce8-45e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:54.000Z",
|
|
"modified": "2018-04-20T09:07:54.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[domain-name:value = 'u.drawfixmydesign.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f36b-6cd4-4054-a272-4445950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:54.000Z",
|
|
"modified": "2018-04-20T09:07:54.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[domain-name:value = 'r.drawfixmydesign.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad6f49a-fb1c-48bc-94f9-4419950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:55.000Z",
|
|
"modified": "2018-04-20T09:07:55.000Z",
|
|
"first_observed": "2018-04-20T09:07:55Z",
|
|
"last_observed": "2018-04-20T09:07:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"mutex--5ad6f49a-fb1c-48bc-94f9-4419950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "mutex",
|
|
"spec_version": "2.1",
|
|
"id": "mutex--5ad6f49a-fb1c-48bc-94f9-4419950d210f",
|
|
"name": "\\BaseNamedObjects\\DRBCXMtx"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f509-2e3c-4b5e-a4b4-48a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:33.000Z",
|
|
"modified": "2018-04-18T07:34:33.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '2593e0c6d66d36c7d8b3061f3c242875113310a2939f89aea73eda1397e44e31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50a-1a78-49de-8491-4aa3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:34.000Z",
|
|
"modified": "2018-04-18T07:34:34.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e9a7b16189e27dff9ff67e31d09fa05e7f32658dfa56bb51feff8ca0cfb4eb85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50a-42c8-48b9-bf8a-46c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:34.000Z",
|
|
"modified": "2018-04-18T07:34:34.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '1a1144444adb05aee9ef8adfb3c892a97d32b870d1ee300975a5f3597f2ed638']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50a-b92c-4855-88ac-492e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:34.000Z",
|
|
"modified": "2018-04-18T07:34:34.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = 'ff5d541f260063a88b04a892cacfb3bcb13b8dd83c5f29ed5000737dbd6662c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50b-d154-4795-b7f3-47e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:35.000Z",
|
|
"modified": "2018-04-18T07:34:35.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = 'b1d0bfdd95f168cea0df0e138ee627cb7feb0a26ac7a736baa031547bb6fb08d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50b-d714-4dce-9ed7-4f30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:35.000Z",
|
|
"modified": "2018-04-18T07:34:35.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '9af34cdb7f0b01c044fdeb64f0b733d78e8b9be854c4beeee679f8ee083530b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50b-b668-4b71-bfcb-4a28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:35.000Z",
|
|
"modified": "2018-04-18T07:34:35.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '24281907f8904bf6b9af4116f52ae2ba8b4b97ce586cd3b2b2777a8f3c76c8cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50c-07dc-4e7e-844e-49dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:36.000Z",
|
|
"modified": "2018-04-18T07:34:36.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '61cb5cbccb6d1c329cb1a641c3a74fd4a4521dee0d2d03e810f3f12303e0f1f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50c-31ec-4ca7-9ecc-4e7a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:36.000Z",
|
|
"modified": "2018-04-18T07:34:36.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '3431065d2208123137714d2d432427d33cff576d202e1fc7ea2990b21847cce1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50d-e290-458b-befc-4bbe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:37.000Z",
|
|
"modified": "2018-04-18T07:34:37.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = 'ba975d346f8f543f348e1e42f03bf50167045740b321ae6dc8a8497e608e8766']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50d-1a8c-4844-ad53-40f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:37.000Z",
|
|
"modified": "2018-04-18T07:34:37.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '2df889657dd28f91ea10c08d5a72cf890bf142a6fb4928520ecdefcf708cc2b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50e-2550-41da-a161-445b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:38.000Z",
|
|
"modified": "2018-04-18T07:34:38.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '174286f1a0bd66552237da989be39ef821b11fc6acccef5eabc00448991d1876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50e-f01c-4cec-88c9-4232950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:38.000Z",
|
|
"modified": "2018-04-18T07:34:38.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '4632c1023c0baaa1e227defd4923098c4f3c49317964ff1cb088b40b9df7a605']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50e-efa0-4487-9291-4e90950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:38.000Z",
|
|
"modified": "2018-04-18T07:34:38.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '530607f9b54be981e420a7bca1d33d0fa180e6c42877beddeb23836cc440f062']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50f-c064-4e25-a17f-4fcb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:39.000Z",
|
|
"modified": "2018-04-18T07:34:39.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e9bcf85599744033e320f5031ecc8157e0498a42d699cb175d7242c95b9f4358']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f50f-3194-4722-9575-48af950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:39.000Z",
|
|
"modified": "2018-04-18T07:34:39.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '86746d7dfa923b5b1e0e5a0d27f19eb40979dcf342f2fba01ccbb09175b9363c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f510-5a7c-4901-930f-4c91950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:34:40.000Z",
|
|
"modified": "2018-04-18T07:34:40.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[file:hashes.SHA256 = '973c024f2af38334bfe80a5c1fc2f96b2215397124ff08110e3c96aa986e7440']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:34:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad71113-447c-41a1-9bd4-4e24950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:55.000Z",
|
|
"modified": "2018-04-20T09:07:55.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles\\\\%\\\\Mozilla\\\\thfirxd.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad71113-7aa4-4bfd-b9ac-49c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:55.000Z",
|
|
"modified": "2018-04-20T09:07:55.000Z",
|
|
"first_observed": "2018-04-20T09:07:55Z",
|
|
"last_observed": "2018-04-20T09:07:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"windows-registry-key--5ad71113-7aa4-4bfd-b9ac-49c5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Persistence mechanism\""
|
|
]
|
|
},
|
|
{
|
|
"type": "windows-registry-key",
|
|
"spec_version": "2.1",
|
|
"id": "windows-registry-key--5ad71113-7aa4-4bfd-b9ac-49c5950d210f",
|
|
"key": "%System32%\\Tasks\\aybbmte"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c88-56bc-4414-803a-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:56.000Z",
|
|
"modified": "2018-04-20T09:07:56.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.85.88.217']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c88-9f88-4029-b6c6-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:56.000Z",
|
|
"modified": "2018-04-20T09:07:56.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[domain-name:value = 'bush.basinafterthought.bid']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c89-3e98-4607-87f0-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:37.000Z",
|
|
"modified": "2018-04-18T12:39:37.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '9ad10ae09760aa994fdf2d6132a60276badb77b0ab773ee5d07d5b5e7a259207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c89-055c-4812-80a0-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:37.000Z",
|
|
"modified": "2018-04-18T12:39:37.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '2c31ec1ded95ec22f07a3bc29c03badd9158d8ddc19e1cdb98ccdab3482f2421']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8a-57d8-4f69-a836-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:38.000Z",
|
|
"modified": "2018-04-18T12:39:38.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '433403d0f920938654f1592148f99110a5dd35fed88260c44a022983e12bdaa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8a-27ec-4308-81b8-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:38.000Z",
|
|
"modified": "2018-04-18T12:39:38.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'a02c5f7013b02bbc66380276f4250ea42173971c60e8836bb676243b648dd3a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8b-584c-4667-a86f-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:39.000Z",
|
|
"modified": "2018-04-18T12:39:39.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'f0bfcb581935377def575a18a89290427d335c95da6781b11d1ad91711cb4a81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8b-42c8-4947-a2c8-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:39.000Z",
|
|
"modified": "2018-04-18T12:39:39.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '41bf7b4e4d7a87395cc8867e026ed9d586830420a70325a672d07ea9c1a351e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8c-d530-4489-820d-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:40.000Z",
|
|
"modified": "2018-04-18T12:39:40.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'e616d1e7e2b6e1d4f1ac2fea3e2041b842d27f5de05ff941b5661997cfe8a856']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8c-99d0-48b7-be88-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:40.000Z",
|
|
"modified": "2018-04-18T12:39:40.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '4300dc69146725fe7476b6ee4a81ecbed78604e4575e299f52f6b6f3c65eaaa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8c-20f8-44cc-8a1b-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:40.000Z",
|
|
"modified": "2018-04-18T12:39:40.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'bc782f40d16fd6574c1e84edd0728470f426a31d2ff94e4bbb87a19cf3992048']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8d-1654-4e71-a6d4-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:41.000Z",
|
|
"modified": "2018-04-18T12:39:41.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '04ead5ee82c762a26e1dc0e6a8b21c54669c771cca0291b5d41282d2e73a7fc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8d-2888-4ed3-a247-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:41.000Z",
|
|
"modified": "2018-04-18T12:39:41.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '739f27ac00dc449895f589ff28e86d78ea17ca298ffc0b40021136d7c77ed679']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8e-57e0-4131-aa43-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:42.000Z",
|
|
"modified": "2018-04-18T12:39:42.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'cc4c722e0d6e2bbff6119e1895f6dfbbb2ed75b3d786e4de507b48792a2660a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8e-83b4-4b62-9db9-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:42.000Z",
|
|
"modified": "2018-04-18T12:39:42.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '28589697e00deb562a29f3cb335167b2880f3ef3065e418f57f1b626d9ea8c94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8f-df38-4dfa-a837-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:43.000Z",
|
|
"modified": "2018-04-18T12:39:43.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'b622971e681f9e2fa5f84bfcb9e7144b6198d3fb554de8d4488117ca1e3f51c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c8f-ae2c-445e-8e26-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:43.000Z",
|
|
"modified": "2018-04-18T12:39:43.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '0fee9d67ef1967d2bee1f67b1dc5ae24dff5d6dba17b9247e33b87f5bf6e6856']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c90-5394-4e42-87b1-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:44.000Z",
|
|
"modified": "2018-04-18T12:39:44.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '6c8ca3ba14ee685739ea32a3ddc613d4544c69194a97c55365c570c053609938']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c90-3768-45e1-b5e5-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:44.000Z",
|
|
"modified": "2018-04-18T12:39:44.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'f1dbfaf0378434cd1758feaabe050171df1c234ddc6215df494c6592a9e92547']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c91-f2bc-45d2-8433-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:45.000Z",
|
|
"modified": "2018-04-18T12:39:45.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = 'e586da2bd9fd73223281176033b97e6e4e137249f9aff8430004099b31508e12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c91-d9f0-4c95-aff6-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:45.000Z",
|
|
"modified": "2018-04-18T12:39:45.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '1d70d1eb3210984b8d2c3c62ca6ade7b018f44688d009cbde3c2c214224a3ffb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c92-da9c-43f3-95ae-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:46.000Z",
|
|
"modified": "2018-04-18T12:39:46.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '404746279f7d963489d1d7d2d9be4bd1b1dd82e81e21f6ebf09091ee7b059988']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c92-e460-4485-bc27-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:46.000Z",
|
|
"modified": "2018-04-18T12:39:46.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '4696ddd4a7ed96a86a09413f14657c7e01053213f6f1f6008a3a3bbe4fe45229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c93-67c8-4844-b5eb-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:47.000Z",
|
|
"modified": "2018-04-18T12:39:47.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '66af9dc27feb2b69729b82e4076dd699cc504c3c8dce943d2023c7bdeca00f2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c93-7f38-4ee0-8843-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:47.000Z",
|
|
"modified": "2018-04-18T12:39:47.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '4694e19504a1bbc0335c213bad487727ab75faab3bf29d92cb7e3d14a2d3a8d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c93-efb8-439d-b748-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:47.000Z",
|
|
"modified": "2018-04-18T12:39:47.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '0863bf4a5476b5de02a15c3bdec1604c7d8ab7c8ca1c0546edf2f16a756e0d8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73c94-2d30-45ff-9fff-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:39:48.000Z",
|
|
"modified": "2018-04-18T12:39:48.000Z",
|
|
"description": "Win.Dropper.Startsurf-6502245-0",
|
|
"pattern": "[file:hashes.SHA256 = '39974f2161bc0151692ae2f380d38b626f2b47904f92ce5706e29b2fe05122d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d16-6bbc-47dd-8e71-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:57.000Z",
|
|
"modified": "2018-04-20T09:07:57.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.230.82.80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d16-3c70-4009-8cfd-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:57.000Z",
|
|
"modified": "2018-04-20T09:07:57.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.146.43.71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d17-86a0-40c3-a66d-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:57.000Z",
|
|
"modified": "2018-04-20T09:07:57.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.248.31.6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d17-da38-40bf-9fb6-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:58.000Z",
|
|
"modified": "2018-04-20T09:07:58.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.185.4.90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d17-67b4-42a8-ba91-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:58.000Z",
|
|
"modified": "2018-04-20T09:07:58.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.243.255.79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad73d18-fa24-4b78-94c1-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:59.000Z",
|
|
"modified": "2018-04-20T09:07:59.000Z",
|
|
"first_observed": "2018-04-20T09:07:59Z",
|
|
"last_observed": "2018-04-20T09:07:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--5ad73d18-fa24-4b78-94c1-21a4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--5ad73d18-fa24-4b78-94c1-21a4950d210f",
|
|
"value": "checkip.dyndns.org"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d19-80bc-426e-add3-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:07:59.000Z",
|
|
"modified": "2018-04-20T09:07:59.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:name = 'Files\\\\Content.IE5\\\\SSZWDDXW\\\\W7RSB4SE.htm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:07:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d19-f07c-4db8-8e0b-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:00.000Z",
|
|
"modified": "2018-04-20T09:08:00.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\serizay.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d19-0744-48a0-b32e-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:01.000Z",
|
|
"modified": "2018-04-18T12:42:01.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '91122476660eff79e0de0f30752e1cf9b37985013cb2fd6ad51c6ea6f20dbdf5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1a-7044-4255-9e6f-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:02.000Z",
|
|
"modified": "2018-04-18T12:42:02.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'fccaca287d58a30c33cc6a52e49fc16c9c5f08143624b82c8ea1df216ec42db0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1a-1034-4e73-a261-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:02.000Z",
|
|
"modified": "2018-04-18T12:42:02.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '6b93b7b97c1d5f3ad00378c8ff279c2f2ef8ba4ca16fdde45fe0557c37e8630a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1b-b110-4c26-a2b6-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:03.000Z",
|
|
"modified": "2018-04-18T12:42:03.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e9574e34b580958e83aa060868edf408751f89f2844da98f2a8c4df24a175efd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1b-75b0-491c-8bac-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:03.000Z",
|
|
"modified": "2018-04-18T12:42:03.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '2b0dbfbc6f7018646a9ec428424986969a8bcf3ca1c4e1b23d7aab3e7e7dda5f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1b-de28-44b4-a3b5-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:03.000Z",
|
|
"modified": "2018-04-18T12:42:03.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'd4be54137269f8b720abd45b5f900e513c8e9c6144169900c673a07b3181006a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1c-5f18-49a5-abd6-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:04.000Z",
|
|
"modified": "2018-04-18T12:42:04.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '45919cf6c7ca6e97bcbf5f3bcf670db27c29d81aaa50b3563c50ec4e80ec6f4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1c-6158-42bc-8cc9-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:04.000Z",
|
|
"modified": "2018-04-18T12:42:04.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '388a22678ed13c5fc9a26d8d89a37805143b38d782677b49d9abbfa1dcd47105']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1d-71e8-4b2f-a09c-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:05.000Z",
|
|
"modified": "2018-04-18T12:42:05.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'd9b137bba139689b08b01f59dfc61b161f522c8618cd74321a7ae4531e093ebb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1d-fbb4-4047-afb3-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:05.000Z",
|
|
"modified": "2018-04-18T12:42:05.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '702c79933e6afba258861251597fc1eb6fada3273a1a3038f4332f09eac44237']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1d-3654-4e9d-8677-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:05.000Z",
|
|
"modified": "2018-04-18T12:42:05.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'ccbf0df625484ab8244a47737514ff698fa00fe2ed8da99e779134c4f96c2a3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1e-2150-46e9-9409-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:06.000Z",
|
|
"modified": "2018-04-18T12:42:06.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '5c80cd096858030abfb8ec87a0aceb8b9d791dfdc67259e668ec2cabab3abef4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1e-5ee4-43e8-b824-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:06.000Z",
|
|
"modified": "2018-04-18T12:42:06.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '6b6eb4cc4aa8e3d71a97a8657ffcd27d2bd12466faf3b1f7fcbcd274a4b9561c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1f-014c-4906-8d8c-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:07.000Z",
|
|
"modified": "2018-04-18T12:42:07.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '06c65a259d7c96000fcec97a7d8c5b6c4d0c8b8e52ed1d45c934a50d0369b3eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1f-5508-42c7-bac1-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:07.000Z",
|
|
"modified": "2018-04-18T12:42:07.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'f43312efa07fe063b6fd50de8f1bc3e7ccfe27b4d80d9082e8faaced210f6be0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d1f-7944-4903-b661-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:07.000Z",
|
|
"modified": "2018-04-18T12:42:07.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '84f1fd4c31d0c21517ffe56eea666d6c7954aec47e958c33238b91f6bc9ef0e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d20-7894-432b-ae81-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:08.000Z",
|
|
"modified": "2018-04-18T12:42:08.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '07cb19e9013ac45d8e99618944ebd9d1a81499239d20800f8aaf5789b6fbb47e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d20-f584-458b-9057-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:08.000Z",
|
|
"modified": "2018-04-18T12:42:08.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e122d91eb62a33c8b4ef56b2299caf2f58fd4e48694c97e06c92f858497cf860']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d21-0dc8-4cc0-902c-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:09.000Z",
|
|
"modified": "2018-04-18T12:42:09.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'ea284de1551e367f736ce661b7342fc3a98297cfa8358972120375702dd14ccf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d21-5ac0-4c8b-8c2f-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:09.000Z",
|
|
"modified": "2018-04-18T12:42:09.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'e4b38a225a2703c06bcf4d26acc22753a86b74fa461720bda700c1fa2c1b3db6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d21-230c-412b-9b25-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:09.000Z",
|
|
"modified": "2018-04-18T12:42:09.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'daeded4fb715741d4045fa7ff6e7d81920c3e7ce892c1c29676a51ee70d63712']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d22-75c0-410d-abaf-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:10.000Z",
|
|
"modified": "2018-04-18T12:42:10.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = 'bc417721acee0afa960d71a7c59acfb6d233384625620bd0856734521b028005']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d22-91cc-4678-99df-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:10.000Z",
|
|
"modified": "2018-04-18T12:42:10.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '79a50327843a8ccf58147971d1c86945f9a40cd0d4ee35084b8af26c9f5ab210']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d23-6508-4f7f-800c-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:11.000Z",
|
|
"modified": "2018-04-18T12:42:11.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '53e260744b0f3d02c6d629cd466483b79c147d882e6749639631c4c7eeb46808']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73d23-3ff4-40f7-b773-21a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:42:11.000Z",
|
|
"modified": "2018-04-18T12:42:11.000Z",
|
|
"description": "Win.Dropper.Upatre-6498441-1",
|
|
"pattern": "[file:hashes.SHA256 = '2e5bff8f11e5ed171ac94f1a5656014fbffd46b66493c90aaf47b640568faa1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:42:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73f73-19b8-4bfc-8b13-7ba5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:00.000Z",
|
|
"modified": "2018-04-20T09:08:00.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[domain-name:value = '116.151.167.12.in-addr.arpa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa0-6ed0-456b-8abc-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:00.000Z",
|
|
"modified": "2018-04-20T09:08:00.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.25.185.229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa0-d070-4d34-866b-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:01.000Z",
|
|
"modified": "2018-04-20T09:08:01.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.231.4.7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa1-70a4-4800-81f9-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:01.000Z",
|
|
"modified": "2018-04-20T09:08:01.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.167.151.116']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa1-fde8-43a9-b2f1-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:49.000Z",
|
|
"modified": "2018-04-18T12:52:49.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'c6eeffc5eb2ee7203e7abef9e60c5edffd5471aa02760e1b2ef0cce5c5a73aa3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa2-33ac-4795-9641-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:50.000Z",
|
|
"modified": "2018-04-18T12:52:50.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'cd159019d822551dd72c81fc954042275f65deaee88469c05682e7575a27e8e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa2-13e0-409e-a743-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:50.000Z",
|
|
"modified": "2018-04-18T12:52:50.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'f0bd29ac4f11195c79f8b1812cbf93fcb2b8e67bd219c287e9e93c8136c44a32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa3-fb38-4d1d-8955-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:51.000Z",
|
|
"modified": "2018-04-18T12:52:51.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '40b0cde3e58f802d799ce9b3baa86d3b03582b8d52af828fcf33a7b71fa704de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa3-c334-4f35-97ee-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:51.000Z",
|
|
"modified": "2018-04-18T12:52:51.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '842fd3e6342f2eab3bb49c69a6d963e3c7022221bdb074b4437310f8170b2c6f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa3-a3b4-46e6-85e7-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:51.000Z",
|
|
"modified": "2018-04-18T12:52:51.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'e5633dfe5df0eadc14ee162af1c1f47c6350f514f6867cdeea8efeaf2cdd4f90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa4-0dc8-4f29-94b6-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:52.000Z",
|
|
"modified": "2018-04-18T12:52:52.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'ea088b52681001876b19f1b4c22823d347b734e167cb634208a204d95f6c01f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa4-3f20-40a2-ae9e-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:52.000Z",
|
|
"modified": "2018-04-18T12:52:52.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '268b1d9cc88537d6ba2301845262a82bc6df00b07a74fa7ead0242e5cf0dc9ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa5-3d2c-40a2-9c8b-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:53.000Z",
|
|
"modified": "2018-04-18T12:52:53.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '9b389a4e17438eeba6cba94c6359317175b36e38329ae8ccfef2e7bc5d3b5a61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa5-a420-4e9f-a25d-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:53.000Z",
|
|
"modified": "2018-04-18T12:52:53.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'e411592afee8c0a1d6baab011017672dea44c307ed4ea223999eb0152cd95db6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa5-3bdc-4d75-a2d2-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:53.000Z",
|
|
"modified": "2018-04-18T12:52:53.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '8ab34d8df0858423dd1f4f70f407ca929cf9300839c783ef40f64024e477b4f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa6-8fd4-47f8-83e6-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:54.000Z",
|
|
"modified": "2018-04-18T12:52:54.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'c8aeb4cf24afcabea69ac048a658fe031b033534a9cc77e249c03b1d0464a75c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa6-765c-4471-a3b3-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:54.000Z",
|
|
"modified": "2018-04-18T12:52:54.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '10de8c9c16f71496e3c55f0d50640741449ea8f0e7b84dfabc80e13232dcee74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa7-5400-4faf-bd8b-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:55.000Z",
|
|
"modified": "2018-04-18T12:52:55.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'd2f102299b545cf1efc42b2e7d2de46dc6edf49b4da4ec4ee475539b21c7bad7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa7-711c-4f2d-ae86-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:55.000Z",
|
|
"modified": "2018-04-18T12:52:55.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '5a9b3c474315a6cc941b44e2e1563266497d7c3a8fc88653b12d3b6fa9283439']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa7-47dc-4f2e-8c5a-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:55.000Z",
|
|
"modified": "2018-04-18T12:52:55.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = 'f5c742ff51664195be30bba05c56c909b07cf7a475c570a704435e99ec925c92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa8-f2b4-4348-9cf4-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:56.000Z",
|
|
"modified": "2018-04-18T12:52:56.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '8d6c39242bb75f30437e3a3712cd54e5f4a1ccba7deef3ced7607c3894391297']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa8-8e1c-4c31-a3ba-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:56.000Z",
|
|
"modified": "2018-04-18T12:52:56.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '5e7847c2c9edb9a8cd764e28cdb8f575fa157846ed1b0e4ccf0612f915a794a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa9-d408-42db-a368-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:57.000Z",
|
|
"modified": "2018-04-18T12:52:57.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '17595c6caf5362a043f81d32dc30dae30f27354fa9783de374301cbf42be2ff3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa9-f584-442c-9f41-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:57.000Z",
|
|
"modified": "2018-04-18T12:52:57.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '35dcd9cd70c1047b835736be487536a3f3d6f2c2d40752f40ab278149972c481']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fa9-e6f4-4f0d-9fd4-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:57.000Z",
|
|
"modified": "2018-04-18T12:52:57.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '6812a316ac2f2fa0affd0977f61a97f7463f3dd77e18b217e8b97e2414d4ea18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73faa-75ac-41d4-ad16-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:58.000Z",
|
|
"modified": "2018-04-18T12:52:58.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '81233480a520d005f90f203e99bc325fca56eff338e6761a11295315ac9010d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73faa-cbb4-4d33-b945-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:58.000Z",
|
|
"modified": "2018-04-18T12:52:58.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '8014614d9085f4ada71d6c403e8042ffdd715974ad826a19ec2fb8a4f713ca9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fab-79a4-43fd-84c1-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:59.000Z",
|
|
"modified": "2018-04-18T12:52:59.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '1f26c8b1dada5dc707651958630211824886556eb23f77f04d7a4818f8c8e756']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73fab-d5f8-42d8-b922-7b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:52:59.000Z",
|
|
"modified": "2018-04-18T12:52:59.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[file:hashes.SHA256 = '018ba4d9446e31d228b829f0f90f2f4519b87359d5d5750177152e0b986d8aad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:52:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d8250151-a555-4e5e-9239-e4d6a705c550",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:50.000Z",
|
|
"modified": "2018-04-17T09:35:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'afc9302ffde49d146ad7f58a95040ec5' AND file:hashes.SHA1 = '4d3b0b76b83413777d10b922138c00bb297a249f' AND file:hashes.SHA256 = '1824bb4ea96c6107c6660b104d60073be3a9f5c3bdbbc2c801771fc34a03e01c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f18a6769-9119-4ce8-8261-38c8c36c6d48",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:48.000Z",
|
|
"modified": "2018-04-17T09:35:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-04T18:18:54",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5bff5-881c-4c74-9573-45d302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1824bb4ea96c6107c6660b104d60073be3a9f5c3bdbbc2c801771fc34a03e01c/analysis/1383589134/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5bff5-aac0-4292-87a8-43e502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5bff5-8fb4-4324-8915-462602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667d69e-d4e0-49ff-b66d-ee9c0d1606a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:52.000Z",
|
|
"modified": "2018-04-17T09:35:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e5c8c53b9d383fcbb0b5659da87dc3b7' AND file:hashes.SHA1 = '560ca9b75304d19ea94d9265617f787ec6b82a72' AND file:hashes.SHA256 = 'ac755dfabf99ea6fc8c334dcef526d1dce3680200deeaac5e80077a27042af9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:35:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2777d3d2-815c-4e73-92b3-e7c5f6a6bb4f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:51.000Z",
|
|
"modified": "2018-04-17T09:35:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-20T22:53:04",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5bff7-98e0-4c38-b697-4d4c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ac755dfabf99ea6fc8c334dcef526d1dce3680200deeaac5e80077a27042af9c/analysis/1382309584/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5bff7-9530-4b74-b13b-452a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/48",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5bff8-6e88-4e73-bc8b-4ed202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a0f795c-3740-4127-ae11-5719c06e4613",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:55.000Z",
|
|
"modified": "2018-04-17T09:35:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a346d50295afa82919cf03e817910796' AND file:hashes.SHA1 = '6e830e1dcb0556efa884b311e595019dac96dd58' AND file:hashes.SHA256 = '6db67b808d476e3412034571798447aafbbe320a0884a417a7d7fae604440c6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:35:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ff6c2680-4cca-4e84-aeef-dbf889d731cb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:53.000Z",
|
|
"modified": "2018-04-17T09:35:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T19:00:25",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5bff9-397c-4aae-a7d2-4dda02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6db67b808d476e3412034571798447aafbbe320a0884a417a7d7fae604440c6e/analysis/1518548425/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5bff9-0498-4b64-a270-4f2002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5bffa-ffc4-4351-8469-4d2a02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7f770580-9cd5-4055-8779-f7214ff95236",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:57.000Z",
|
|
"modified": "2018-04-17T09:35:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2485c3718c9bd94718729a6cc7ac9fbb' AND file:hashes.SHA1 = '407610f3f91a43640c9b5eaa00a84cad5bb647ed' AND file:hashes.SHA256 = '725752c4bda82acf554aad37fe97d08f4367c9a1e5d40b6fe17cdc94adf040fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:35:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ee0ed29e-9ebc-4abb-b406-61d5e5e7d74f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:55.000Z",
|
|
"modified": "2018-04-17T09:35:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-07T08:19:50",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5bffb-c704-4832-9a55-46aa02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/725752c4bda82acf554aad37fe97d08f4367c9a1e5d40b6fe17cdc94adf040fc/analysis/1523089190/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5bffc-353c-4ea9-a736-4cb802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5bffc-40a8-4937-a0a4-427402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--16dd834b-161d-4a5d-a463-e0fe0c82ddb8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:59.000Z",
|
|
"modified": "2018-04-17T09:35:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '09fd1e70c66b1a7a2f47c871052672cf' AND file:hashes.SHA1 = '4f9eb8c56b8cc753806967772b92b357ce0b2327' AND file:hashes.SHA256 = '09cc6c9e39425a71ccdc26ffd8a67179043b20f646286685eea24e6bb00b12d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:35:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c2c034d9-7fc9-4b07-b85e-b77886481632",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:35:58.000Z",
|
|
"modified": "2018-04-17T09:35:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:22:04",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5bffe-a06c-4b1a-88d8-42a602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/09cc6c9e39425a71ccdc26ffd8a67179043b20f646286685eea24e6bb00b12d9/analysis/1523776924/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5bffe-1ebc-46db-b6cc-416802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5bffe-80b0-4f48-a145-4e4e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1c3353ab-72a9-4b8d-bf7b-26b82f95bcab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:01.000Z",
|
|
"modified": "2018-04-17T09:36:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '93cfb3115f1c3ee27b8e40be8936ff0c' AND file:hashes.SHA1 = '2579550687a537a79baa0004d051fbeb2dc31d6a' AND file:hashes.SHA256 = '0e1d3984bd6c33ba0fc108329e3906bd074d70ed44a4c7fa6d8f857531bbc437']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ca39f2b2-ab66-4b27-b7c6-c0e6031aa3c6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:00.000Z",
|
|
"modified": "2018-04-17T09:36:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2015-03-30T19:55:02",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c000-0ea8-402a-b3cc-47fa02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0e1d3984bd6c33ba0fc108329e3906bd074d70ed44a4c7fa6d8f857531bbc437/analysis/1427745302/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c000-4e3c-4806-87f8-4a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/57",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c001-722c-41ff-b0ed-4db102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4bbac67b-db88-4ff1-b57e-99611cfee662",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:04.000Z",
|
|
"modified": "2018-04-17T09:36:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd598b662efc21cb52c8ccc1ab4fa3aee' AND file:hashes.SHA1 = 'fc36673a5adf95ccbc5e4fe8cba82929ac904f79' AND file:hashes.SHA256 = '330a8b46f74f5d4af759b18db64dfd9af2ef3e429d597cd4522148fb78633000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7d0a5db8-4b69-4b06-b514-861ac2bcc9c8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:02.000Z",
|
|
"modified": "2018-04-17T09:36:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-11T17:37:46",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c002-170c-43f8-9cc3-46a002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/330a8b46f74f5d4af759b18db64dfd9af2ef3e429d597cd4522148fb78633000/analysis/1523468266/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c002-0cb0-4c6e-be1e-48b102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c003-bd48-4b8d-aeac-491e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--38195b20-39ab-4f46-a15f-4cac8fa71f0b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:06.000Z",
|
|
"modified": "2018-04-17T09:36:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c54f8d34f2640cd64dd4b6f8d852d676' AND file:hashes.SHA1 = 'f562f593819976e50aa911b5fae590e583a2ae33' AND file:hashes.SHA256 = 'd8f1f59b81a985f538fc0a51c85c688794f94b28a06883ba9dadfb4b0c8bccd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b9326c01-9fbc-4562-9806-9eb7f18f1658",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:04.000Z",
|
|
"modified": "2018-04-17T09:36:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-17T01:03:38",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c004-c4d8-456b-8fa8-447a02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d8f1f59b81a985f538fc0a51c85c688794f94b28a06883ba9dadfb4b0c8bccd6/analysis/1523927018/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c005-2c28-4a60-b90a-4e1102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c005-0044-498c-b7c6-464c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--23168de0-12c0-4447-aecb-32d09f2215d6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:08.000Z",
|
|
"modified": "2018-04-17T09:36:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f26a613b679c97f5355a1c4a4c71948a' AND file:hashes.SHA1 = 'd7403d4e903fdf67db31b5a11267e665e2c03339' AND file:hashes.SHA256 = '13da7abee3f2ea4275c1434900db5ba9f620fde8743eb0ff2388b32897685e0b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6ffec30e-27e2-4994-b80e-41bbfc7b35ca",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:06.000Z",
|
|
"modified": "2018-04-17T09:36:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2014-01-17T18:07:27",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c006-315c-4d76-9343-42a502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/13da7abee3f2ea4275c1434900db5ba9f620fde8743eb0ff2388b32897685e0b/analysis/1389982047/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c007-d844-412f-9f0f-452202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c007-7ef4-461b-92ca-490d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3797aea4-eab0-4f22-9e6d-a1a543cb0009",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:10.000Z",
|
|
"modified": "2018-04-17T09:36:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c642c2a00199c1dfd86bd00a48429afb' AND file:hashes.SHA1 = 'dc7211fb70415814b9af44aaa153c2cc06e0f7df' AND file:hashes.SHA256 = '2b7662b93abcd312eb2c4d66c246af9dc7c43a511fae5dddd11617bf2ced16c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bc2915ec-2b50-47b9-abaa-3481306c33d2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:08.000Z",
|
|
"modified": "2018-04-17T09:36:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T18:09:20",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c009-a5fc-4866-b94a-4e5602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2b7662b93abcd312eb2c4d66c246af9dc7c43a511fae5dddd11617bf2ced16c3/analysis/1518545360/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c009-ce30-4eb8-8647-477e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c009-a58c-4d1b-86f3-408002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d9bd8f68-4507-4e45-b3b2-51b238bf210c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:12.000Z",
|
|
"modified": "2018-04-17T09:36:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a16b48a1b06af3203312b46fb3012bf0' AND file:hashes.SHA1 = 'f71b209616bfb7e8c6ff07a85076b0537766c8a6' AND file:hashes.SHA256 = '21178d6e06ded3b1a43e98eb781220c37e729ef081bd160f168fc465313ea4ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e050e2a6-56c7-45ff-82a3-771b9fed5773",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:11.000Z",
|
|
"modified": "2018-04-17T09:36:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:22:15",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c00b-741c-452b-89dd-4d7402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/21178d6e06ded3b1a43e98eb781220c37e729ef081bd160f168fc465313ea4ff/analysis/1523776935/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c00b-157c-48d0-97dd-452602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c00b-3124-453b-a3cc-4c5402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bdfb2aaf-fbc1-4f37-a1c2-3d2e7ab849e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:14.000Z",
|
|
"modified": "2018-04-17T09:36:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dfcf5ba6e5fe982c1bcbeecbe8661abb' AND file:hashes.SHA1 = '097e6324f7c65236b791312503b75a736d8b5879' AND file:hashes.SHA256 = '711155de0073adc2f68fc4088253f92f43a696bbf5d8f892f902724be37668f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0b1fa52a-e14a-41b1-870c-6f2f34beb767",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:13.000Z",
|
|
"modified": "2018-04-17T09:36:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-04T09:38:45",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c00d-12bc-4b1b-8e67-49bf02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/711155de0073adc2f68fc4088253f92f43a696bbf5d8f892f902724be37668f3/analysis/1522834725/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c00d-36e8-4138-aaaa-48ed02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c00e-45a8-4dbc-aca0-46ac02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5bf3dff0-e75c-4c33-b4a1-eb598f12b360",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:17.000Z",
|
|
"modified": "2018-04-17T09:36:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02fe66090aa1e35ab228488e8c1715b0' AND file:hashes.SHA1 = 'a328f25c415918b7717f4ae43f8b177f20db5f48' AND file:hashes.SHA256 = '02cb3c5568577ed9658fcf68b9f776d720e2f7355090b10875f0f9bb2b8ed161']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--52911c0c-a5de-4e05-b24b-f95bc38926b4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:15.000Z",
|
|
"modified": "2018-04-17T09:36:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-14T02:11:17",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c00f-fa74-41e5-b5e1-459e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/02cb3c5568577ed9658fcf68b9f776d720e2f7355090b10875f0f9bb2b8ed161/analysis/1518574277/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c00f-ce08-4ee3-a2ee-4e9502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c010-b3c4-4ffd-bd8b-404502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--614923b5-0de4-4fc9-a207-736b5e32740d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:19.000Z",
|
|
"modified": "2018-04-17T09:36:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b3df868e667345393f53f96485413afc' AND file:hashes.SHA1 = '83b45579bc95e9b298bdd78103c92d518226084b' AND file:hashes.SHA256 = 'cc203d955e3e33479423f7b2aea1f13c2ba5895da16159a779407e03e747d116']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8ea75fc7-ff1e-45ce-806b-6542e4d5da9c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:17.000Z",
|
|
"modified": "2018-04-17T09:36:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-09T09:52:55",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c011-2c60-481e-a648-416402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cc203d955e3e33479423f7b2aea1f13c2ba5895da16159a779407e03e747d116/analysis/1383990775/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c012-0eb4-4ac4-b541-4af002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/46",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c012-c674-48f3-bd95-436902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--995bfffe-f2bd-4180-9982-f4700327897d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:21.000Z",
|
|
"modified": "2018-04-17T09:36:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7d8e7947905be31b08f6b122bdc0e807' AND file:hashes.SHA1 = '382798e0b1a9e3598ba729816f4bdf78af59507c' AND file:hashes.SHA256 = 'df9f1a4e2cb4247132c7442aedfe873c5e801ab048e0236407066c3acd5ec79b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bdda72e7-74f6-4a7e-9ce2-860f07a867cc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:19.000Z",
|
|
"modified": "2018-04-17T09:36:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:23:42",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c013-e2ac-4e4e-8613-473f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/df9f1a4e2cb4247132c7442aedfe873c5e801ab048e0236407066c3acd5ec79b/analysis/1523777022/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c014-a148-4349-a7d3-4b3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c014-71ec-4406-859c-42cf02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3d6d671b-63e1-4e34-add1-f1ac1def5d61",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:23.000Z",
|
|
"modified": "2018-04-17T09:36:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd42bbd4720a5505c3beb32bfb6cda8cb' AND file:hashes.SHA1 = '53107a52af70868fabe1372c6a6bcd249acee4d7' AND file:hashes.SHA256 = '786c1b55e5e73fd3c2231d7e6fa0565aacb4fb239807f42c2f0cb83f57186271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--73b55eba-1b5c-4404-a1fe-f8776317e5db",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:21.000Z",
|
|
"modified": "2018-04-17T09:36:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-18T19:13:24",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c016-f190-42e2-81a0-454202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/786c1b55e5e73fd3c2231d7e6fa0565aacb4fb239807f42c2f0cb83f57186271/analysis/1382123604/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c016-4f98-4dd9-95bc-42c902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/48",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c016-c640-4cdb-bb28-42de02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4faa8c04-91b8-4cae-a6e4-b7e025fba6fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:25.000Z",
|
|
"modified": "2018-04-17T09:36:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '474037c0cc41ea9a2de42d6b94c759c5' AND file:hashes.SHA1 = '61bd61916fac9af19f735f59c8f20ba9b5b145f8' AND file:hashes.SHA256 = '2a0904b6301b42ed0838633b161c947a781600fc884b0fc499f906a49ea38292']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2c7fb252-23a4-4d0f-a7d2-38ef26d62292",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:24.000Z",
|
|
"modified": "2018-04-17T09:36:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-11T00:34:44",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c018-f634-48a1-8a91-4ca002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2a0904b6301b42ed0838633b161c947a781600fc884b0fc499f906a49ea38292/analysis/1523406884/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c018-de88-4827-9b63-4f3602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c019-4ee8-4cb9-8d1f-42b102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--973396c7-45b7-4106-addf-ac2d80c845bf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:28.000Z",
|
|
"modified": "2018-04-17T09:36:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9044a2e1ea1eb511db8ab5e918c5fc8e' AND file:hashes.SHA1 = '4e7a00b64fd7861378edd9e29a66401d44fa5c8e' AND file:hashes.SHA256 = 'ef4d20220eaecedc0b3069192843bd5eddc196b25a9e083fd16d19ae100374df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--caf0696e-f479-451b-87c4-55c4e29e725c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:26.000Z",
|
|
"modified": "2018-04-17T09:36:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-13T06:32:29",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c01a-ae9c-454b-b507-428c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ef4d20220eaecedc0b3069192843bd5eddc196b25a9e083fd16d19ae100374df/analysis/1523601149/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c01a-c70c-4dab-bda5-445e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c01b-6100-4f8b-9d5c-43a202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54f5c200-a42b-4430-bbf0-b9669a922753",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:30.000Z",
|
|
"modified": "2018-04-17T09:36:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '31968f20d5803d91aa2caf76a912634b' AND file:hashes.SHA1 = 'adc3eea50a98ad71035f3f6f7068093b05db0f3c' AND file:hashes.SHA256 = '4a6043017f598162263d52315c79bfcb5fbef86f19d51beb718fe8093dc1af16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3c6123b5-074a-48ac-8e18-eacd3427f3e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:28.000Z",
|
|
"modified": "2018-04-17T09:36:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2014-11-05T19:15:43",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c01c-d378-4efb-9433-4f0b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4a6043017f598162263d52315c79bfcb5fbef86f19d51beb718fe8093dc1af16/analysis/1415214943/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c01d-dd04-4f86-869b-41f502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/53",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c01d-ba24-4191-a04c-480802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--31544fd1-56dd-45f2-b82e-92735845680d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:32.000Z",
|
|
"modified": "2018-04-17T09:36:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b406938547c8d101f789712862bf292a' AND file:hashes.SHA1 = '1883c127413ef4405118dd1ced7623188994aa2c' AND file:hashes.SHA256 = '5301f9401c7d7ac485d0169085222c64ec2de6f14783cad6150b7c6f0f368c7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3c388591-92db-40b6-ae4b-b929b333b015",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:30.000Z",
|
|
"modified": "2018-04-17T09:36:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:22:37",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c01e-2a58-400a-8eee-407802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5301f9401c7d7ac485d0169085222c64ec2de6f14783cad6150b7c6f0f368c7c/analysis/1523776957/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c01f-ce8c-4917-a7e9-414f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c01f-c22c-4cd7-94f9-42b002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--112a8e0b-9c16-4653-b33c-dd0c9395e5f1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:34.000Z",
|
|
"modified": "2018-04-17T09:36:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07a34546e519b95d3c4c8cf996ed03f9' AND file:hashes.SHA1 = '1848d35c3ba39444aed847cd67f3bac673f43c53' AND file:hashes.SHA256 = '0e1c8a62bd632cd364d16dcf0839531c8dcb443269f4478f301e4adf758977a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3c1121a3-79bf-4e3d-9f13-9a8b93a071cb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:32.000Z",
|
|
"modified": "2018-04-17T09:36:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-11T00:24:20",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c021-9578-4271-8266-485d02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0e1c8a62bd632cd364d16dcf0839531c8dcb443269f4478f301e4adf758977a6/analysis/1523406260/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c021-b8a0-4407-bf12-4a8902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/65",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c021-8168-488b-8340-4b3c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--94710067-d371-4822-8b18-19de4086162d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:36.000Z",
|
|
"modified": "2018-04-17T09:36:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '05473bd36fd70cc0f24cc88fe36751d4' AND file:hashes.SHA1 = '86a84feeb9bd371d558d1b445592458432912128' AND file:hashes.SHA256 = '4e496591b9c2c9722c07746edfc7892b178b8965bb4c452322caab68b2d5f262']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--682b1d3f-030c-4473-ba89-9cd2fe00057c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:35.000Z",
|
|
"modified": "2018-04-17T09:36:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-15T23:36:02",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c023-f5dc-416f-b990-477c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4e496591b9c2c9722c07746edfc7892b178b8965bb4c452322caab68b2d5f262/analysis/1518737762/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c023-b014-4478-975d-408d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c023-b9e0-4c8f-a43b-49d102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4801e439-9b95-4e31-b323-19141dc9f661",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:38.000Z",
|
|
"modified": "2018-04-17T09:36:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '674e2b0107ca6fb28cd708baae42c93b' AND file:hashes.SHA1 = '15952246291b8b94607f122ea32997c8fb08f9fd' AND file:hashes.SHA256 = '40a0f808c1fd873c364850d95e2f0adb0ca24740945702de5c0552a5afc60612']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--49706bc5-c3ca-4603-9c8c-27e7b7da5aea",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:37.000Z",
|
|
"modified": "2018-04-17T09:36:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T13:12:24",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c025-f2fc-42c9-a7c1-48cc02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/40a0f808c1fd873c364850d95e2f0adb0ca24740945702de5c0552a5afc60612/analysis/1518959544/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c025-7b28-42f1-bacc-419e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c026-88e0-4a1c-ac0c-432202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a323b8bb-713c-49d2-9182-c5c82a7ad35d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:41.000Z",
|
|
"modified": "2018-04-17T09:36:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7f77120177fb33bf160aa78901971bde' AND file:hashes.SHA1 = '5a11223ac68b9f231a18ecf8183cd81d67dd74aa' AND file:hashes.SHA256 = 'f34354749657c44beee0b1d7f5cdc4a31c858eab565fc2592f96c69eb9d501e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3b0a52e2-f7d8-4624-9306-b85a5d163797",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:39.000Z",
|
|
"modified": "2018-04-17T09:36:39.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-09T05:25:49",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c027-186c-4187-9067-421502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f34354749657c44beee0b1d7f5cdc4a31c858eab565fc2592f96c69eb9d501e1/analysis/1523251549/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c027-3874-4acb-862d-4ce502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c028-71fc-4cb6-94ac-438202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--471e1471-53fb-4110-b102-8cce0d58cf5b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:43.000Z",
|
|
"modified": "2018-04-17T09:36:43.000Z",
|
|
"pattern": "[file:hashes.MD5 = '411a12a8f765a78ce4763354c416707d' AND file:hashes.SHA1 = '73e0fcf79d3c5b3499e897b69b0cdfa4d8433b1c' AND file:hashes.SHA256 = '663ecdfa115605418b2826e4de7e289b0cd12849b719c7a171ee7524bf22fe99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--afea6952-1d7c-42e2-8600-2db8d77a821e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:41.000Z",
|
|
"modified": "2018-04-17T09:36:41.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-09T23:34:55",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c029-e514-4447-ba2d-408402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/663ecdfa115605418b2826e4de7e289b0cd12849b719c7a171ee7524bf22fe99/analysis/1384040095/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c02a-1ee8-430c-9b60-416e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/46",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c02a-335c-4f39-9973-41ef02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7db6a294-00d5-4a9d-b4ff-29e484eb8d4a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:45.000Z",
|
|
"modified": "2018-04-17T09:36:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0dd66e761ae86fcea07c2db6b2c1a1d0' AND file:hashes.SHA1 = '4f09185af27ad7ad6c96d5db6c5bb2b38f2ad118' AND file:hashes.SHA256 = 'c7e92cc3f88c7180e2774f2641c593ebebedee3424314fdd8fa8365f6cd0000a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4f42f6bc-bc09-4beb-b412-645e35f3d61c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:43.000Z",
|
|
"modified": "2018-04-17T09:36:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T22:42:54",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c02b-77a4-4353-b748-469902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c7e92cc3f88c7180e2774f2641c593ebebedee3424314fdd8fa8365f6cd0000a/analysis/1518993774/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c02c-4ea0-4c17-9652-44bb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/58",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c02c-6d8c-4750-b7e0-4a2e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--30ffb028-4ee1-479d-ad8e-b16c1c787b24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:47.000Z",
|
|
"modified": "2018-04-17T09:36:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fbecbd26e13fae93d2b2a36c5a6a645c' AND file:hashes.SHA1 = 'a5781cb00f1c3b05bb61156b45b2175578c9b973' AND file:hashes.SHA256 = '0a52739b2a45b1002b78230df60dd42d2ffa0897197953639dd627bcc0454134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cdd6e30a-cb0d-4276-8b1c-208f8db7873c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:45.000Z",
|
|
"modified": "2018-04-17T09:36:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-06-08T11:33:10",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c02e-d548-4c2a-b0a9-479e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0a52739b2a45b1002b78230df60dd42d2ffa0897197953639dd627bcc0454134/analysis/1465385590/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c02e-2570-418f-94ee-467902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/57",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c02e-74a8-44dd-834a-453102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58e315b7-b23a-4232-a7df-24c01f2c6147",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:49.000Z",
|
|
"modified": "2018-04-17T09:36:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9d34c94b7684098684acb3a5624eed77' AND file:hashes.SHA1 = '6fad9f2313aa377dcfbf24f8f72148f8cbe04220' AND file:hashes.SHA256 = 'c1e6324086192a47c60daee91f9f906c2ceb03cac0c67a8ed3f0a31c37e3a991']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a8ef1585-9219-4fd3-82c4-fd44b510ec44",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:48.000Z",
|
|
"modified": "2018-04-17T09:36:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:23:28",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c030-8f80-475f-9258-446402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c1e6324086192a47c60daee91f9f906c2ceb03cac0c67a8ed3f0a31c37e3a991/analysis/1523777008/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c030-b858-432c-89fc-4aae02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c031-d0cc-4630-abc2-404902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eead743e-4f7b-417e-ab5b-754be3ab4639",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:52.000Z",
|
|
"modified": "2018-04-17T09:36:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f04a33fba9e02ac620dae57d3fbef98d' AND file:hashes.SHA1 = '88c485a72af65f3e77cc060677c30e37874d1084' AND file:hashes.SHA256 = 'aebb84da20c2c92da398b1e5fcc8adc6bfe893d5a8b56c5cd1beb42b3fa5f069']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--44db359a-2322-4199-b7b2-ad7047055145",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:50.000Z",
|
|
"modified": "2018-04-17T09:36:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-10T19:18:03",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c032-f778-46ca-a3f3-427e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aebb84da20c2c92da398b1e5fcc8adc6bfe893d5a8b56c5cd1beb42b3fa5f069/analysis/1523387883/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c032-bf40-4afa-b471-4f9702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c033-5c78-4ab4-883b-401f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c462c18c-5dd2-474d-9bdb-683249100648",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:54.000Z",
|
|
"modified": "2018-04-17T09:36:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6edaf925da32588b1a7ff520bf83110f' AND file:hashes.SHA1 = '2392005587724e422ed77412a56c946b220ad5b5' AND file:hashes.SHA256 = '30103085dd67ac6e9bdf14255fc5c8b697d68b810e732b4ae29798b62e5ad677']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--51803a65-599e-4c65-a62e-47cedcfdf679",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:52.000Z",
|
|
"modified": "2018-04-17T09:36:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-10T00:44:33",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c034-10ac-4225-82af-4e9a02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/30103085dd67ac6e9bdf14255fc5c8b697d68b810e732b4ae29798b62e5ad677/analysis/1384044273/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c034-7bfc-4fdd-a823-4b8902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/45",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c035-7f54-4a87-990c-41cc02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--24579f89-a5e2-40a1-b402-1a3f503a9fee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:56.000Z",
|
|
"modified": "2018-04-17T09:36:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27d69990681a0c6219c580cffaaac5a7' AND file:hashes.SHA1 = '0e9b41fa1a5b36788c1705ccff0cc9e6c702b053' AND file:hashes.SHA256 = '310848da5dd6e75c8df5bc00223582a7b7e6fbef90ca45222948eaba546be3bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4df065d3-0e9e-474e-99f0-ddcfd2163f78",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:54.000Z",
|
|
"modified": "2018-04-17T09:36:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T15:20:06",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c036-33b0-46d0-8894-484c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/310848da5dd6e75c8df5bc00223582a7b7e6fbef90ca45222948eaba546be3bd/analysis/1518535206/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c037-b0dc-43e6-9d77-46cd02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c037-33e0-4c2c-a853-40d202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8e397422-74ed-45d1-9b6a-68a3333869ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:58.000Z",
|
|
"modified": "2018-04-17T09:36:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '923d42d648ba3f65d30e82d8a8405f74' AND file:hashes.SHA1 = '955254b67dfcb399cbc2d9124b4a0d15bea94f74' AND file:hashes.SHA256 = '228ffe97f34e097a0cb3b3288ee56a063da65d890b1f888d59d59f0ad2b3bb71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:36:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3136bde9-7b09-4380-9688-b316ff8030a3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:57.000Z",
|
|
"modified": "2018-04-17T09:36:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-12T08:23:46",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c039-9f24-4691-b76c-477c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/228ffe97f34e097a0cb3b3288ee56a063da65d890b1f888d59d59f0ad2b3bb71/analysis/1381566226/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c03a-a9d4-4ff2-8955-4ab002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/45",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c03a-f83c-408b-9649-4cd402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a9fa6c94-efe8-4dbf-b103-c24ab19cbbf7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:01.000Z",
|
|
"modified": "2018-04-17T09:37:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06e083d515104be00cd6558791c44b52' AND file:hashes.SHA1 = 'a7ab277b95e0058962ca6c95e80b7d8585f6b62c' AND file:hashes.SHA256 = 'c21fdd9a5d244aed75890c59094789c2f46815983084f4bc5966ae28630908a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--62a360ce-dbdb-4fbb-8e80-7ce96f87946c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:36:59.000Z",
|
|
"modified": "2018-04-17T09:36:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T18:46:36",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c03b-efec-49e2-9658-49f102de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c21fdd9a5d244aed75890c59094789c2f46815983084f4bc5966ae28630908a8/analysis/1518547596/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c03c-1684-44bd-bbb9-4d7402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c03c-f0a4-4ab3-b414-440402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f165aa6e-5d89-4258-8673-39c9f6b9948c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:03.000Z",
|
|
"modified": "2018-04-17T09:37:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cc09780b9efd18bf7191089cc72c0785' AND file:hashes.SHA1 = 'fcf3b257c6eed1ec42892a8ca951eb3dfde681ce' AND file:hashes.SHA256 = 'ef4b97346e1ee359feff43d136f3dd6031993fb47bdfd25520b4fc3279d3649b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--85cfd077-9915-43ee-80d6-d145645df836",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:02.000Z",
|
|
"modified": "2018-04-17T09:37:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-28T23:28:36",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c03e-bb64-4c95-9a6c-4f4f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ef4b97346e1ee359feff43d136f3dd6031993fb47bdfd25520b4fc3279d3649b/analysis/1522279716/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c03e-0a1c-4baa-ae31-4cba02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c03e-9894-4877-924f-4ca002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--475a6596-dcd2-4cd5-bde7-91710d2635ae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:05.000Z",
|
|
"modified": "2018-04-17T09:37:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'da4e7c3359edf27e38fbcd1ecfc901c8' AND file:hashes.SHA1 = '67549dcd823b0592a958aa8443ce1c219103ed42' AND file:hashes.SHA256 = 'a1175ff8f5544f4ec078e4d55db4b6aff7a7844e9df2057d3fe906cfa77d25f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--20aa948a-2c13-4806-97db-a0b7b736ef88",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:04.000Z",
|
|
"modified": "2018-04-17T09:37:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-02T14:10:58",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c040-5de4-4352-9aab-42d102de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a1175ff8f5544f4ec078e4d55db4b6aff7a7844e9df2057d3fe906cfa77d25f0/analysis/1383401458/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c040-10d4-4800-ae14-416202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c041-09f4-45ab-8721-433f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f66345c9-da87-4634-807e-95b40b3f7829",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:08.000Z",
|
|
"modified": "2018-04-17T09:37:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7ab76d9f40f3d9c0e004a81734b2aeb8' AND file:hashes.SHA1 = '9f5ce8fb8f070b03cc4d42a849e2e6563954f553' AND file:hashes.SHA256 = '2f9ca1b196aa915e3c87dabe20f353a4a69ee5998f8559ef8073194918dc7ea9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4f729230-95ef-4dd1-8e92-e3ca84fde7b0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:06.000Z",
|
|
"modified": "2018-04-17T09:37:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-07T09:01:54",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c042-d7b8-4166-920a-4f7902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2f9ca1b196aa915e3c87dabe20f353a4a69ee5998f8559ef8073194918dc7ea9/analysis/1381136514/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c042-e454-4172-a077-4af702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/48",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c043-6468-426b-93d3-4afc02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3ec767cb-63b7-4634-936d-ec2c72b7f414",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:10.000Z",
|
|
"modified": "2018-04-17T09:37:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c35973540aaffc8843e2b492433b4b78' AND file:hashes.SHA1 = '1dac4d6b1e9e7f8b304d434917c88f6557274c09' AND file:hashes.SHA256 = '082f1ce18a378ec6eb67565fb7bd89cd29db886b44fe4312a863382af9e13df7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e68803ee-8f52-4a45-b1ad-fadc751112e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:08.000Z",
|
|
"modified": "2018-04-17T09:37:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2016-01-15T09:59:07",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c044-fd14-4282-bdbf-400002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/082f1ce18a378ec6eb67565fb7bd89cd29db886b44fe4312a863382af9e13df7/analysis/1452851947/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c044-8848-471b-8854-43ce02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/56",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c045-d4c0-413f-ae38-47cd02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2f1a76d0-7049-4e63-b652-573bad749c33",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:12.000Z",
|
|
"modified": "2018-04-17T09:37:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = '083f4b601f084f80b3e10bf3478b68bf' AND file:hashes.SHA1 = 'd21edb550df8eea061eccb60b29bd219c8de3e0c' AND file:hashes.SHA256 = '98f7b5afa98edbfcb4a6f502d9d29e6bb0912a6bcb7a14abe3a9a60e0487b201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--66400a8a-058c-46d1-be9e-5e0a8e28a098",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:10.000Z",
|
|
"modified": "2018-04-17T09:37:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T18:17:32",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c046-12a4-4e5d-806d-4d2302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/98f7b5afa98edbfcb4a6f502d9d29e6bb0912a6bcb7a14abe3a9a60e0487b201/analysis/1518545852/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c047-94a4-428c-8e26-4ba302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/60",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c047-3624-4dbe-864a-4dd502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e7bf71e1-5ed5-46ce-8ba8-a1f4f00e8d19",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:14.000Z",
|
|
"modified": "2018-04-17T09:37:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '764f7d194a9fd699715da038b45d0d35' AND file:hashes.SHA1 = '79d20d3242c6a039359161313162c1bb05797d15' AND file:hashes.SHA256 = '2ca04f3c65e3fd16b9c879c7db4cc8025279463dbb965e3954e35106fe952e86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--92a63283-9df8-4cf5-831d-a1d429ae0a04",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:12.000Z",
|
|
"modified": "2018-04-17T09:37:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-16T06:08:59",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c048-1020-475d-ade3-496802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2ca04f3c65e3fd16b9c879c7db4cc8025279463dbb965e3954e35106fe952e86/analysis/1523858939/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c049-d830-4572-9c71-41ca02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c049-8704-4627-a507-431502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1c7451e3-1e01-469b-87a2-8fe5a7a8a1b3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:16.000Z",
|
|
"modified": "2018-04-17T09:37:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bf6cd7918821245d8cf822167ef41ba7' AND file:hashes.SHA1 = '305047c262f70690e61b90cdf4278b683da83a31' AND file:hashes.SHA256 = '4e27ccfd0c90aab501d16d45b1e9d13bde3e2d6c2ba6d230b7973dcc8567e556']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4f0576c0-d450-4279-9daa-96479dfa26ee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:14.000Z",
|
|
"modified": "2018-04-17T09:37:14.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-15T08:19:13",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c04a-b8b4-4ec6-b6b5-4bd402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4e27ccfd0c90aab501d16d45b1e9d13bde3e2d6c2ba6d230b7973dcc8567e556/analysis/1381825153/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c04b-9f00-412b-99e8-4cfb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c04b-b56c-40f0-9fdd-46fe02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fe05184f-77b8-4157-80b7-07aa043c9936",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:18.000Z",
|
|
"modified": "2018-04-17T09:37:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3328804e560b53c97cfe787824bec452' AND file:hashes.SHA1 = 'de50f8d6f17a207ab88dd50127ca8da89f9ff738' AND file:hashes.SHA256 = '599d9e37c39ec47a50b512e01449a37ff3c3354ed0b9b4de2ca7e8f2d3a33bfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2f79727e-28c0-423d-9ed6-8cbf85e2b518",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:16.000Z",
|
|
"modified": "2018-04-17T09:37:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-14T02:28:48",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c04d-aba0-4ce3-a459-456602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/599d9e37c39ec47a50b512e01449a37ff3c3354ed0b9b4de2ca7e8f2d3a33bfa/analysis/1518575328/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c04d-8e6c-4958-a908-4eab02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c04d-8060-48ba-884f-4f5102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3732f786-fed1-4ec0-81a2-cf90bac3e268",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:20.000Z",
|
|
"modified": "2018-04-17T09:37:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ae1d5a422ee778c4ba40e5b224333a9d' AND file:hashes.SHA1 = '7abb25bf3182c58fc2a99b8727a28078eb143058' AND file:hashes.SHA256 = '39c05a8b0d635eb221023154423dd3e26c93d16bb5a16a2512c68bde62996023']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dc2dd4e7-efc4-4d62-8c13-1af4257ee137",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:19.000Z",
|
|
"modified": "2018-04-17T09:37:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-12T08:22:34",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c04f-bd60-4c59-99f8-452702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/39c05a8b0d635eb221023154423dd3e26c93d16bb5a16a2512c68bde62996023/analysis/1381566154/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c04f-b45c-46f0-a9e8-494f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c050-1a78-4846-86df-46c202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3bf3ae13-b58d-4f5d-8469-5a34c8122639",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:23.000Z",
|
|
"modified": "2018-04-17T09:37:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bcf18963a5f87002ebaa44255af5179d' AND file:hashes.SHA1 = 'cdae45301536fdab9c3cf15dd6b0ccd1d1b579be' AND file:hashes.SHA256 = 'd7e95936470c9747f9c803d3839159e86112afbe49d68b578775f1c29141d502']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--409f2f05-3619-4f32-9c87-2ba0be7d1f14",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:21.000Z",
|
|
"modified": "2018-04-17T09:37:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-16T07:47:11",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c051-fb3c-4c91-a16e-410e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d7e95936470c9747f9c803d3839159e86112afbe49d68b578775f1c29141d502/analysis/1518767231/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c051-0784-4c8e-8142-423502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c052-8560-4bfd-8e25-4bbd02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ca3966ec-726d-4dcb-81f4-39c21bce3b57",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:25.000Z",
|
|
"modified": "2018-04-17T09:37:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02324f64dfa4be5bb0f4abafa5a27c51' AND file:hashes.SHA1 = '349c4a436f1544aa76096d9f4100765d133ab49b' AND file:hashes.SHA256 = '3c9c3423951655b97251bf5d3d12fe59fcf96d4274c4887b88744438371fe61b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--54df5a27-b7e9-4370-b86a-434bc5c4bfb0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:23.000Z",
|
|
"modified": "2018-04-17T09:37:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-15T21:33:00",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c053-32a0-46af-bcae-499c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3c9c3423951655b97251bf5d3d12fe59fcf96d4274c4887b88744438371fe61b/analysis/1518730380/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c054-4f98-4e45-8060-452502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c054-b870-4ed1-8121-461e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54175632-8cf7-4b49-934a-da9ed750f839",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:27.000Z",
|
|
"modified": "2018-04-17T09:37:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c080899fd8c4c1a77df313c70d1ce2ff' AND file:hashes.SHA1 = 'f38e818652e93bea7cea5bde4da7b511fa221fa4' AND file:hashes.SHA256 = '44f6b3cea3a371a7cd6161739dcc6f9f96a40c8c732b1acd8042a2991a9bbf73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1602037e-3d0a-4d7c-aad4-690589211f3d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:25.000Z",
|
|
"modified": "2018-04-17T09:37:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T10:33:07",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c055-08a4-4c7c-897e-467402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/44f6b3cea3a371a7cd6161739dcc6f9f96a40c8c732b1acd8042a2991a9bbf73/analysis/1523788387/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c056-3c48-4e4f-9f54-46d902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c056-83ac-431f-80f8-494c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--22060082-286e-4e92-a9de-5932cc66684c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:29.000Z",
|
|
"modified": "2018-04-17T09:37:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1772c2d5cbb68dbb3d6436f0e03587d2' AND file:hashes.SHA1 = 'd5ffc39edb0660e6e4c678d6bc8453172ed8e96f' AND file:hashes.SHA256 = '380545cfde4acaf2c29969d175db1cecd28c5691693e097e52da5c0e886a8301']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--da7a7be3-a8bf-4a4b-942e-6366ca70d287",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:27.000Z",
|
|
"modified": "2018-04-17T09:37:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2014-11-06T23:59:48",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c058-fc54-4bee-bfaf-41f502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/380545cfde4acaf2c29969d175db1cecd28c5691693e097e52da5c0e886a8301/analysis/1415318388/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c058-4f48-47ed-898c-435b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/54",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c058-9ab0-43c1-8ec2-4e5a02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bc3cbc70-c086-48a4-8c6e-faf4f66dc4fd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:31.000Z",
|
|
"modified": "2018-04-17T09:37:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c3cac81d6f2b9eef489e93ab8f3f73db' AND file:hashes.SHA1 = 'f8394dd33bd8adf68c9741f16c49cac87452518f' AND file:hashes.SHA256 = '036d8c2a089ea0870fa37060c96928789a8b373ca0795d1c06db443b53dc5882']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fe8692b8-47ed-49ae-ac84-c200cf0fb40b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:30.000Z",
|
|
"modified": "2018-04-17T09:37:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-16T00:01:10",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c05a-d550-4d9d-a9b0-44f602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/036d8c2a089ea0870fa37060c96928789a8b373ca0795d1c06db443b53dc5882/analysis/1518739270/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c05a-96d8-4354-93e7-4f8402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c05b-1c4c-4560-9695-45d602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f971946a-c11f-4e87-958e-b1216469856d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:34.000Z",
|
|
"modified": "2018-04-17T09:37:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b1941d4166446c06d6d632e970d92636' AND file:hashes.SHA1 = 'b9dc3b298aad57e771b67bc5f1e233ffb8ffd5c6' AND file:hashes.SHA256 = 'acaa87b92f1e2ee316033624e4760ca4f9c781e82b72949c46861c7652cf74c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7fc03e03-5dfe-4d7b-9ca9-d4f2c47233fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:32.000Z",
|
|
"modified": "2018-04-17T09:37:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T18:43:15",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c05c-c4b4-4a8b-8d70-449402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/acaa87b92f1e2ee316033624e4760ca4f9c781e82b72949c46861c7652cf74c2/analysis/1518547395/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c05c-9500-4c70-b41d-4fca02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c05d-4c84-4704-8334-403402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--820f1598-4c73-4860-8239-acc32c501496",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:36.000Z",
|
|
"modified": "2018-04-17T09:37:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1d1f1a00e81ea25b47ce8ab5f985e613' AND file:hashes.SHA1 = 'dbb963bbafa980549c37f910f88e74384116dc5a' AND file:hashes.SHA256 = 'fdb559a29e0374fa7ce71d8661400fcc2d2db7d3486822a5cf1e0eba5c5634c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--686748b5-288c-48a2-9596-1fc1e96df87b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:34.000Z",
|
|
"modified": "2018-04-17T09:37:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-10T04:18:12",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c05e-b79c-4038-8b10-456902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fdb559a29e0374fa7ce71d8661400fcc2d2db7d3486822a5cf1e0eba5c5634c8/analysis/1381378692/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c05e-e100-4ffd-8a55-442202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/48",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c05f-2354-4d54-8aad-492802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9b31f6f2-1afa-4cc1-b1c9-3939d61c351e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:38.000Z",
|
|
"modified": "2018-04-17T09:37:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'abdf720306ad14a86c6398e54f0be09d' AND file:hashes.SHA1 = '0cb24debe4cbc25c4f0c52911fdb98078e275511' AND file:hashes.SHA256 = '9dc0c514ea1aaa91c1255857cb261bd6c94f8565ffef4420b75c5d5320717b09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c3012495-b7ed-4916-9049-53b6c65ac11b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:36.000Z",
|
|
"modified": "2018-04-17T09:37:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-22T08:18:41",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c060-6404-401e-af9d-459902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9dc0c514ea1aaa91c1255857cb261bd6c94f8565ffef4420b75c5d5320717b09/analysis/1385108321/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c061-ba4c-4bc3-867f-4bee02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/40",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c061-2068-4c26-b711-491402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4febf0f3-b71a-45e4-baed-ebd75779a918",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:40.000Z",
|
|
"modified": "2018-04-17T09:37:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8efc70786479935b96f803fe10cb6044' AND file:hashes.SHA1 = 'b6ff511bf3089529d49b66ed3cbb6253b6d94193' AND file:hashes.SHA256 = '8fdabcedb02b4ae9364e53f38738710a1f6e9851077c29dbda34cf934229b47d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--872d5324-22bb-4366-a495-9cfe1ab1fcb8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:38.000Z",
|
|
"modified": "2018-04-17T09:37:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-10T07:16:17",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c062-6b68-4143-8d55-49dd02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8fdabcedb02b4ae9364e53f38738710a1f6e9851077c29dbda34cf934229b47d/analysis/1381389377/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c063-6d60-4e3b-a972-490a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/43",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c063-d884-4fe3-87c7-4a1b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b366383d-8567-41d5-8bd2-098a72d6410b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:42.000Z",
|
|
"modified": "2018-04-17T09:37:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fa3cc35f616ee7a76d412fd7b1844d13' AND file:hashes.SHA1 = 'e436d27ebd89381f69a5b2f877d7a9b9e96aa330' AND file:hashes.SHA256 = '4d0f0b7c9a3b8694895275fcc45aa1df3e6f2ad0c58563a40ac80776c705f821']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c18455f9-0c99-40ad-9307-b6c207b78199",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:40.000Z",
|
|
"modified": "2018-04-17T09:37:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-14T02:26:09",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c064-2b64-42fc-a8be-407102de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4d0f0b7c9a3b8694895275fcc45aa1df3e6f2ad0c58563a40ac80776c705f821/analysis/1518575169/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c065-f684-449c-a824-41d202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c065-b56c-4c67-81dc-493002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--338c09b1-8889-4266-bc9c-9b6198986d8e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:44.000Z",
|
|
"modified": "2018-04-17T09:37:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3bc9ae5f2b9e828fa6da848e1bd80ae4' AND file:hashes.SHA1 = 'cbde1c5e0a62d24f295debb65e6a4e9a677a7e0f' AND file:hashes.SHA256 = '6bd38baca4b923c26628e9dcf9ee64d8bcc5c4ba9cb9f2298e32f8db7816de08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ed59d7cd-6596-4802-b2c8-8bc71943c90f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:43.000Z",
|
|
"modified": "2018-04-17T09:37:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-10T07:18:37",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c067-9f84-4c25-87c3-440b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6bd38baca4b923c26628e9dcf9ee64d8bcc5c4ba9cb9f2298e32f8db7816de08/analysis/1381389517/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c067-a25c-424e-ba70-423c02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c067-d180-4bc8-9d4b-44aa02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9b0cbf41-9f55-4c12-af30-95638bcb9724",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:46.000Z",
|
|
"modified": "2018-04-17T09:37:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7fb513b75ccf200bf82351a9e41a0973' AND file:hashes.SHA1 = '0f77fb6b52f2b76a3675d5a7cf872966710f812c' AND file:hashes.SHA256 = 'c7dcf76652af54cf4cbbfdfc4fa5cc8d4a8e1807d478eceee32270260dbfecf7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ddd0eeec-07f6-4e82-aa68-2237276ef93e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:45.000Z",
|
|
"modified": "2018-04-17T09:37:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-13T11:14:58",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c069-447c-468d-887d-4df002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c7dcf76652af54cf4cbbfdfc4fa5cc8d4a8e1807d478eceee32270260dbfecf7/analysis/1381662898/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c069-2d8c-4cd0-a08c-465102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c06a-89a0-4cff-8102-440b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--23d68864-87dc-40f6-8bdb-0382a2de717f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:49.000Z",
|
|
"modified": "2018-04-17T09:37:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0b552b46d59aaade686dbb4cac9bc71f' AND file:hashes.SHA1 = '45dabdbc4b4608f9341d29fdf403026b9ab72ea7' AND file:hashes.SHA256 = '8ecfcfc939e40cc943df83f548286c2f7f519a53e195b3ae595e0bef39baee29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6a099e7c-a5dd-400b-8bca-df7575a5f1e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:47.000Z",
|
|
"modified": "2018-04-17T09:37:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-30T01:34:25",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c06b-39f4-4699-a5b4-417602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8ecfcfc939e40cc943df83f548286c2f7f519a53e195b3ae595e0bef39baee29/analysis/1522373665/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c06b-d7d0-4c66-b15e-4d0202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "9/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c06c-f244-4d49-9511-486002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bf50fe3f-7ce4-4162-bee5-5b58898ff862",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:51.000Z",
|
|
"modified": "2018-04-17T09:37:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a24a18a8496520e1c5683334e0180d13' AND file:hashes.SHA1 = '0d5a0bbf4f2181ec29dcc403b5b5911aec64a617' AND file:hashes.SHA256 = '6856286bb8ac5961f58831e7e4fa6debe7a4a399e5ffa56d37e7ca78f1588871']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e031d087-ef4b-4824-9859-b46854c2939b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:49.000Z",
|
|
"modified": "2018-04-17T09:37:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T19:38:44",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c06d-f844-4fc9-a9e8-4ebb02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6856286bb8ac5961f58831e7e4fa6debe7a4a399e5ffa56d37e7ca78f1588871/analysis/1518550724/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c06e-c090-4419-af65-4ea302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c06e-3220-4587-a392-47a202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a2d09237-7842-4a7c-9966-66901fed8c9d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:53.000Z",
|
|
"modified": "2018-04-17T09:37:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '022fc987b7cd2f7530b694f1ca3fd867' AND file:hashes.SHA1 = 'ab0e9d0b4f009d91f218dd57aece93f29ffc1526' AND file:hashes.SHA256 = '66c2586add3eac9184972cfc7a6172532c16dc0d1e1f874e4cd3fa2276657c2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f2130b6f-d3b1-4d06-9938-964ee58f732c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:51.000Z",
|
|
"modified": "2018-04-17T09:37:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-14T02:31:17",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c06f-923c-4d45-b22a-471a02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/66c2586add3eac9184972cfc7a6172532c16dc0d1e1f874e4cd3fa2276657c2a/analysis/1518575477/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c070-93bc-4aee-99d9-4d3402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c070-a65c-43e0-be04-424f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--93d0b571-4b57-409a-8616-fe681227c5b0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:55.000Z",
|
|
"modified": "2018-04-17T09:37:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a6480a1ca24847268d44b032a86e8e5f' AND file:hashes.SHA1 = '21cbdf4557ba7480d1206bcd6cd6765f25381218' AND file:hashes.SHA256 = 'ac6fbd8f18bb93cfac31af73eb9cf6a1aa925b95d44b42b3659ecfd49209ec76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ef46be73-9a3e-44c3-83c2-4ede304d137b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:53.000Z",
|
|
"modified": "2018-04-17T09:37:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:23:18",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c071-afa8-4c27-8542-468802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ac6fbd8f18bb93cfac31af73eb9cf6a1aa925b95d44b42b3659ecfd49209ec76/analysis/1523776998/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c072-8e14-4de4-b957-408302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c072-3314-4e01-aa37-430202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d3888401-a744-46ca-af6a-ebd96da536f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:57.000Z",
|
|
"modified": "2018-04-17T09:37:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '62f93f7c41eb93f73152d7318075938c' AND file:hashes.SHA1 = '9257e517c6fcff239b29856bf912c80d6015ba6c' AND file:hashes.SHA256 = 'cb2155b65879f66eb449b60a90c632c701fbea7ac8d4011e3b24b238c3302de0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d0fb5f61-30c3-4b2e-a514-31fc3fff048f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:56.000Z",
|
|
"modified": "2018-04-17T09:37:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-10-10T07:16:18",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c074-e918-4986-8a4b-44d102de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cb2155b65879f66eb449b60a90c632c701fbea7ac8d4011e3b24b238c3302de0/analysis/1381389378/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c074-e6bc-4229-bdaa-488602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c074-8df4-4246-8a6a-419d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--48f7985a-f575-46f2-b2a6-d8f9f349e20d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:59.000Z",
|
|
"modified": "2018-04-17T09:37:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d0398564ff410100e31e772d75b109e' AND file:hashes.SHA1 = 'c4b66d9732769033ae7450faf18a6e88653ebc64' AND file:hashes.SHA256 = '70d50a77db7cb028163638a7e58c354e1fbab4757323ad9eccfb51e9b257f83c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:37:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1ef1d86b-f368-4bf7-899f-8e2141bf5ae7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:37:58.000Z",
|
|
"modified": "2018-04-17T09:37:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-11T11:15:54",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c076-6f40-41ea-8620-4abc02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/70d50a77db7cb028163638a7e58c354e1fbab4757323ad9eccfb51e9b257f83c/analysis/1523445354/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c076-ace4-445e-88c7-4ec702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c077-11fc-46a9-9802-4f7302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bbb9a50d-b258-4447-b8a5-c15bf7581ae8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:02.000Z",
|
|
"modified": "2018-04-17T09:38:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4dc1b426f104f24bc26ccb2370cb3dc6' AND file:hashes.SHA1 = 'b5bbcd25a910d03fa056ccbd5d038e026070a0a1' AND file:hashes.SHA256 = '35c996576eba666a33e26bc25122196de365465da8ebee70930b9c4ec6be7313']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0a443b7d-1866-4230-b65b-dedabfe03e83",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:00.000Z",
|
|
"modified": "2018-04-17T09:38:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:22:25",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c078-0b0c-47f2-b71b-4cc602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/35c996576eba666a33e26bc25122196de365465da8ebee70930b9c4ec6be7313/analysis/1523776945/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c078-0fd0-4129-86c7-428102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c079-a16c-4ab0-9747-4b2302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--34f4e2b6-3c81-4759-984f-86d7b4918862",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:04.000Z",
|
|
"modified": "2018-04-17T09:38:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00145e4e28e265313235ac7f6dbbd780' AND file:hashes.SHA1 = 'c0de7c159022c157bfca575defd1aa954889e477' AND file:hashes.SHA256 = 'c76394aaf293cbf4bf3b9d7a94c251feac11435204664d700bb4bd87da3c1898']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--332bc7c4-5a4e-4d1f-ad95-ba547a1bd03d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:02.000Z",
|
|
"modified": "2018-04-17T09:38:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T19:26:44",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c07a-3250-4563-8e46-4bc902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c76394aaf293cbf4bf3b9d7a94c251feac11435204664d700bb4bd87da3c1898/analysis/1518550004/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c07a-1ef4-4e49-8026-44e002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c07b-1578-4e88-8b74-44f402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d1fc796f-8f35-4217-a3cc-d034728cab47",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:06.000Z",
|
|
"modified": "2018-04-17T09:38:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c0f96b7e834dbe37e433b6303922ca42' AND file:hashes.SHA1 = '400b9782c5d1c95a6d3f1824e767abb45f07d26c' AND file:hashes.SHA256 = 'b609c46124d069b2299de3896a5cc2f7540e4effcba462e7f5300573666efd4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--91de0b6e-f4f2-43e9-8ea7-3f3e5341eecb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:04.000Z",
|
|
"modified": "2018-04-17T09:38:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-16T05:49:02",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c07c-90e8-4e3d-ac7d-45b202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b609c46124d069b2299de3896a5cc2f7540e4effcba462e7f5300573666efd4a/analysis/1518760142/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c07d-7038-431d-bbd2-4f1b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c07d-8048-4f17-8d40-477b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8d5831df-85b4-49dd-ac0e-a65280af1025",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:08.000Z",
|
|
"modified": "2018-04-17T09:38:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a0f504db6b930307d2ed8d4237288627' AND file:hashes.SHA1 = 'b69e6e1c4412b1c7242bd68f4ad69f4441b7bbef' AND file:hashes.SHA256 = '61dede4113d1eda504f7360ae535cd88ede9425722db4a43577185d0312acd5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0475bcfd-dcdf-44d2-87b0-2083883a290c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:06.000Z",
|
|
"modified": "2018-04-17T09:38:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-11T14:55:26",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c07e-26a4-4da5-b319-4fa002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/61dede4113d1eda504f7360ae535cd88ede9425722db4a43577185d0312acd5a/analysis/1384181726/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c07f-20a0-4939-817f-40e002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c07f-1060-46e6-8da7-40de02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2bd61b04-6327-416d-b613-a56d7c4a6dfe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:10.000Z",
|
|
"modified": "2018-04-17T09:38:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06961bc6bdd66e7dbf9411f48a97ac54' AND file:hashes.SHA1 = 'd41d6b1778be5558caac06c5793ae26d764316a5' AND file:hashes.SHA256 = '2eed2f22d055d605a8387d35610e4e82815eb29b7212de12088202efa54d3c31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--610984d9-b024-4156-9823-26b761e17e15",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:08.000Z",
|
|
"modified": "2018-04-17T09:38:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T21:48:04",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c080-a43c-4826-a378-492602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2eed2f22d055d605a8387d35610e4e82815eb29b7212de12088202efa54d3c31/analysis/1518558484/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c081-ca64-4898-94a0-476002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c081-e8fc-4cc3-95df-423702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7bebd57c-bb57-4da1-a8b1-97fb53694f80",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:12.000Z",
|
|
"modified": "2018-04-17T09:38:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3c439eb4f27e7b5a12a2eb2d45f5ddae' AND file:hashes.SHA1 = '18d057a246f5fdaebf913567c6da86c18f257a1a' AND file:hashes.SHA256 = 'd62ee1186d8a8c7d84b2a03e0bee1c13c47d133a55238ba7c367f9539e6c9b17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4d3f77ed-8659-4a4c-8a0f-65c772c7a7fe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:10.000Z",
|
|
"modified": "2018-04-17T09:38:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:23:38",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c083-90a4-479b-a98e-491b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d62ee1186d8a8c7d84b2a03e0bee1c13c47d133a55238ba7c367f9539e6c9b17/analysis/1523777018/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c083-15e0-4fce-b961-456f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c083-c6e0-4ffb-80e2-4ca202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b91d5808-92ad-4fa7-9b4d-7348cc563091",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:14.000Z",
|
|
"modified": "2018-04-17T09:38:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'da6963cf4251a26a96783e36d7f79f6a' AND file:hashes.SHA1 = '8b626ec47c9839a787205ee0fa0f4a96cb500f5f' AND file:hashes.SHA256 = '3538c0a7785ab6d418112d10cd6844ded5745064840d18d74d9b978dea1fe1a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7994aa0e-7f14-4988-8820-5ffe04a261d1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:13.000Z",
|
|
"modified": "2018-04-17T09:38:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-08T21:26:04",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c085-63c4-49a7-b955-49a502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3538c0a7785ab6d418112d10cd6844ded5745064840d18d74d9b978dea1fe1a9/analysis/1523222764/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c085-23cc-4f44-b955-4acd02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c085-26d0-4136-b322-4c6a02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f46250f9-0e9b-4e25-9bee-b06e384c3a53",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:16.000Z",
|
|
"modified": "2018-04-17T09:38:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a0e97a3709647edd15c5343a3e881200' AND file:hashes.SHA1 = '8f66efb93622c8352e15fae4292527984599c55e' AND file:hashes.SHA256 = '5795c26debe0c06d1f1968730a84efeed69f0493b23f8411b3ea60781e7a24a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c4796178-b6f0-433b-96a2-9b72e558e59a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:15.000Z",
|
|
"modified": "2018-04-17T09:38:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T19:19:28",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c087-9274-4fb1-b3d0-49eb02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5795c26debe0c06d1f1968730a84efeed69f0493b23f8411b3ea60781e7a24a7/analysis/1518549568/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c087-3814-490e-8392-457702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c088-3c04-4ee2-9708-495802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--911c04f4-f1f2-44c4-8242-c69e588493f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:19.000Z",
|
|
"modified": "2018-04-17T09:38:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06d1487a0d9a2f8ca4120aeff4ef93fa' AND file:hashes.SHA1 = '2fb0fe6a72310fcd505ade5ee3a3c362f0c758b0' AND file:hashes.SHA256 = '0073f6d57c2e4ca1871dc1a5e270160e734b2d79bd9b7b55b82a8ddc53aaac0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d436e73b-9629-4c08-988b-73650cd12315",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:17.000Z",
|
|
"modified": "2018-04-17T09:38:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-13T21:17:14",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c089-24a8-42f6-94d0-492002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0073f6d57c2e4ca1871dc1a5e270160e734b2d79bd9b7b55b82a8ddc53aaac0f/analysis/1518556634/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c089-4654-407b-babc-43c202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad5c08a-d820-499b-a0da-488e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c878521d-9b6b-4046-a3d2-fc9798c3c8df",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:21.000Z",
|
|
"modified": "2018-04-17T09:38:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '88c5c5d977ed5d0f5007d66c9fb4bc80' AND file:hashes.SHA1 = 'a79c5a2ebde210b39968f035e90aca3ceff5e728' AND file:hashes.SHA256 = '3784e5b40ff8687265efe5dacfd5b6c9d744fe294f425703ddafbf687192eb8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--03a28507-7341-429a-afef-14f0e4faeae6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:19.000Z",
|
|
"modified": "2018-04-17T09:38:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2013-11-08T21:56:31",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c08b-afa0-412d-be09-49eb02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3784e5b40ff8687265efe5dacfd5b6c9d744fe294f425703ddafbf687192eb8e/analysis/1383947791/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c08b-5980-44bf-bd61-47ab02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/47",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Shipup-6503419-0",
|
|
"uuid": "5ad5c08c-62c4-4015-a50d-434502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ac554dac-0487-4973-be4d-4d2efbcfc1b9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:23.000Z",
|
|
"modified": "2018-04-17T09:38:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '781ae76246f0877046045aca91083de1' AND file:hashes.SHA1 = '69349f7d58ef25c33857a7a27162774b93d14aaa' AND file:hashes.SHA256 = '96847279dd3564a5d689bf310483fe351fac55e54a440d15e55f0bb7d35baab6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--49e363d6-17fc-41dc-b434-a102e236ceba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:21.000Z",
|
|
"modified": "2018-04-17T09:38:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-10T06:49:31",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c08d-af7c-4867-80d7-489902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/96847279dd3564a5d689bf310483fe351fac55e54a440d15e55f0bb7d35baab6/analysis/1523342971/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c08d-a090-4986-b12c-4e7502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c08e-6c1c-40fa-9bad-464002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7606e8b5-261a-40ea-99e1-383c9a1c85f7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '644cc5ba8fd3ed19e266a7542d7ff99e' AND file:hashes.SHA1 = 'f9c780e91fccb4b657eab0240f18e09b94b460e0' AND file:hashes.SHA256 = '3d756dcf4397cb6b0d406b9f70eb18029965fce0110c0290af6ad73468aa2c1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T09:38:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a0ebe82c-5513-4e78-9d9c-2b1ee9be03c0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T09:38:23.000Z",
|
|
"modified": "2018-04-17T09:38:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-15T07:22:28",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c08f-66fc-4b5f-ad6f-43d202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3d756dcf4397cb6b0d406b9f70eb18029965fce0110c0290af6ad73468aa2c1f/analysis/1523776948/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c090-5be8-49d0-bcff-4d0202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Generic-6502500-0",
|
|
"uuid": "5ad5c090-d8ac-4d3d-b12f-45ac02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d64c-0d2c-486c-99c7-a0bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:14:22.000Z",
|
|
"modified": "2018-04-17T11:14:22.000Z",
|
|
"description": " Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\RUNONCE' AND windows-registry-key:values[0].data = 'kdivknmyqwz' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:14:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d680-5248-4175-bd12-d066950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:12:00.000Z",
|
|
"modified": "2018-04-17T11:12:00.000Z",
|
|
"description": " Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'ProxyServer' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:12:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d764-6f6c-4d61-aed1-48bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:16:14.000Z",
|
|
"modified": "2018-04-17T11:16:14.000Z",
|
|
"description": " Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'AutoDetect' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:16:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d7de-2ab4-472e-9bba-2440950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:17:50.000Z",
|
|
"modified": "2018-04-17T11:17:50.000Z",
|
|
"description": " Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'ProxyOverride' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:17:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d82c-72a8-406a-a4cb-a0bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:19:08.000Z",
|
|
"modified": "2018-04-17T11:19:08.000Z",
|
|
"description": " Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'ProxyEnable' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:19:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5d855-b3e0-450a-bfbd-d095950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:19:49.000Z",
|
|
"modified": "2018-04-17T11:19:49.000Z",
|
|
"description": " Win.Dropper.Generickdz-6500702-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS' AND windows-registry-key:values[0].data = 'AutoConfigURL' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:19:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5df94-d030-4f98-bae7-44c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T11:50:44.000Z",
|
|
"modified": "2018-04-17T11:50:44.000Z",
|
|
"description": "Win.Dropper.Generic-6502500-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\POLICIES\\\\EXPLORER\\\\RUN' AND windows-registry-key:values[0].data = 'NZVHFTBPMBN' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T11:50:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fa35-f650-49aa-81ab-4655950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:44:21.000Z",
|
|
"modified": "2018-04-17T13:44:21.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\SYSTEMCERTIFICATES\\\\ROOT\\\\CERTIFICATES\\\\9B4DFF593EC4945503B76D97E83BADF6893F2597' AND windows-registry-key:values[0].data = 'Blob' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:44:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fa7f-2914-45a7-98fc-45bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:45:35.000Z",
|
|
"modified": "2018-04-17T13:45:35.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES' AND windows-registry-key:values[0].data = 'DefaultInstance' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:45:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5faa2-477c-4823-9ba7-4e7c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:46:10.000Z",
|
|
"modified": "2018-04-17T13:46:10.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES\\\\MAGSV INSTANCE' AND windows-registry-key:values[0].data = 'Altitude' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:46:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fad4-36a0-4a9d-b4ae-40b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:47:00.000Z",
|
|
"modified": "2018-04-17T13:47:00.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES\\\\MAGSV INSTANCE' AND windows-registry-key:values[0].data = 'Flags' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:47:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fd0d-c14c-4e4f-8529-41a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:56:29.000Z",
|
|
"modified": "2018-04-17T13:56:29.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV\\\\INSTANCES\\\\MAGSV INSTANCE' AND windows-registry-key:values[0].data = 'Flags' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:56:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fd2c-951c-499f-9a2d-4650950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T13:57:00.000Z",
|
|
"modified": "2018-04-17T13:57:00.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'atimode' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T13:57:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fefa-8fac-478c-bef3-4f19950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:04:42.000Z",
|
|
"modified": "2018-04-17T14:04:42.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'shield_count' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:04:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5ff8f-9db8-443b-9835-40b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:07:11.000Z",
|
|
"modified": "2018-04-17T14:07:11.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'set_pt' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:07:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5ffb4-6e7c-4470-9b29-4c86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:07:48.000Z",
|
|
"modified": "2018-04-17T14:07:48.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'set_pt' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:07:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad5fff2-a58c-40ca-9898-41a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:08:50.000Z",
|
|
"modified": "2018-04-17T14:08:50.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\CONTROL\\\\NETWORK' AND windows-registry-key:values[0].data = 'set_bl' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:08:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60018-0020-4e76-bbc1-4034950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:09:28.000Z",
|
|
"modified": "2018-04-17T14:09:28.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\SYSTEMCERTIFICATES\\\\ROOT\\\\CERTIFICATES' AND windows-registry-key:values[0].data = '9B4DFF593EC4945503B76D97E83BADF6893F2597' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:09:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad601c5-1420-47fd-918b-42c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:16:37.000Z",
|
|
"modified": "2018-04-17T14:16:37.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\SYSTEMCERTIFICATES\\\\ROOT\\\\CERTIFICATES' AND windows-registry-key:values[0].data = '9B4DFF593EC4945503B76D97E83BADF6893F2597' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60217-e4bc-4470-b1e6-43fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:17:59.000Z",
|
|
"modified": "2018-04-17T14:17:59.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\TCPIP6\\\\PARAMETERS' AND windows-registry-key:values[0].data = 'DisabledComponents' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:17:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60231-3f60-4002-88a6-8ee9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:18:25.000Z",
|
|
"modified": "2018-04-17T14:18:25.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'ImagePath' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:18:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad602de-93f8-4977-bd92-4336950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:21:18.000Z",
|
|
"modified": "2018-04-17T14:21:18.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'DisplayName' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:21:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6030d-01fc-4395-b374-4e42950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:22:05.000Z",
|
|
"modified": "2018-04-17T14:22:05.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\WOW6432NODE\\\\MICROSOFT\\\\NETWORK\\\\FILESERVICE' AND windows-registry-key:values[0].data = 'Liveup' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:22:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60339-e7a8-4868-affe-4f0a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:22:49.000Z",
|
|
"modified": "2018-04-17T14:22:49.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\WOW6432NODE\\\\MICROSOFT\\\\NETWORK\\\\FILESERVICE' AND windows-registry-key:values[0].data = 'igfxmtc_time' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60491-c5b0-4344-9c7b-4ebf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:28:33.000Z",
|
|
"modified": "2018-04-17T14:28:33.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\TCPIP\\\\PARAMETERS' AND windows-registry-key:values[0].data = 'DisableTaskOffload' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad604cf-5324-47a7-b121-4717950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:29:35.000Z",
|
|
"modified": "2018-04-17T14:29:35.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'DisplayName' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:29:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad604f8-dd50-4b52-9771-4024950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:30:16.000Z",
|
|
"modified": "2018-04-17T14:30:16.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'St' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:30:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6050d-ee58-4332-b5df-4b28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:30:37.000Z",
|
|
"modified": "2018-04-17T14:30:37.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'St' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:30:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60529-26b8-4106-a709-41da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:31:05.000Z",
|
|
"modified": "2018-04-17T14:31:05.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'Start' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:31:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad60569-4b3c-4e88-b761-42c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:32:09.000Z",
|
|
"modified": "2018-04-17T14:32:09.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'ErrorControl' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:32:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6058c-5b7c-4b6e-9ba7-4cdb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:32:44.000Z",
|
|
"modified": "2018-04-17T14:32:44.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'WOW64' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:32:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad605a9-8c94-486a-bf56-4b33950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:33:13.000Z",
|
|
"modified": "2018-04-17T14:33:13.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'Group' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:33:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad605c4-f4c4-4066-8c84-41a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-17T14:33:40.000Z",
|
|
"modified": "2018-04-17T14:33:40.000Z",
|
|
"description": "Win.Dropper.Mikey-6502276-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\CONTROLSET001\\\\SERVICES\\\\MAGSV' AND windows-registry-key:values[0].data = 'Type' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-17T14:33:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f828-d124-4a8a-b98c-486c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:48:20.000Z",
|
|
"modified": "2018-04-18T07:48:20.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:48:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f8ba-c420-4555-b293-4d40950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:50:18.000Z",
|
|
"modified": "2018-04-18T07:50:18.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Tracing\\\\FWCFG' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:50:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f91a-2de4-4254-9d2c-4a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:51:54.000Z",
|
|
"modified": "2018-04-18T07:51:54.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\qagent\\\\traceIdentifier' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:51:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f9bb-17b8-45f7-95c1-4b2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:54:35.000Z",
|
|
"modified": "2018-04-18T07:54:35.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\NAP\\\\Netsh' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:54:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f9e4-6c78-41af-a9b3-4281950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:55:16.000Z",
|
|
"modified": "2018-04-18T07:55:16.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Notify\\\\host2lc' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:55:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6f9fc-db4c-4b83-bf35-4316950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:55:40.000Z",
|
|
"modified": "2018-04-18T07:55:40.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\qagent' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:55:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad6fa19-558c-4a98-acec-4b42950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T07:56:09.000Z",
|
|
"modified": "2018-04-18T07:56:09.000Z",
|
|
"description": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Tracing\\\\Microsoft\\\\NAP\\\\Netsh\\\\Napmontr' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T07:56:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad7118c-1138-4b45-8e7d-459f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T09:36:12.000Z",
|
|
"modified": "2018-04-18T09:36:12.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\HANDSHAKE\\\\{E5EC135A-79D5-4595-A051-FFFB0E1F7FB4}' AND windows-registry-key:values[0].data = 'data' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T09:36:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad711dd-2f60-48cb-8064-47a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T09:37:33.000Z",
|
|
"modified": "2018-04-18T09:37:33.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\COMPATIBILITYADAPTER\\\\SIGNATURES' AND windows-registry-key:values[0].data = 'aybbmte.job.fp' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T09:37:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad7141a-7b48-45e6-b995-4900950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T09:47:06.000Z",
|
|
"modified": "2018-04-18T09:47:06.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\COMPATIBILITYADAPTER\\\\SIGNATURES' AND windows-registry-key:values[0].data = 'aybbmte.job' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T09:47:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad71704-9bf0-4378-bb92-4080950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T09:59:32.000Z",
|
|
"modified": "2018-04-18T09:59:32.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TREE\\\\AYBBMTE' AND windows-registry-key:values[0].data = 'Index' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T09:59:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad71723-79f0-4756-a2b4-476f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T10:00:03.000Z",
|
|
"modified": "2018-04-18T10:00:03.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TREE\\\\AYBBMTE' AND windows-registry-key:values[0].data = 'Id' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T10:00:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad71760-a4ac-4bbf-be00-4450950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T10:01:04.000Z",
|
|
"modified": "2018-04-18T10:01:04.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'DynamicInfo' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T10:01:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad7178f-2830-42b7-b039-4712950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T10:01:51.000Z",
|
|
"modified": "2018-04-18T10:01:51.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'Path' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCC']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T10:01:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad717a7-fb54-41c9-b567-47a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T10:02:15.000Z",
|
|
"modified": "2018-04-18T10:02:15.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'Hash' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T10:02:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad736e3-c084-4e9a-b288-7b76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:15:31.000Z",
|
|
"modified": "2018-04-18T12:15:31.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\TASKCACHE\\\\TASKS\\\\{DAC4F53E-3658-4522-B6D9-1FB306F3D9D1}' AND windows-registry-key:values[0].data = 'Triggers' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:15:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73722-7364-4e67-9abd-20c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:16:34.000Z",
|
|
"modified": "2018-04-18T12:16:34.000Z",
|
|
"description": "Win.Dropper.Shipup-6503419-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS NT\\\\CURRENTVERSION\\\\SCHEDULE\\\\HANDSHAKE\\\\{E5EC135A-79D5-4595-A051-FFFB0E1F7FB4}' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:16:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73ecf-f4a4-48dd-bc42-7ba2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:49:19.000Z",
|
|
"modified": "2018-04-18T12:49:19.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\SYSTEM\\\\ControlSet001\\\\Services\\\\xkqrdots' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:49:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad73ef5-ea08-492d-9124-219b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-18T12:49:57.000Z",
|
|
"modified": "2018-04-18T12:49:57.000Z",
|
|
"description": "Win.Packed.Tofsee-6504793-0",
|
|
"pattern": "[windows-registry-key:key = '\\\\Control Panel\\\\Buses' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKU']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-18T12:49:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3e803fec-57d0-4a64-bffa-8c406bfa4df8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:05.000Z",
|
|
"modified": "2018-04-20T09:08:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7de3b44801868f8da4e983f9818f1e0b' AND file:hashes.SHA1 = '48f0481cbf046c32f240376aaf5d5dd5d4d90e13' AND file:hashes.SHA256 = 'e981fd64b4c1f1d50cdf3f21d3cd07dfb04dec58c518bee8697a187069997498']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1d03fb64-13be-4f35-87e1-ad4700b35b8c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:03.000Z",
|
|
"modified": "2018-04-20T09:08:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-24T01:51:21",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adf3-f334-4561-9f0a-468a02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e981fd64b4c1f1d50cdf3f21d3cd07dfb04dec58c518bee8697a187069997498/analysis/1508809881/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adf3-74b0-471d-95d5-4a7b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adf4-3420-46f9-8c26-444102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1d4884a7-3654-4522-9024-5916811aa592",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:07.000Z",
|
|
"modified": "2018-04-20T09:08:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0e42f545f20a7066e80b1cb0ee73c00a' AND file:hashes.SHA1 = '880afff080d249f26514e4d26a8211d43f7ca1fe' AND file:hashes.SHA256 = '1ca88b2c00b625bf596b93abafae873a6aec5bf1afeee1e116dc402cae69f83a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b4b37264-5f7b-43ed-9857-782b9d942a9d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:05.000Z",
|
|
"modified": "2018-04-20T09:08:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T01:46:22",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adf5-1ee0-4033-a947-466402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1ca88b2c00b625bf596b93abafae873a6aec5bf1afeee1e116dc402cae69f83a/analysis/1508895982/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adf6-3c4c-48f6-a875-4a4e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adf6-7d1c-4aa2-9e17-47ea02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b5665818-45ad-4e55-872a-d64f9564f57c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:09.000Z",
|
|
"modified": "2018-04-20T09:08:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '053e2d245b3192f430ee06c33865f531' AND file:hashes.SHA1 = '120718cc4ca8df9dd7b11108e632bb7b0981f2ce' AND file:hashes.SHA256 = '174286f1a0bd66552237da989be39ef821b11fc6acccef5eabc00448991d1876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e2c5a4be-2cfe-4eed-8a62-52f5a8918745",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:07.000Z",
|
|
"modified": "2018-04-20T09:08:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-31T09:17:46",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9adf8-b854-462a-bb6a-464f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/174286f1a0bd66552237da989be39ef821b11fc6acccef5eabc00448991d1876/analysis/1509441466/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9adf8-5e7c-4bc2-b802-4a5602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9adf8-7490-4581-9e8d-472d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ce15aa39-ec50-4981-8929-3019908b5ceb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:11.000Z",
|
|
"modified": "2018-04-20T09:08:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ee9803dab96dba5f4acc1323d9dfc2c3' AND file:hashes.SHA1 = 'b4d3075cf211fca5556a5ceb4e59672052860a43' AND file:hashes.SHA256 = '85d0021f75a2d312a27bc1c17702d09520006aff590d439a90d8045d2325a04e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--00da20c8-dd00-4c56-bfb0-46add8af6839",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:10.000Z",
|
|
"modified": "2018-04-20T09:08:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-25T00:10:35",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adfa-126c-4d15-9e77-469902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/85d0021f75a2d312a27bc1c17702d09520006aff590d439a90d8045d2325a04e/analysis/1514160635/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adfa-5e68-4ff7-859b-4eb902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "56/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adfb-4c28-42b5-b992-4cd002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1c88e6ef-671c-48e1-a0d0-9932be1a8cc5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:14.000Z",
|
|
"modified": "2018-04-20T09:08:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '01cb31d2516e8a3e4d4340dd698809ad' AND file:hashes.SHA1 = 'db2c7e74092e6a4499fb8bfe53985850f2121c0b' AND file:hashes.SHA256 = '41bf7b4e4d7a87395cc8867e026ed9d586830420a70325a672d07ea9c1a351e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--452c6b20-11a0-41ca-bc89-a8e7de5f2779",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:12.000Z",
|
|
"modified": "2018-04-20T09:08:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T22:32:22",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9adfc-fe08-4477-a286-40e902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/41bf7b4e4d7a87395cc8867e026ed9d586830420a70325a672d07ea9c1a351e0/analysis/1518993142/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9adfc-7b98-45ee-b7b7-472502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9adfd-1cbc-4301-a0fd-47c502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f128ac41-042d-495c-939c-11d3d83d1b19",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:16.000Z",
|
|
"modified": "2018-04-20T09:08:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8d0fb621ee78ad8e35aa4965cbf4e475' AND file:hashes.SHA1 = '9b3389de25b4f5248760ad9c520d4e52db0c0b9e' AND file:hashes.SHA256 = 'ba0a2f6e001bc9c02ee8c5fbcd6cceaa74ced5ec058dfda71623146f06ff2490']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--05cc5c9e-5cf4-406f-8a8e-c7653cb7dcb5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:14.000Z",
|
|
"modified": "2018-04-20T09:08:14.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-26T13:23:04",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adfe-8ad8-4d9d-81ec-45fc02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ba0a2f6e001bc9c02ee8c5fbcd6cceaa74ced5ec058dfda71623146f06ff2490/analysis/1509024184/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adff-a1d4-453c-a066-492d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9adff-7ff8-49cf-86bb-46b702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e0f188cf-3ab6-4014-9327-4c09757acf99",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:18.000Z",
|
|
"modified": "2018-04-20T09:08:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0a2f5b366536bf0d7c2d9bcf04ba0281' AND file:hashes.SHA1 = 'e7ca93029ce7c3e83cfbf2f5ee97e0e813092c29' AND file:hashes.SHA256 = '4696ddd4a7ed96a86a09413f14657c7e01053213f6f1f6008a3a3bbe4fe45229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--08068585-edc1-40fa-a64d-5080ad1e0311",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:16.000Z",
|
|
"modified": "2018-04-20T09:08:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-22T01:57:24",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae00-f274-4da3-868e-47c502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4696ddd4a7ed96a86a09413f14657c7e01053213f6f1f6008a3a3bbe4fe45229/analysis/1519264644/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae01-956c-403d-b41c-471802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae01-c770-49a8-ae00-4f8602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--efdd79ca-bfbd-425d-816a-1de5a615d4f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:20.000Z",
|
|
"modified": "2018-04-20T09:08:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '969552b1ace8c8b73aa1e65a7b5cdaed' AND file:hashes.SHA1 = '592b6d0d075e3f724cca9115a0f678984206e6a9' AND file:hashes.SHA256 = '877d9c4195c38a9dc55c472f7c72ec3d6ad0d95a544458a2050edf22df3aac5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ee5376c5-6962-420f-aec1-e6ac03cf5ab3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:19.000Z",
|
|
"modified": "2018-04-20T09:08:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T07:51:34",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae03-c13c-4e90-ae0e-498f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/877d9c4195c38a9dc55c472f7c72ec3d6ad0d95a544458a2050edf22df3aac5c/analysis/1512892294/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae03-456c-49b4-9af0-4ba002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae03-1e80-4f54-9937-493d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--513cd9b4-6715-4444-81de-c6d9f0a86318",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:22.000Z",
|
|
"modified": "2018-04-20T09:08:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '049be07740c4928fec7cee21a07cc414' AND file:hashes.SHA1 = 'bd1c84b7fa1baefcede8e4be89b7cc73001ca3f2' AND file:hashes.SHA256 = '6b6eb4cc4aa8e3d71a97a8657ffcd27d2bd12466faf3b1f7fcbcd274a4b9561c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f7d51df1-5efb-42cb-891d-24f914eb835f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:21.000Z",
|
|
"modified": "2018-04-20T09:08:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T17:36:46",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae05-5334-407f-90e6-4f7b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6b6eb4cc4aa8e3d71a97a8657ffcd27d2bd12466faf3b1f7fcbcd274a4b9561c/analysis/1511199406/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae05-f330-47b6-a1a5-46de02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "59/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae06-2b38-409c-9b60-4f4802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8009eae4-08fe-4674-8c61-3d790fdeb86a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:25.000Z",
|
|
"modified": "2018-04-20T09:08:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aa971830a71ac5ed72a41008e817d68e' AND file:hashes.SHA1 = '545674151c18be26a234873cabd26836a0304aab' AND file:hashes.SHA256 = 'a854a9702c14be3508d35873e80577ee9b1296c993ee2a4269c283884775564e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--13ef15ad-c73c-4ae3-b7bb-4827d33f81f3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:23.000Z",
|
|
"modified": "2018-04-20T09:08:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-24T06:39:27",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae07-ab30-4947-8ef5-4a0d02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a854a9702c14be3508d35873e80577ee9b1296c993ee2a4269c283884775564e/analysis/1514097567/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae08-3c50-4be5-899c-44d802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae08-5524-4061-b587-44c002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f1f3104e-c6b4-4111-a006-5c69509c7f75",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:27.000Z",
|
|
"modified": "2018-04-20T09:08:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c106bebb5cc2b4e9787c6f81159ae21b' AND file:hashes.SHA1 = 'dba4bbb120f9ef22c58d4570c86a89514ebfbc8a' AND file:hashes.SHA256 = '683339b58c7cbc066f84c625efa0248eb89bfcd24de916f5fe600c33867084e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b7e219d4-82e9-40f3-9812-d833f1c4bf60",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:25.000Z",
|
|
"modified": "2018-04-20T09:08:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T13:16:52",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae09-a990-4e1c-9324-44a602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/683339b58c7cbc066f84c625efa0248eb89bfcd24de916f5fe600c33867084e7/analysis/1512911812/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae0a-eec0-4d8b-bb6e-498b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae0a-e9b4-4877-8b86-43a002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--73ac235c-e3db-4617-a968-47e2ea6f6b8b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:29.000Z",
|
|
"modified": "2018-04-20T09:08:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd5d05a6827c5dfff19ae5726295afef7' AND file:hashes.SHA1 = '0763ddfca3fedcbadbf91f2946d6701e7425e7de' AND file:hashes.SHA256 = '1d7a1a4181706379a7f80ed926c47cb0ebc7beb953739c9b41cec20093c63914']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--279cd6bd-aa55-47a5-af76-2826253108bc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:27.000Z",
|
|
"modified": "2018-04-20T09:08:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-12T07:16:27",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae0c-5634-4b92-a9d0-426b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1d7a1a4181706379a7f80ed926c47cb0ebc7beb953739c9b41cec20093c63914/analysis/1520838987/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae0c-4534-4495-95c4-49c302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae0c-55fc-4eee-8e29-4a5b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e2119423-0173-4009-b875-e913f911653d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:31.000Z",
|
|
"modified": "2018-04-20T09:08:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f361c249ee3d8f4e5aa365e7dc8eb1cb' AND file:hashes.SHA1 = '6f6eaee7ae811898f9e9bb30715ae3d8303c7687' AND file:hashes.SHA256 = 'b1d0bfdd95f168cea0df0e138ee627cb7feb0a26ac7a736baa031547bb6fb08d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--47f144bd-561a-4e14-b508-d7313f28add9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:30.000Z",
|
|
"modified": "2018-04-20T09:08:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-12T07:33:00",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae0e-e674-40c7-940e-431902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b1d0bfdd95f168cea0df0e138ee627cb7feb0a26ac7a736baa031547bb6fb08d/analysis/1520839980/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae0e-f470-4517-ae95-43f102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/65",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae0e-194c-447d-a78f-4fac02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--526cfc6f-1c12-422e-89ba-f6de05aab48f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:33.000Z",
|
|
"modified": "2018-04-20T09:08:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6ed420bce873b34153f076776fe6b91d' AND file:hashes.SHA1 = '43d1813f848e5d1fa639a8b09c964e33e95d8dee' AND file:hashes.SHA256 = 'f68b0c32da95c0fb06c4cefb992e1a0039afed32f6cfcef083db39a0702a06c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--42544fa3-e8aa-4f6b-8869-2b12571c968f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:32.000Z",
|
|
"modified": "2018-04-20T09:08:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-26T12:15:21",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae10-23d8-4329-899e-4f4b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f68b0c32da95c0fb06c4cefb992e1a0039afed32f6cfcef083db39a0702a06c7/analysis/1509020121/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae10-aecc-4bf8-a63b-46ee02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae11-aa7c-442e-ac2f-4aa102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--68952c57-5f30-4f16-b04a-6cadc596e4c6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:36.000Z",
|
|
"modified": "2018-04-20T09:08:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd939dc2d8297c32805f7182f13c56891' AND file:hashes.SHA1 = '1c2c3f3d4efe36ab51263a502a4670c444041121' AND file:hashes.SHA256 = '1a1144444adb05aee9ef8adfb3c892a97d32b870d1ee300975a5f3597f2ed638']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0745ebfe-aea5-421a-8e0f-0c298339d924",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:34.000Z",
|
|
"modified": "2018-04-20T09:08:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-28T17:04:59",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae12-a7ec-4bed-9096-417e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1a1144444adb05aee9ef8adfb3c892a97d32b870d1ee300975a5f3597f2ed638/analysis/1509210299/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae12-9bc8-498f-82da-457802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae13-6edc-43e2-8ca0-4bd502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7d22be2e-b385-4542-bafd-8cda3281f8af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:38.000Z",
|
|
"modified": "2018-04-20T09:08:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0236820e0e54b9db96afebbee3719673' AND file:hashes.SHA1 = 'ab279e125a2aa2cd86934da9f27d36184a01813f' AND file:hashes.SHA256 = 'f1dbfaf0378434cd1758feaabe050171df1c234ddc6215df494c6592a9e92547']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6c18a448-9381-44bb-b7ba-97b81413fc84",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:36.000Z",
|
|
"modified": "2018-04-20T09:08:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T10:09:16",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae14-fa3c-46a3-8735-48c702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f1dbfaf0378434cd1758feaabe050171df1c234ddc6215df494c6592a9e92547/analysis/1518948556/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae15-dd90-4fb2-aa92-45a402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "9/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae15-a610-474e-a15f-483102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b0b5debd-236b-418d-8531-a3bca58059e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:40.000Z",
|
|
"modified": "2018-04-20T09:08:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '13d7c9aacc6ff7e6da96c31a8a48d70d' AND file:hashes.SHA1 = 'edcf28f99ac96b162385a63b4a323b8167ad6808' AND file:hashes.SHA256 = '7bc897c2c55ff708cbccff1461d2406aaef7953686817bd2d6a39ad58af393f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4d5cd1b8-e117-411c-afae-a3d69e619e90",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:38.000Z",
|
|
"modified": "2018-04-20T09:08:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T12:07:53",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae17-a4f4-45e1-adc5-458a02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7bc897c2c55ff708cbccff1461d2406aaef7953686817bd2d6a39ad58af393f9/analysis/1512907673/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae17-5350-4dd2-94b9-432602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae17-5154-46c5-8a3c-425902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aa497e72-a431-479b-8077-5ac653a7ef21",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:42.000Z",
|
|
"modified": "2018-04-20T09:08:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ca8f7fc1d0e14356266b2a0297bbefa' AND file:hashes.SHA1 = '7079a3f9b57f039d8ab418ea51867e87fc5faf46' AND file:hashes.SHA256 = '33ab8e652c16836caf3b22518485757f417fab73a92e916f0c6aaf27b57f3be4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--451113c2-f016-43ed-a80e-dd42f3b61bf3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:41.000Z",
|
|
"modified": "2018-04-20T09:08:41.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-16T16:17:53",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae19-2738-4b6c-aa71-4c1402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/33ab8e652c16836caf3b22518485757f417fab73a92e916f0c6aaf27b57f3be4/analysis/1521217073/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae19-64ec-4e85-bd29-45e002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1a-1c80-4eef-8068-415102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a1283755-9512-4fb4-952b-2f4d65e1281e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:45.000Z",
|
|
"modified": "2018-04-20T09:08:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = '13cbd91b4636b937355217faefe28355' AND file:hashes.SHA1 = 'b7e552c45906412cfb5aeac079fe8d3aadfe178d' AND file:hashes.SHA256 = 'db5b0bb4d05292e6649fa84f076195d7a0cfb15516ce386f214dc2dd96a5e467']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--24d66f9a-7b0a-4668-8c5c-6ca6050b9148",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:43.000Z",
|
|
"modified": "2018-04-20T09:08:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-15T05:29:05",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1b-3b48-446c-9630-411502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/db5b0bb4d05292e6649fa84f076195d7a0cfb15516ce386f214dc2dd96a5e467/analysis/1518672545/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1b-c150-46d8-8c3c-439d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1c-6208-47d0-ae52-48d602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9942e1a6-6aff-4d41-9c65-ac96ad725488",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:47.000Z",
|
|
"modified": "2018-04-20T09:08:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ccd6b858459e00abf2a59da56ba85bc6' AND file:hashes.SHA1 = '16b6585515546689f69111d049bf01b357c2145a' AND file:hashes.SHA256 = '0a6cabedfabfbab3fba2057d30b1faab2f1b2d2d47a6227aa3b677af45f92da2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ea2d92b0-2297-4284-9a47-20f003e7649f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:45.000Z",
|
|
"modified": "2018-04-20T09:08:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T07:37:35",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1d-4ad4-4163-99a0-43ab02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0a6cabedfabfbab3fba2057d30b1faab2f1b2d2d47a6227aa3b677af45f92da2/analysis/1512891455/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1e-6f3c-484b-be5a-486502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae1e-0378-4b36-b421-466f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ef41bd1f-8663-4df6-a8f0-a32f05ee2929",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:49.000Z",
|
|
"modified": "2018-04-20T09:08:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '01721c6ccbbb56f63476aa17a3cb7dba' AND file:hashes.SHA1 = 'e537d1bc24836778059e89a891232feef7529fc0' AND file:hashes.SHA256 = '6c8ca3ba14ee685739ea32a3ddc613d4544c69194a97c55365c570c053609938']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c7efea86-38e8-48f9-bbf4-7ed8e0cccd7d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:47.000Z",
|
|
"modified": "2018-04-20T09:08:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T22:26:07",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae1f-cd24-49ed-87b1-44a402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6c8ca3ba14ee685739ea32a3ddc613d4544c69194a97c55365c570c053609938/analysis/1518992767/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae20-afb0-4b11-8083-4c9902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae20-1328-49ca-8f7a-42c702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--40076ee5-8c95-4b32-830d-016ea2cebaf2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:51.000Z",
|
|
"modified": "2018-04-20T09:08:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02d70e303afff2a186d4459bf384ddc7' AND file:hashes.SHA1 = 'b71a6988660ac18b1ad6fe0667f958727eaed6ec' AND file:hashes.SHA256 = 'e586da2bd9fd73223281176033b97e6e4e137249f9aff8430004099b31508e12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1b50d528-62f5-4f78-9df4-40a2e5a095bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:49.000Z",
|
|
"modified": "2018-04-20T09:08:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T16:34:15",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae22-c1b0-48a7-bec9-4a3602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e586da2bd9fd73223281176033b97e6e4e137249f9aff8430004099b31508e12/analysis/1518971655/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae22-d2dc-4c72-97e4-429a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae22-13b4-492b-a28a-4f3e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c4ce6a07-a96e-491d-912d-93b9c2853c3b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:53.000Z",
|
|
"modified": "2018-04-20T09:08:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '989c3e07b6440efd432220e312e8df1d' AND file:hashes.SHA1 = '5714754b2d8dd7976d78a76fe846888857510cb4' AND file:hashes.SHA256 = '4605f6041d93c6390c1ed856336c01a6cf3982bea1987c6de846752ca7006882']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--35102d8f-3918-45f0-b06f-e56249794342",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:52.000Z",
|
|
"modified": "2018-04-20T09:08:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-01T05:29:50",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae24-a9d0-4089-9a0e-4d1b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4605f6041d93c6390c1ed856336c01a6cf3982bea1987c6de846752ca7006882/analysis/1512106190/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae24-c3b0-49cc-8270-4afb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "15/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae25-5fd4-44b7-8a91-4e7102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f93d9038-ecd3-4445-86e9-3887a797a5b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:56.000Z",
|
|
"modified": "2018-04-20T09:08:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd4ecd35ba98595ce86442c472ef2113d' AND file:hashes.SHA1 = '78dc8028af915547543310b96a79e69b861da70a' AND file:hashes.SHA256 = '9af34cdb7f0b01c044fdeb64f0b733d78e8b9be854c4beeee679f8ee083530b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c3c3c27-41c9-4498-be03-8b7e20ef7a01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:54.000Z",
|
|
"modified": "2018-04-20T09:08:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-12T07:32:52",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae26-34a0-4acc-ac8b-4da302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9af34cdb7f0b01c044fdeb64f0b733d78e8b9be854c4beeee679f8ee083530b1/analysis/1520839972/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae26-a024-49db-bf24-4c6d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "58/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae27-524c-48ac-9c62-4bc102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4a801296-d29c-4f5f-8b79-cb38789995ae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:58.000Z",
|
|
"modified": "2018-04-20T09:08:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00613dd1637c16fe5abc5a7d3e838626' AND file:hashes.SHA1 = 'bec0a96f3877b587656be58aef2da475032343ec' AND file:hashes.SHA256 = 'b622971e681f9e2fa5f84bfcb9e7144b6198d3fb554de8d4488117ca1e3f51c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:08:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b23c1243-8546-43e6-b6ac-bdc9a52e5bd4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:56.000Z",
|
|
"modified": "2018-04-20T09:08:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-19T10:40:33",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae28-76e0-4b5d-ae74-4b7602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b622971e681f9e2fa5f84bfcb9e7144b6198d3fb554de8d4488117ca1e3f51c8/analysis/1519036833/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae28-8394-4662-bb83-4e5402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae29-1478-464c-962e-422902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c9b13b31-1a5d-4a7e-a46f-d8dea222c73f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:00.000Z",
|
|
"modified": "2018-04-20T09:09:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = '36661ea762fcfb7bfee99a90696c5caa' AND file:hashes.SHA1 = '16ec8afa964a524f40e4dcfd285415c299a3315d' AND file:hashes.SHA256 = '4632c1023c0baaa1e227defd4923098c4f3c49317964ff1cb088b40b9df7a605']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--edd1a003-7c62-43a9-a8a4-f00159990874",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:08:58.000Z",
|
|
"modified": "2018-04-20T09:08:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-01T02:32:20",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae2a-e654-4195-987e-440f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4632c1023c0baaa1e227defd4923098c4f3c49317964ff1cb088b40b9df7a605/analysis/1509503540/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae2b-c284-4c8e-8e2b-452802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae2b-9ff0-4b9e-8f92-4edd02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9766aaf4-2b4d-42a8-b271-07a8430ff750",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:02.000Z",
|
|
"modified": "2018-04-20T09:09:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '32e4fc7790f9c8a19967fad355bd6a3a' AND file:hashes.SHA1 = '99543608d4ae2ffb43b3742f671a5574121a8189' AND file:hashes.SHA256 = '84c269a1661a987058f51dea4644ec2703b28170324fbeab6920e40ad1a05a54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9f9e8c03-a143-42d7-b717-70ed7682d916",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:00.000Z",
|
|
"modified": "2018-04-20T09:09:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-08T13:10:41",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae2c-4b28-46f2-bd85-45f002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/84c269a1661a987058f51dea4644ec2703b28170324fbeab6920e40ad1a05a54/analysis/1512738641/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae2d-181c-4011-8045-414e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae2d-4b14-4932-9aa4-4d7202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--de30466c-306a-4ff8-a134-3016bd00c2da",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:04.000Z",
|
|
"modified": "2018-04-20T09:09:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '015fd37556083555fe11ad6dd0a144e0' AND file:hashes.SHA1 = '57fb04b626594b1ef374073a4c4f85dfd4dd4543' AND file:hashes.SHA256 = '79a50327843a8ccf58147971d1c86945f9a40cd0d4ee35084b8af26c9f5ab210']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d77bdd19-aec1-4b36-b72e-1d67bb46e2ee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:02.000Z",
|
|
"modified": "2018-04-20T09:09:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-21T01:16:39",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae2f-3948-448d-a6b1-4dc902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/79a50327843a8ccf58147971d1c86945f9a40cd0d4ee35084b8af26c9f5ab210/analysis/1513818999/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae2f-4b8c-4788-b869-4da302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "60/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae2f-562c-455b-822d-40d002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--be24abb2-78bb-4d0a-9dff-b8d9d47ac518",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:06.000Z",
|
|
"modified": "2018-04-20T09:09:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '91bea40c811de97826177159d8bbdde1' AND file:hashes.SHA1 = '307eced0088f03a1c535a050f794e49e3cb6e248' AND file:hashes.SHA256 = 'ff5d541f260063a88b04a892cacfb3bcb13b8dd83c5f29ed5000737dbd6662c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7988c9d7-a714-433c-a302-4a38a99896d7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:05.000Z",
|
|
"modified": "2018-04-20T09:09:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-03T06:07:20",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae31-a5f4-49fa-b6ea-4a9002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ff5d541f260063a88b04a892cacfb3bcb13b8dd83c5f29ed5000737dbd6662c4/analysis/1509689240/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae31-353c-4587-b6d7-4b0102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae31-c894-448e-a5a1-409b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ff8766ca-b4b6-4c3d-a8db-7c64fa5d5166",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:08.000Z",
|
|
"modified": "2018-04-20T09:09:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = '665a7013308c25b7b08173d58218e34c' AND file:hashes.SHA1 = '37998b9399096642ec6f961f9354f9dea4a067de' AND file:hashes.SHA256 = 'afcdd2fda5b3c9e78a977df31be307ea7323b746e07e35e4d3c39a3a3f4b4b79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--82da5b6c-dc6e-4612-be44-ee4bbd7a65e8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:07.000Z",
|
|
"modified": "2018-04-20T09:09:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-13T06:17:05",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae33-fd64-4d58-b52b-43af02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/afcdd2fda5b3c9e78a977df31be307ea7323b746e07e35e4d3c39a3a3f4b4b79/analysis/1513145825/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae33-d254-4069-8602-472202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae34-5250-4d4e-bb7c-4dd302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c33e937c-3313-4bd8-9d42-8a213ad27271",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:11.000Z",
|
|
"modified": "2018-04-20T09:09:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0f102fc1cc92f69ee36e08fcdd3e1968' AND file:hashes.SHA1 = 'a0d18993251ae90c83bf97008cf08d35188a6714' AND file:hashes.SHA256 = '0863bf4a5476b5de02a15c3bdec1604c7d8ab7c8ca1c0546edf2f16a756e0d8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a9affe73-79d3-46e1-9175-550e62f9d545",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:09.000Z",
|
|
"modified": "2018-04-20T09:09:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-19T06:10:40",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae35-3bb0-4f2c-9dbf-462d02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0863bf4a5476b5de02a15c3bdec1604c7d8ab7c8ca1c0546edf2f16a756e0d8f/analysis/1519020640/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae35-dee8-41d8-9da0-400a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "8/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae36-dcfc-45e2-bc0a-4c5402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e70ded6-3a06-4520-86d4-77316815da01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:13.000Z",
|
|
"modified": "2018-04-20T09:09:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f4c9124b5e37043d05d2d30f63a86c82' AND file:hashes.SHA1 = '2348d1cf008df2d9a6a438cbfb576751bca00ab2' AND file:hashes.SHA256 = '05be7b2de818dcb358a4f24d6050ae2b91d728c80a8af279894b5e701b060926']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a6d5940d-d687-4031-89c7-d527a7cb1083",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:11.000Z",
|
|
"modified": "2018-04-20T09:09:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-03T10:13:57",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae37-a758-4f42-a1b5-4ac502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/05be7b2de818dcb358a4f24d6050ae2b91d728c80a8af279894b5e701b060926/analysis/1512296037/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae38-70a0-4c3d-9205-4aa902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae38-5868-462c-83ce-4cfc02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--31abe87c-b601-4581-ba6c-55e716214d8e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:15.000Z",
|
|
"modified": "2018-04-20T09:09:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06475fb6c697ecbe07baad0014d507f5' AND file:hashes.SHA1 = '92ead94fed5ef97166bf31b318400dc83f7c5b69' AND file:hashes.SHA256 = '404746279f7d963489d1d7d2d9be4bd1b1dd82e81e21f6ebf09091ee7b059988']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d6f9fda9-bb3e-4a6d-951a-ef2b7b91810b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:13.000Z",
|
|
"modified": "2018-04-20T09:09:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T20:48:11",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae39-6620-4763-88fc-416b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/404746279f7d963489d1d7d2d9be4bd1b1dd82e81e21f6ebf09091ee7b059988/analysis/1518986891/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae3a-2eb0-414c-8a80-4d8702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "16/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae3a-4b58-45f3-aaf4-487f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ea39a79f-3211-4917-8ba8-11798108d030",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:17.000Z",
|
|
"modified": "2018-04-20T09:09:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '05d7f6cb4e4711de53515e9587442dee' AND file:hashes.SHA1 = '662ac4eebb5060027016d9875594832741d0e687' AND file:hashes.SHA256 = '739f27ac00dc449895f589ff28e86d78ea17ca298ffc0b40021136d7c77ed679']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--36ca324b-a75e-40dc-a318-a368d201799b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:15.000Z",
|
|
"modified": "2018-04-20T09:09:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-20T20:11:38",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae3c-d11c-4ab2-891e-461102de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/739f27ac00dc449895f589ff28e86d78ea17ca298ffc0b40021136d7c77ed679/analysis/1519157498/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae3c-6900-4f73-a658-413902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae3c-0fd0-42c7-9d0a-41e902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ba5fa1e3-8824-42b7-8158-8885efa936dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:19.000Z",
|
|
"modified": "2018-04-20T09:09:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ef158b4573016629ad7e98ac8745bf6' AND file:hashes.SHA1 = '8084b94e5dfab7e19e9f55c20f66db700af70949' AND file:hashes.SHA256 = 'b4abd9556f093b7d80bdc755d502917310a807d5ee9d9f9bac19bb0c8d596dbc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4b6521e7-b216-4bb7-8b2e-d03294f7a176",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:18.000Z",
|
|
"modified": "2018-04-20T09:09:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-15T17:54:15",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae3e-63d0-4db0-b37d-445902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b4abd9556f093b7d80bdc755d502917310a807d5ee9d9f9bac19bb0c8d596dbc/analysis/1521136455/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae3e-5d90-463c-84d7-4e6f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae3f-8b5c-4898-bf08-4c7902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--049ddb48-7266-48ef-946e-c19acf93d44b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:22.000Z",
|
|
"modified": "2018-04-20T09:09:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '86e461c77c398bf314605556bb03cd9d' AND file:hashes.SHA1 = 'd29cbf86f56d0cddab991028f941f05d49a2b1e3' AND file:hashes.SHA256 = '3431065d2208123137714d2d432427d33cff576d202e1fc7ea2990b21847cce1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--44a5a106-6496-434f-837c-f4b710cbcfac",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:20.000Z",
|
|
"modified": "2018-04-20T09:09:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-29T04:35:23",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae40-9f4c-457a-a137-416c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3431065d2208123137714d2d432427d33cff576d202e1fc7ea2990b21847cce1/analysis/1511930123/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae40-d0e0-400c-906f-45ca02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae41-0e90-4b0b-bbe6-47dd02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--797ea4f5-30c7-40ac-baf6-28db7149f503",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:24.000Z",
|
|
"modified": "2018-04-20T09:09:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd29bf2c7365d0f4a381d34b088ba2796' AND file:hashes.SHA1 = 'e30e34e3a914de109585cd0421b5dec2ff7490aa' AND file:hashes.SHA256 = 'a10aefc70a3d3512cf54f74e39b3ee5cc5403c003179c57aeea7fb3895ed8ace']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1086f8ba-2d76-4d9b-b26a-5e18c595f194",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:22.000Z",
|
|
"modified": "2018-04-20T09:09:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-01T05:25:35",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae42-e82c-411c-98bd-4a3302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a10aefc70a3d3512cf54f74e39b3ee5cc5403c003179c57aeea7fb3895ed8ace/analysis/1512105935/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae43-aa5c-4cb2-948d-491202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae43-6948-438d-885e-4f4302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0ed8ca28-2829-4ca6-ba71-03b2a41bf521",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:26.000Z",
|
|
"modified": "2018-04-20T09:09:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00169225291abe1864627a2da79125a9' AND file:hashes.SHA1 = '7a589eb3487062f60ac1f98a309aed5227be1221' AND file:hashes.SHA256 = '0fee9d67ef1967d2bee1f67b1dc5ae24dff5d6dba17b9247e33b87f5bf6e6856']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d249aa60-eb0b-4861-a6b4-87b813998e73",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:24.000Z",
|
|
"modified": "2018-04-20T09:09:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-19T13:02:52",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae44-f018-47f9-9860-476102de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0fee9d67ef1967d2bee1f67b1dc5ae24dff5d6dba17b9247e33b87f5bf6e6856/analysis/1519045372/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae45-3300-49d4-ba64-4c0602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "10/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae45-4fe4-44d0-b467-4fd102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a91eac4f-7259-4a12-8838-2b0f051d6696",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:28.000Z",
|
|
"modified": "2018-04-20T09:09:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0a72951f5e1ed79de9f470ba42cdd606' AND file:hashes.SHA1 = '2be592e359a630f45b5a59b5953c1cbe9c7b3308' AND file:hashes.SHA256 = '7b24f0523af239668ee8946c433c53d0c233b0290bbaca405885d39dff86fa1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6088b568-f7ad-4a41-a8d8-d4522a466ac9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:26.000Z",
|
|
"modified": "2018-04-20T09:09:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-24T01:43:52",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae46-94e8-4d6d-a553-465402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7b24f0523af239668ee8946c433c53d0c233b0290bbaca405885d39dff86fa1f/analysis/1508809432/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae47-8418-427f-a911-442b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae47-61b8-48af-9fa8-4bbb02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e6ea2fd2-8462-4e6f-9a19-cce766827d36",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:30.000Z",
|
|
"modified": "2018-04-20T09:09:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9de2f18b09633a5aa822df9df7cd52d2' AND file:hashes.SHA1 = '4c244838fd8588e6cc4b5107067e0025a01d536f' AND file:hashes.SHA256 = '24281907f8904bf6b9af4116f52ae2ba8b4b97ce586cd3b2b2777a8f3c76c8cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--16acc5bd-90ec-431b-bbca-953b2b06ece8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:29.000Z",
|
|
"modified": "2018-04-20T09:09:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-29T02:54:27",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae49-5570-40b2-887c-493f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/24281907f8904bf6b9af4116f52ae2ba8b4b97ce586cd3b2b2777a8f3c76c8cc/analysis/1511924067/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae49-7b60-4451-b72f-4d3002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae4a-0884-465b-a4a8-414e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ecdf5094-5fc6-44c6-8c47-412f3bb5b255",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:33.000Z",
|
|
"modified": "2018-04-20T09:09:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fc1710d508e09f6744118738f7c90f63' AND file:hashes.SHA1 = 'c52e3af53b67c35337e5ef884b0ecfcd3b27ec20' AND file:hashes.SHA256 = 'e1e31a797b01f5f4ec694fb03d894e5ab331f41f3bc8c34bb407d390554bfe3a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--98a86f21-1cc1-4708-9b3e-74e14dfe7f48",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:31.000Z",
|
|
"modified": "2018-04-20T09:09:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T15:10:25",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae4b-6fd0-48a8-9742-40e602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e1e31a797b01f5f4ec694fb03d894e5ab331f41f3bc8c34bb407d390554bfe3a/analysis/1512918625/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae4b-ea74-4327-be7f-43b002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae4c-2fc0-4c85-8407-455f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--77cfb676-5e8d-4566-84e1-4e6817db2990",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:35.000Z",
|
|
"modified": "2018-04-20T09:09:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4f08735aa600f1c9ac4ce5af469e994e' AND file:hashes.SHA1 = '70de718c364af5831fc7227d394df71424786f7f' AND file:hashes.SHA256 = 'df58773cc519e82a8beebeca8035018168cb3cb26aa491aae89c8d68cec835a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f604786f-c9dd-4c19-ab31-aa89044f4a1b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:33.000Z",
|
|
"modified": "2018-04-20T09:09:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T01:50:14",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae4d-b868-4c41-89da-420b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/df58773cc519e82a8beebeca8035018168cb3cb26aa491aae89c8d68cec835a7/analysis/1508896214/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae4e-251c-4c14-82d0-45fe02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae4e-6888-49db-b19c-49bb02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--96745ec9-e044-4f68-a3cb-383e0fa9f872",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:37.000Z",
|
|
"modified": "2018-04-20T09:09:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0228d240888782fa29a9d1902986eeaa' AND file:hashes.SHA1 = '491ed32451e271c68726c60d47dd0e6d4e87da77' AND file:hashes.SHA256 = 'e616d1e7e2b6e1d4f1ac2fea3e2041b842d27f5de05ff941b5661997cfe8a856']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b55b4b48-6ba3-44f3-b8da-903bfd98ea29",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:36.000Z",
|
|
"modified": "2018-04-20T09:09:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T10:56:14",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae50-5950-45e6-941c-4ce502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e616d1e7e2b6e1d4f1ac2fea3e2041b842d27f5de05ff941b5661997cfe8a856/analysis/1518951374/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae50-bd24-47dc-bc67-4bfb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "8/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae50-fbf8-4ced-94fb-46bc02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3f85b4db-24d4-40a8-a7d8-71d30219b53e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:39.000Z",
|
|
"modified": "2018-04-20T09:09:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a6c4aa20f4ec39be5ac38f409e10162' AND file:hashes.SHA1 = '92de724b963b3c1114a48040305bd1a60461d59b' AND file:hashes.SHA256 = '6bd49db136718b3cef01348bc839e206d566a1e1c32e0537be61dfa2ee87de6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c55b37c5-82e6-4fc8-a929-4118f95504af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:38.000Z",
|
|
"modified": "2018-04-20T09:09:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-08T13:07:14",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae52-1614-44e3-9bde-4f9702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6bd49db136718b3cef01348bc839e206d566a1e1c32e0537be61dfa2ee87de6b/analysis/1512738434/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae52-70cc-4f5f-a3b5-4f5002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae53-744c-4f96-8fb7-4b0302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1852f268-9a82-42b0-8a9e-d7e52d16abbd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:42.000Z",
|
|
"modified": "2018-04-20T09:09:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '82233a133847696c7ddbdf5a1241be17' AND file:hashes.SHA1 = 'c13f5e7a55857f2297d3282d672fe1e10304d49d' AND file:hashes.SHA256 = '9b4536855237fe80447950bf86d1177489dbc1b231122e4a5d2157ba93c1b504']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f6ec3f23-3273-49b5-8dea-910fbcf248b5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:40.000Z",
|
|
"modified": "2018-04-20T09:09:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-20T01:25:42",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae54-2894-4246-a7ae-4a5002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9b4536855237fe80447950bf86d1177489dbc1b231122e4a5d2157ba93c1b504/analysis/1513733142/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae54-138c-49f6-9e5c-43d102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae55-e7b0-43dd-90d1-4e9702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--37bf3b5d-cb41-409f-94e9-f50be725a4af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:44.000Z",
|
|
"modified": "2018-04-20T09:09:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4472d7dcfc811e1b0da7d62fa3ce486b' AND file:hashes.SHA1 = 'ae79399cc079dbb20d6ab3b50b30236e9d015038' AND file:hashes.SHA256 = '86746d7dfa923b5b1e0e5a0d27f19eb40979dcf342f2fba01ccbb09175b9363c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f354861e-6452-4a92-a456-69b235657f4d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:42.000Z",
|
|
"modified": "2018-04-20T09:09:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-02T02:55:35",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae56-1598-49ed-94df-444002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/86746d7dfa923b5b1e0e5a0d27f19eb40979dcf342f2fba01ccbb09175b9363c/analysis/1509591335/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae56-a994-48c2-926c-49ae02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae57-525c-4994-a1ce-4fc502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fd71e68d-d005-441d-8ee0-7b5c1812bf8b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:46.000Z",
|
|
"modified": "2018-04-20T09:09:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'edfaea51fd99182341fe5c0b503b738c' AND file:hashes.SHA1 = 'fe6bd0ecd3dc1be10d3fbadf08075e22bac98ca3' AND file:hashes.SHA256 = '530607f9b54be981e420a7bca1d33d0fa180e6c42877beddeb23836cc440f062']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4c74c847-cc7b-492c-87b0-f33694b4c6ec",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:44.000Z",
|
|
"modified": "2018-04-20T09:09:44.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-01T04:41:40",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae58-1588-4412-b726-4e8402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/530607f9b54be981e420a7bca1d33d0fa180e6c42877beddeb23836cc440f062/analysis/1512103300/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae59-ac34-4d5d-b2f3-4d2802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "58/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae59-4bd8-45cf-8cf9-476302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--139196f6-be99-47ed-b809-73d2853fa944",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:48.000Z",
|
|
"modified": "2018-04-20T09:09:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e65541fea778be35e24b5dc27b866819' AND file:hashes.SHA1 = '79d8b1df541e1aadae1a59a4a10e24749803986e' AND file:hashes.SHA256 = 'e9a7b16189e27dff9ff67e31d09fa05e7f32658dfa56bb51feff8ca0cfb4eb85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0a753999-8af3-41ac-8ddd-dcc50453ed70",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:46.000Z",
|
|
"modified": "2018-04-20T09:09:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-28T04:51:14",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae5a-0c04-48b1-a181-43e602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e9a7b16189e27dff9ff67e31d09fa05e7f32658dfa56bb51feff8ca0cfb4eb85/analysis/1509166274/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae5b-1340-489b-a131-46af02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae5b-d124-476b-9894-4bf802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cc2b374f-3d33-44e7-a28a-aa0e6581036e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:50.000Z",
|
|
"modified": "2018-04-20T09:09:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0d2372f66e72cd334751ad39f9577686' AND file:hashes.SHA1 = '3c792497664d6244ed4593d7c1a7ff47706aae24' AND file:hashes.SHA256 = '4694e19504a1bbc0335c213bad487727ab75faab3bf29d92cb7e3d14a2d3a8d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--78ef6597-c29d-407c-90da-5c9ac51c0d20",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:49.000Z",
|
|
"modified": "2018-04-20T09:09:49.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-19T04:56:53",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae5d-4bb0-446c-9983-408f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4694e19504a1bbc0335c213bad487727ab75faab3bf29d92cb7e3d14a2d3a8d0/analysis/1519016213/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae5d-15a8-4996-8d17-47c002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "12/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae5d-11e4-48c1-b92a-428002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2b1058c5-64f7-4e3b-a392-29bf82262d28",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:52.000Z",
|
|
"modified": "2018-04-20T09:09:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7cdaf947fdcd6dbfc03f975a77d4a12d' AND file:hashes.SHA1 = '3415c7bfc040b417006f5f4ca6dea6080a19348a' AND file:hashes.SHA256 = 'e5d34b53cb6e4e111e167cf13b608b87f7ab7d43d7f08f995ae9f2c1139e8f51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d46ebad3-0ea9-4fa6-9449-2ed4fd77bda5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:51.000Z",
|
|
"modified": "2018-04-20T09:09:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-20T04:39:40",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae5f-c3bc-4e4e-bab9-4b2f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e5d34b53cb6e4e111e167cf13b608b87f7ab7d43d7f08f995ae9f2c1139e8f51/analysis/1508474380/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae5f-9cb4-47b1-bd2b-42fb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae60-c144-441d-a561-40ae02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a2904375-8986-41ef-b6b7-4cafbad88a0e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:55.000Z",
|
|
"modified": "2018-04-20T09:09:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0be9f7aa72c6ad4e138282ebb971ef16' AND file:hashes.SHA1 = '48b053a220182e475659502d1cacd4c30d50ee87' AND file:hashes.SHA256 = 'a0365a881396fa66719255cd617e5ef7e175343f28b7ee7ec347bf87811274c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dd8685d4-ae68-4e10-9a02-4ff2a38bd092",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:53.000Z",
|
|
"modified": "2018-04-20T09:09:53.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-03T14:18:18",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae61-f448-4c57-88b1-450002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a0365a881396fa66719255cd617e5ef7e175343f28b7ee7ec347bf87811274c0/analysis/1512310698/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae61-2700-4535-9534-41a002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae62-3c64-433f-ac73-442302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--61c11e5f-54fb-43cc-9485-ccf4f7f6c41a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:57.000Z",
|
|
"modified": "2018-04-20T09:09:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd0fdb7548795050ae3e7b4029b3e98f1' AND file:hashes.SHA1 = 'efd6815a6099d4d3a5f4e549bff436baa3be470a' AND file:hashes.SHA256 = 'fa8c301685d5ceb6a97b75f3bb665871e3ddf5b47410179dd7a55f4f3cebf4ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--23867c24-4af9-4a2f-bedc-dda5c1b39c75",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:55.000Z",
|
|
"modified": "2018-04-20T09:09:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T18:42:31",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae63-0ef4-4a38-a8f6-475802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fa8c301685d5ceb6a97b75f3bb665871e3ddf5b47410179dd7a55f4f3cebf4ab/analysis/1512931351/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae64-d6c0-471b-84b9-4ca902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae64-5600-48f5-a8ba-4d6e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--964d2d64-c17a-4c3e-91bd-80776bc6644f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:59.000Z",
|
|
"modified": "2018-04-20T09:09:59.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0dceec9a6b080d4bd9d14696259386c9' AND file:hashes.SHA1 = 'fe6672e154b70441b6d144ede426012cffec2e02' AND file:hashes.SHA256 = '444147472ba54f1f58776a84e98152ae28dfbca23602cb440a830fddd4a283cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:09:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6c20a0c5-39a6-49c9-aaf2-9fb0b1938633",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:57.000Z",
|
|
"modified": "2018-04-20T09:09:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-20T04:30:04",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae65-3d00-4242-8484-48ba02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/444147472ba54f1f58776a84e98152ae28dfbca23602cb440a830fddd4a283cf/analysis/1508473804/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae66-1118-44c2-8463-414d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae66-a434-4cf5-959d-478202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9393f4f9-b9fc-416b-92bd-4c090307ae39",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:01.000Z",
|
|
"modified": "2018-04-20T09:10:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'adac8ee518ffdc3d850fe66480df0d77' AND file:hashes.SHA1 = '46c92b1f400dc1af1e5563cded21a7b6d051eaec' AND file:hashes.SHA256 = '11117fe96292e5d5702f2c82e4b21c3cbc4234f13417b22ad963a9f746978482']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f22c7776-6135-4800-9901-5a4de6adee83",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:09:59.000Z",
|
|
"modified": "2018-04-20T09:09:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-16T23:32:50",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae67-ea44-4f97-864b-4c9602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/11117fe96292e5d5702f2c82e4b21c3cbc4234f13417b22ad963a9f746978482/analysis/1518823970/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae68-f8fc-4ea9-a17b-436502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae68-0a70-4d7d-9635-474302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c97afdae-f971-4e34-8ce8-c3f0151f6e38",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:03.000Z",
|
|
"modified": "2018-04-20T09:10:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0b2e3b4b0f7966745eab9308f9c7f563' AND file:hashes.SHA1 = '1ec05f2f0fd5cadb5ebd4d85d50989f69ad08661' AND file:hashes.SHA256 = '66af9dc27feb2b69729b82e4076dd699cc504c3c8dce943d2023c7bdeca00f2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--395fc03d-627f-47dd-a7db-71cf2e558e15",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:02.000Z",
|
|
"modified": "2018-04-20T09:10:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-19T01:08:06",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae6a-5110-4eeb-ba12-421802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/66af9dc27feb2b69729b82e4076dd699cc504c3c8dce943d2023c7bdeca00f2a/analysis/1519002486/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae6a-c9e4-4967-84f1-4bea02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "9/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae6b-680c-4667-8f1f-472702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e1867223-f5e0-4877-a819-9612307f3867",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:06.000Z",
|
|
"modified": "2018-04-20T09:10:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '818a695c9bf2b107c4394695a2f57528' AND file:hashes.SHA1 = '8fbf05caf42e5618cadb0343bcf4b249e33ceb22' AND file:hashes.SHA256 = '431e6a8252837a5e1c7c98aa9b72c1df4b21e34ae8c7e73882294097f140466e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c3feebd9-263b-4900-a98c-8bec8b9440f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:04.000Z",
|
|
"modified": "2018-04-20T09:10:04.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-26T13:08:06",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae6c-27e0-43fa-8aca-44f702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/431e6a8252837a5e1c7c98aa9b72c1df4b21e34ae8c7e73882294097f140466e/analysis/1509023286/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae6c-5a44-45e1-9c82-496d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae6d-7d7c-4776-96b8-422502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b805ea51-f04a-4f6a-8ecf-c9ec51fa83cb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:08.000Z",
|
|
"modified": "2018-04-20T09:10:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'feaa9e91b65701090f24d63b6454206a' AND file:hashes.SHA1 = '074e44100027996f616253eefe6ae4185b585899' AND file:hashes.SHA256 = '7c83266775aceac7e54b9d7db2620245520a52e854a5e61f5c5f2452a60432de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--15222292-8bfb-4e86-91fa-b0e4ec0adc58",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:06.000Z",
|
|
"modified": "2018-04-20T09:10:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T04:33:23",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae6e-64d8-4c6d-b94b-497902de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7c83266775aceac7e54b9d7db2620245520a52e854a5e61f5c5f2452a60432de/analysis/1511152403/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae6f-59b0-49b8-8d07-4f0602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae6f-012c-4be2-ad51-487802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eb42f6f1-2c60-490e-8e04-79cdc4144a37",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:10.000Z",
|
|
"modified": "2018-04-20T09:10:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4633642e88630f65f9661d0117535446' AND file:hashes.SHA1 = '9d47f46a1e364eda6b2ead54e22a9ffc61111027' AND file:hashes.SHA256 = '61cb5cbccb6d1c329cb1a641c3a74fd4a4521dee0d2d03e810f3f12303e0f1f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8c0ecebc-54db-4732-b8e6-8a3e388aadaf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:08.000Z",
|
|
"modified": "2018-04-20T09:10:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-01T07:00:55",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae70-31f4-4257-bf6e-4a5302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/61cb5cbccb6d1c329cb1a641c3a74fd4a4521dee0d2d03e810f3f12303e0f1f1/analysis/1509519655/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae71-07b8-4652-a918-492f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae71-837c-44e7-be71-447902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7967e5b8-00eb-4320-9412-e01a082c07ec",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:12.000Z",
|
|
"modified": "2018-04-20T09:10:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02ec2f2d6b01680a83378bd6c6c8144a' AND file:hashes.SHA1 = 'a1f3c47e5ffde75e7285b6bd891b4c8336dd39cc' AND file:hashes.SHA256 = 'a677a593cebda3734ab26828b65fd93b54bbc02199a080a26da61afcff29ae48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7300f602-1abc-44a4-9093-a7e2165d7a91",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:10.000Z",
|
|
"modified": "2018-04-20T09:10:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-08T17:27:25",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae73-7520-4e12-8f4f-4a5202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a677a593cebda3734ab26828b65fd93b54bbc02199a080a26da61afcff29ae48/analysis/1512754045/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae73-6c3c-43e0-a30d-432302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae73-f608-4a44-97ad-4bc802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6007d8cd-f034-477a-9e08-2fd715e5e884",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:14.000Z",
|
|
"modified": "2018-04-20T09:10:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aebe8f53070a8e5687641789666e9482' AND file:hashes.SHA1 = '50f9f2eae65ccb06723a3f470ebf338978b23277' AND file:hashes.SHA256 = '97702356739358d428d1e7c7ddcc8aa08379562b290edb12348cae2bc0ddbb32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--27e7462f-edef-4bff-b8fc-d526b1399b40",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:13.000Z",
|
|
"modified": "2018-04-20T09:10:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-27T08:43:40",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae75-b3d0-4c40-8ed8-4c1d02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/97702356739358d428d1e7c7ddcc8aa08379562b290edb12348cae2bc0ddbb32/analysis/1522140220/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae75-6744-4ff7-a920-431502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae75-aabc-43b6-898a-4e0f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--04a6579c-e5e5-4b9f-8941-c896ddbea402",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:16.000Z",
|
|
"modified": "2018-04-20T09:10:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '107fac484f2ba8f2b8b80a52a8631707' AND file:hashes.SHA1 = 'c50ab16bb0fa34aead71090ccfbe0d5f5556cfbd' AND file:hashes.SHA256 = '39974f2161bc0151692ae2f380d38b626f2b47904f92ce5706e29b2fe05122d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3c579ecb-1bdd-491f-bcae-9aeb77253f1d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:15.000Z",
|
|
"modified": "2018-04-20T09:10:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T16:45:10",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae77-3804-4787-b417-435d02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/39974f2161bc0151692ae2f380d38b626f2b47904f92ce5706e29b2fe05122d3/analysis/1518972310/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae77-abc4-4402-a2b3-49ed02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "11/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae78-8190-4174-80d1-4ebb02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--95c00602-db58-40f5-91c5-3b5abeb62f34",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:19.000Z",
|
|
"modified": "2018-04-20T09:10:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1c4badb1eb960a07ddacdeeed29c2d6d' AND file:hashes.SHA1 = '7cce23ad0e776f6d9bc4429cd657f164a589c948' AND file:hashes.SHA256 = 'a32a315ae45f62d26cdd22281a69932c83f147fc4e820a9cc7bf05bcc4680777']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5ef6db2d-f867-495b-9515-aee0b0c69572",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:17.000Z",
|
|
"modified": "2018-04-20T09:10:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-06T15:11:35",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae79-01f8-4fd6-aff0-499a02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a32a315ae45f62d26cdd22281a69932c83f147fc4e820a9cc7bf05bcc4680777/analysis/1512573095/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae79-3330-4aa2-9567-4a2c02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae7a-ac20-437d-aa5d-45e902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--927a32d1-3581-4660-a7cb-b3b983b1d2b6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:21.000Z",
|
|
"modified": "2018-04-20T09:10:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cff98f9196a16ae1aeb0fdba17121232' AND file:hashes.SHA1 = '0f877673d6c362ebdf418e38143c5817c24917d0' AND file:hashes.SHA256 = 'b4e2b99c18bf61acedaff5b1908a212470eb902ddfe8e164e01ffcfbab19834b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f5e79c89-6ae1-40b3-8d64-7ccc44962818",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:19.000Z",
|
|
"modified": "2018-04-20T09:10:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-26T03:58:13",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae7b-7a30-49f5-9b48-41ac02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b4e2b99c18bf61acedaff5b1908a212470eb902ddfe8e164e01ffcfbab19834b/analysis/1514260693/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae7b-6f00-437e-a64f-445502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae7c-6f40-4ee6-8603-44d902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--33ada061-a11c-4b80-bfe1-2a219c8b4216",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:23.000Z",
|
|
"modified": "2018-04-20T09:10:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '05bef52c0d184f19d99d55e90aa2a40f' AND file:hashes.SHA1 = '052c2631b3af54323f2514827b1413084fdaa62f' AND file:hashes.SHA256 = 'bc782f40d16fd6574c1e84edd0728470f426a31d2ff94e4bbb87a19cf3992048']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4d75191a-9322-46a4-8bb1-28edd400300e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:21.000Z",
|
|
"modified": "2018-04-20T09:10:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-20T17:54:27",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae7d-5088-4dfc-9929-4ede02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bc782f40d16fd6574c1e84edd0728470f426a31d2ff94e4bbb87a19cf3992048/analysis/1519149267/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae7e-9de8-40c7-9a5d-4f7302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae7e-1948-452d-906e-491302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--231da622-eca5-46f9-8b3d-7a60271bbf5a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:25.000Z",
|
|
"modified": "2018-04-20T09:10:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd0f9b66595164fd1c9dac24d60feeba3' AND file:hashes.SHA1 = '637fd31d870fda81f19378df838bf639dcfd3492' AND file:hashes.SHA256 = '9c6def0cb6963372a10888e6f702d80381559a29db1da32ab149273b3d10ca34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d8b83106-c718-4884-bc69-e1ec3157b231",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:23.000Z",
|
|
"modified": "2018-04-20T09:10:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T01:58:13",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae7f-2a24-4506-a49f-459f02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/9c6def0cb6963372a10888e6f702d80381559a29db1da32ab149273b3d10ca34/analysis/1508896693/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae80-3124-45f5-b863-459a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae80-d2a0-4d79-8ea4-419102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--900b2299-4d91-4311-8eb6-3d8dcde3c53e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:27.000Z",
|
|
"modified": "2018-04-20T09:10:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5d02896f184bdc95400b10d02227177c' AND file:hashes.SHA1 = 'a129959a7e2b279273942088665fbebf521c2a1c' AND file:hashes.SHA256 = 'e9bcf85599744033e320f5031ecc8157e0498a42d699cb175d7242c95b9f4358']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ba9454c8-868b-4c61-99a5-7f1c6eaba02e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:25.000Z",
|
|
"modified": "2018-04-20T09:10:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-01T14:22:53",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae81-ac90-4144-a381-4dbc02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e9bcf85599744033e320f5031ecc8157e0498a42d699cb175d7242c95b9f4358/analysis/1509546173/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae82-71d4-4701-9c9c-4a0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "41/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae82-f644-4a06-b8f4-4e2402de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--123260f2-c093-487a-8da6-0a38a26956b0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:29.000Z",
|
|
"modified": "2018-04-20T09:10:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '057f0c2b9a3377366ea36bc8f4454b40' AND file:hashes.SHA1 = '9c385db869ef98dbe7df24e509f336d2307504c1' AND file:hashes.SHA256 = '1d70d1eb3210984b8d2c3c62ca6ade7b018f44688d009cbde3c2c214224a3ffb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--52bb8f52-813c-42b9-b810-935626ee2a80",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:28.000Z",
|
|
"modified": "2018-04-20T09:10:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-20T19:59:05",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae84-fb88-4f10-a31d-427b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1d70d1eb3210984b8d2c3c62ca6ade7b018f44688d009cbde3c2c214224a3ffb/analysis/1519156745/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae84-9d64-437f-92fd-453a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae84-5e44-4aca-9715-4aaf02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b9967b9a-c9d0-48cf-8c84-d7527995794e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:31.000Z",
|
|
"modified": "2018-04-20T09:10:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '59e614f10a687b16c08b684ffbf5c556' AND file:hashes.SHA1 = '239958c1d53838bee3c7559df1a4bd60333e0a3e' AND file:hashes.SHA256 = 'ad7c7472d980025e3edbab89988fec2d5776b4f72b0757c2b1dac54d1c991c37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bf02e3cf-264a-406b-bafe-860ff8d96eae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:30.000Z",
|
|
"modified": "2018-04-20T09:10:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-07T00:34:15",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae86-10b8-4b4b-84dd-425302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ad7c7472d980025e3edbab89988fec2d5776b4f72b0757c2b1dac54d1c991c37/analysis/1515285255/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae86-b91c-48aa-bb52-4ef202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "39/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae87-cd30-4c96-85e7-451c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1aa193f1-c768-4a16-a2cb-0c0381dba191",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:34.000Z",
|
|
"modified": "2018-04-20T09:10:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bdaf573f5f56f4542196d69e9af17b60' AND file:hashes.SHA1 = '0700816b242e950ca16e58e33f8c31d173b9371a' AND file:hashes.SHA256 = '973c024f2af38334bfe80a5c1fc2f96b2215397124ff08110e3c96aa986e7440']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6bd8fb6f-dd9f-4d3f-aa56-e4c18e904991",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:32.000Z",
|
|
"modified": "2018-04-20T09:10:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-06T18:52:52",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae88-925c-4dad-a805-4db802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/973c024f2af38334bfe80a5c1fc2f96b2215397124ff08110e3c96aa986e7440/analysis/1512586372/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae88-c50c-4080-b3f4-419902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae89-63ac-4e9b-a6cb-475802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--67459c2e-6974-4168-a4bb-0c94041b7a1c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:36.000Z",
|
|
"modified": "2018-04-20T09:10:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4e70fdc8daeb5407f94ae0fc08153a69' AND file:hashes.SHA1 = '1bf33d2d59953981ceb693ae5a2c83f5050965e8' AND file:hashes.SHA256 = '3ed671f4ea7e92ef0e0bf61e7bacc0b7a2a82ccea73a53e7cde66e3497a86520']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d2ae4a97-361c-42ac-90f2-42867b1bec12",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:34.000Z",
|
|
"modified": "2018-04-20T09:10:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T01:50:11",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae8a-a5d0-4e20-ba24-495e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3ed671f4ea7e92ef0e0bf61e7bacc0b7a2a82ccea73a53e7cde66e3497a86520/analysis/1508896211/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae8a-2fe8-4e4e-9052-4e9602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/63",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae8b-edc8-415e-bc6d-4f7f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7ee2136a-174e-41ca-8e77-c55b330a2d7d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:38.000Z",
|
|
"modified": "2018-04-20T09:10:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '021828ddd4e024644001a759bb4829bf' AND file:hashes.SHA1 = 'ab2192f0ac57ebfb3a16062b1aad790c7acc9e96' AND file:hashes.SHA256 = '06c65a259d7c96000fcec97a7d8c5b6c4d0c8b8e52ed1d45c934a50d0369b3eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4dcb2323-6adc-4e6f-9a4c-4da633df6bfa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:36.000Z",
|
|
"modified": "2018-04-20T09:10:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-16T22:30:34",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae8c-74ec-4a7d-a484-4f6d02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/06c65a259d7c96000fcec97a7d8c5b6c4d0c8b8e52ed1d45c934a50d0369b3eb/analysis/1513463434/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae8d-71a0-4345-8b02-448902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "59/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae8d-a1d4-4713-b8b0-4db302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a558cc1a-df6e-4ddd-bd8c-694a27a2e298",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:40.000Z",
|
|
"modified": "2018-04-20T09:10:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0bccb0c7a3e542a36ec6448c02efc415' AND file:hashes.SHA1 = '380d90a3fd1606c22c16ddc9f3b04426c37abee0' AND file:hashes.SHA256 = 'a7d667e9d67d4b7db00c52572ca1e945b1aba8139dce9c647b8b9bce89ba45e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ff7f2a21-2be3-447a-9137-7fd1eb8a7100",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:38.000Z",
|
|
"modified": "2018-04-20T09:10:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-27T14:32:39",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae8e-29a4-457f-b45d-481b02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a7d667e9d67d4b7db00c52572ca1e945b1aba8139dce9c647b8b9bce89ba45e0/analysis/1509114759/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae8f-f89c-431d-82b4-46ba02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "54/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae8f-2598-4825-8ef4-40ce02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--966e7ca9-3fb4-4d2a-8c16-b8911848b40b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:42.000Z",
|
|
"modified": "2018-04-20T09:10:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '30da06d9c1d3c8bd4f90256e56af0d8e' AND file:hashes.SHA1 = 'b13be4845ad3c6fe74719fcf13c8d69f4640c24f' AND file:hashes.SHA256 = '19a5f6fc34e531409c787b00444671b44a5c11dec0dafab0e0ef699de29eea6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6b683fae-c19a-4048-a4df-87877482042a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:41.000Z",
|
|
"modified": "2018-04-20T09:10:41.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-24T05:13:02",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae91-ed3c-42c2-96cf-422802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/19a5f6fc34e531409c787b00444671b44a5c11dec0dafab0e0ef699de29eea6d/analysis/1514092382/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae91-05d4-4b99-965d-4b3802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Mikey-6502276-0",
|
|
"uuid": "5ad9ae92-74ec-469d-ab7b-450302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--871505a5-67b3-4e0e-a061-771e9e689bf3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:45.000Z",
|
|
"modified": "2018-04-20T09:10:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ad21e171d278d27ccebfbc9b2d4d0992' AND file:hashes.SHA1 = '8cdfd3e94086a82b4fc9579d7e6fbe42c0b253cb' AND file:hashes.SHA256 = 'ba975d346f8f543f348e1e42f03bf50167045740b321ae6dc8a8497e608e8766']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--da838904-52a0-4aba-a34c-444c519ca9e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:43.000Z",
|
|
"modified": "2018-04-20T09:10:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-30T16:49:06",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae93-0bfc-44da-8f39-49ba02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ba975d346f8f543f348e1e42f03bf50167045740b321ae6dc8a8497e608e8766/analysis/1509382146/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae93-d184-44b1-b0c8-493902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae94-eb74-416a-8536-485702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b1c027bf-e678-4107-9332-782883a20df5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:47.000Z",
|
|
"modified": "2018-04-20T09:10:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = '01ebe810b6d69d0f6588191c333d6106' AND file:hashes.SHA1 = 'af14fd59d99d16ff6fd967986d000bb8a773b6ba' AND file:hashes.SHA256 = 'f0bfcb581935377def575a18a89290427d335c95da6781b11d1ad91711cb4a81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e18d455e-9797-4cfd-bc4e-7f58784671eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:45.000Z",
|
|
"modified": "2018-04-20T09:10:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-18T16:32:37",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae95-1f30-407a-8383-435c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f0bfcb581935377def575a18a89290427d335c95da6781b11d1ad91711cb4a81/analysis/1518971557/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae96-88a4-4dfb-a877-450702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "9/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae96-8874-4c70-bf40-4b4c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2eaac486-82b0-49c2-8dc7-c0e0d1334bc5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:49.000Z",
|
|
"modified": "2018-04-20T09:10:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bf09e291cb6a4aff8e1eab04efe7bf13' AND file:hashes.SHA1 = '699171ae82700a702a02ba5cc0743f08814e4f18' AND file:hashes.SHA256 = '09574981553c2729c9779beee8e6007734f932a155de278eb46d9fc557c39400']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4880b0ee-33df-4e81-8a32-8f53fabe84e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:47.000Z",
|
|
"modified": "2018-04-20T09:10:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-31T02:04:36",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae97-ce3c-45fa-bfd8-470602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/09574981553c2729c9779beee8e6007734f932a155de278eb46d9fc557c39400/analysis/1509415476/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae98-1b0c-4afa-8876-4e4202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "52/67",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9ae98-cc8c-4e46-aaf0-4d2c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f74b8766-0e2c-48dd-97fe-7a6bcbd3683f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:51.000Z",
|
|
"modified": "2018-04-20T09:10:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '05c9bafd172cd4832bf57ac9bc7e37c9' AND file:hashes.SHA1 = 'fcf95beedf57b54a8891eb8b1d91d9d9762e052b' AND file:hashes.SHA256 = '04ead5ee82c762a26e1dc0e6a8b21c54669c771cca0291b5d41282d2e73a7fc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d5e5151a-6fe7-4aea-8c1b-f384641f3de1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:50.000Z",
|
|
"modified": "2018-04-20T09:10:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-01T08:09:24",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae9a-31f4-423c-a7e7-496602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/04ead5ee82c762a26e1dc0e6a8b21c54669c771cca0291b5d41282d2e73a7fc0/analysis/1522570164/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae9a-1f84-4938-9069-4a2402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/64",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Startsurf-6502245-0",
|
|
"uuid": "5ad9ae9a-533c-4b7c-af73-42a302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e508395-c56b-44f3-8d8f-c27378c24948",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:53.000Z",
|
|
"modified": "2018-04-20T09:10:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ab282b76982e4d9dc477732a3aecd93a' AND file:hashes.SHA1 = '3ee8a12b2110b21ceffb54942a0b925bc5a44c26' AND file:hashes.SHA256 = '2df889657dd28f91ea10c08d5a72cf890bf142a6fb4928520ecdefcf708cc2b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--91d65c73-3c78-4c78-9b43-04795a21d2dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:52.000Z",
|
|
"modified": "2018-04-20T09:10:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-30T02:21:49",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae9c-0308-4a0e-b903-413802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2df889657dd28f91ea10c08d5a72cf890bf142a6fb4928520ecdefcf708cc2b5/analysis/1512008509/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae9c-0444-43f1-808d-484602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "55/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9ae9d-f4ec-4a77-a68d-473b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ce1148cb-ccbb-4534-a264-987b0a02387e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:56.000Z",
|
|
"modified": "2018-04-20T09:10:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '04b1767fc8c7576329d0d9f130570483' AND file:hashes.SHA1 = 'd564f1a814aa7ee497506900e9f6f08dac802a62' AND file:hashes.SHA256 = 'e122d91eb62a33c8b4ef56b2299caf2f58fd4e48694c97e06c92f858497cf860']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7b05f522-f1e9-4890-b0bc-3dcbcd58388e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:54.000Z",
|
|
"modified": "2018-04-20T09:10:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-02T19:09:49",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae9e-f694-429e-b42d-4fd402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e122d91eb62a33c8b4ef56b2299caf2f58fd4e48694c97e06c92f858497cf860/analysis/1512241789/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae9e-2d60-4ad8-9350-427d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "59/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Upatre-6498441-1",
|
|
"uuid": "5ad9ae9f-10e0-42eb-bddd-453702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8ed19c62-1efa-47b5-bd86-5ce3ea96eea3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:58.000Z",
|
|
"modified": "2018-04-20T09:10:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9164bbb56803391261d42d9ee69b42da' AND file:hashes.SHA1 = 'b8aaf98dca8a84eee3bb4151fa66ae61d51e5331' AND file:hashes.SHA256 = '2593e0c6d66d36c7d8b3061f3c242875113310a2939f89aea73eda1397e44e31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:10:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ba0df232-2b85-4c6e-ad5f-0bf6e12cc26a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:56.000Z",
|
|
"modified": "2018-04-20T09:10:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-28T14:24:09",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9aea0-ef24-497a-8710-41e702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2593e0c6d66d36c7d8b3061f3c242875113310a2939f89aea73eda1397e44e31/analysis/1509200649/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9aea1-bf6c-46c8-a310-4f4202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/68",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Neutrinopos-6500704-1",
|
|
"uuid": "5ad9aea1-73f4-416e-90ab-46c802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c750f8a8-1526-41bf-9e8c-3ac273664df7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:11:00.000Z",
|
|
"modified": "2018-04-20T09:11:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ed1ef9158da2ef353c31613b649d906b' AND file:hashes.SHA1 = '3766378217eea6e7047771e0108983000c697321' AND file:hashes.SHA256 = '61ff6f5d48f02c0a5b7a28936f8aa9ebad2344f3552608fae2ce3f14a9bf14d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:11:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1d1ce1a4-cf6c-4dee-83fd-c67c479b0e7b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:10:58.000Z",
|
|
"modified": "2018-04-20T09:10:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T02:00:00",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9aea2-54d8-4f03-8d4b-4d0c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/61ff6f5d48f02c0a5b7a28936f8aa9ebad2344f3552608fae2ce3f14a9bf14d4/analysis/1508896800/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9aea3-2c28-4930-9798-497902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/66",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9aea3-5c50-408e-ba63-471302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0b93c146-e37e-43df-8900-5c0faf08a5f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4a6b63f1b4efaf59a4343f3fed896026' AND file:hashes.SHA1 = '59e38dbfed36c465202cea50f908d445da969098' AND file:hashes.SHA256 = '3f2925b26b0f0b0f141346d8a654a74704d9326492537de17518bd6fb11671e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T09:11:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--066ffd6c-1f8a-4876-b8e7-4c6c950c58d8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:11:00.000Z",
|
|
"modified": "2018-04-20T09:11:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-18T15:51:50",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9aea4-1d30-4edb-bb10-45d702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3f2925b26b0f0b0f141346d8a654a74704d9326492537de17518bd6fb11671e8/analysis/1508341910/",
|
|
"category": "External analysis",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9aea5-f118-412f-a4b3-490e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/63",
|
|
"category": "Other",
|
|
"comment": "Win.Dropper.Fareit-6500687-1",
|
|
"uuid": "5ad9aea5-ed30-484a-babd-475e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--aeb1b27a-342d-47fe-8811-1ff006ad28fd",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d8250151-a555-4e5e-9239-e4d6a705c550",
|
|
"target_ref": "x-misp-object--f18a6769-9119-4ce8-8261-38c8c36c6d48"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f513dd53-0116-49b0-88ca-5c277bb0f177",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5667d69e-d4e0-49ff-b66d-ee9c0d1606a0",
|
|
"target_ref": "x-misp-object--2777d3d2-815c-4e73-92b3-e7c5f6a6bb4f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--53413958-9202-43c4-8b20-995269e4b13d",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a0f795c-3740-4127-ae11-5719c06e4613",
|
|
"target_ref": "x-misp-object--ff6c2680-4cca-4e84-aeef-dbf889d731cb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ec0c2ea8-2a59-460c-9c95-8961d7fd7511",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7f770580-9cd5-4055-8779-f7214ff95236",
|
|
"target_ref": "x-misp-object--ee0ed29e-9ebc-4abb-b406-61d5e5e7d74f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2eaf13e2-7b68-4b46-af9e-7f9cf99274ee",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--16dd834b-161d-4a5d-a463-e0fe0c82ddb8",
|
|
"target_ref": "x-misp-object--c2c034d9-7fc9-4b07-b85e-b77886481632"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--705c72c8-3e68-4c82-87d9-830db40274bb",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1c3353ab-72a9-4b8d-bf7b-26b82f95bcab",
|
|
"target_ref": "x-misp-object--ca39f2b2-ab66-4b27-b7c6-c0e6031aa3c6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--59f5e5ad-0688-4519-839d-c1664983c9c2",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4bbac67b-db88-4ff1-b57e-99611cfee662",
|
|
"target_ref": "x-misp-object--7d0a5db8-4b69-4b06-b514-861ac2bcc9c8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--86ace387-b45c-49b8-9e50-7572f28d9217",
|
|
"created": "2018-04-17T09:38:24.000Z",
|
|
"modified": "2018-04-17T09:38:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--38195b20-39ab-4f46-a15f-4cac8fa71f0b",
|
|
"target_ref": "x-misp-object--b9326c01-9fbc-4562-9806-9eb7f18f1658"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--81c851f0-a8a9-423e-ab8f-744989fc7d10",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--23168de0-12c0-4447-aecb-32d09f2215d6",
|
|
"target_ref": "x-misp-object--6ffec30e-27e2-4994-b80e-41bbfc7b35ca"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--79cb4d1f-5223-41a5-b762-58cf9264888c",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3797aea4-eab0-4f22-9e6d-a1a543cb0009",
|
|
"target_ref": "x-misp-object--bc2915ec-2b50-47b9-abaa-3481306c33d2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c70a7907-af61-4c7a-b38e-ee6d90312d2f",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d9bd8f68-4507-4e45-b3b2-51b238bf210c",
|
|
"target_ref": "x-misp-object--e050e2a6-56c7-45ff-82a3-771b9fed5773"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--deef7b62-a715-434d-9142-7291cba7befe",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bdfb2aaf-fbc1-4f37-a1c2-3d2e7ab849e4",
|
|
"target_ref": "x-misp-object--0b1fa52a-e14a-41b1-870c-6f2f34beb767"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cbda5d89-4c17-4901-a705-8ee56a95b3c0",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5bf3dff0-e75c-4c33-b4a1-eb598f12b360",
|
|
"target_ref": "x-misp-object--52911c0c-a5de-4e05-b24b-f95bc38926b4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--abc27080-fcbb-45fc-a080-b668be290e68",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--614923b5-0de4-4fc9-a207-736b5e32740d",
|
|
"target_ref": "x-misp-object--8ea75fc7-ff1e-45ce-806b-6542e4d5da9c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--88ddd1b4-3149-4575-a744-d258deb20cd8",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--995bfffe-f2bd-4180-9982-f4700327897d",
|
|
"target_ref": "x-misp-object--bdda72e7-74f6-4a7e-9ce2-860f07a867cc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--92d898a0-9f5e-4654-96e9-ca011159b3a9",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3d6d671b-63e1-4e34-add1-f1ac1def5d61",
|
|
"target_ref": "x-misp-object--73b55eba-1b5c-4404-a1fe-f8776317e5db"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d07146f7-0137-414f-995d-ebc27af83e03",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4faa8c04-91b8-4cae-a6e4-b7e025fba6fb",
|
|
"target_ref": "x-misp-object--2c7fb252-23a4-4d0f-a7d2-38ef26d62292"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--68390a3c-af55-4a92-abd3-5c9bd2a8afa2",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--973396c7-45b7-4106-addf-ac2d80c845bf",
|
|
"target_ref": "x-misp-object--caf0696e-f479-451b-87c4-55c4e29e725c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--67a33928-1c08-4f3a-b275-b8c1529613b0",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--54f5c200-a42b-4430-bbf0-b9669a922753",
|
|
"target_ref": "x-misp-object--3c6123b5-074a-48ac-8e18-eacd3427f3e0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5478c2ce-7c55-4b78-9275-ba2d80968474",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--31544fd1-56dd-45f2-b82e-92735845680d",
|
|
"target_ref": "x-misp-object--3c388591-92db-40b6-ae4b-b929b333b015"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--259aae57-7643-48cd-9a08-4864c9592649",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--112a8e0b-9c16-4653-b33c-dd0c9395e5f1",
|
|
"target_ref": "x-misp-object--3c1121a3-79bf-4e3d-9f13-9a8b93a071cb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fa9ee0a4-c4d4-4cd3-b401-1acef113b628",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--94710067-d371-4822-8b18-19de4086162d",
|
|
"target_ref": "x-misp-object--682b1d3f-030c-4473-ba89-9cd2fe00057c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--20f191d8-8dce-4c82-b328-e809f85a993d",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4801e439-9b95-4e31-b323-19141dc9f661",
|
|
"target_ref": "x-misp-object--49706bc5-c3ca-4603-9c8c-27e7b7da5aea"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fb0aae79-1f6b-4282-a83a-3d263874941f",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a323b8bb-713c-49d2-9182-c5c82a7ad35d",
|
|
"target_ref": "x-misp-object--3b0a52e2-f7d8-4624-9306-b85a5d163797"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4f4de85a-8cc9-4e84-95f9-7693eb86c2a0",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--471e1471-53fb-4110-b102-8cce0d58cf5b",
|
|
"target_ref": "x-misp-object--afea6952-1d7c-42e2-8600-2db8d77a821e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--90e16fbf-3fe9-45f8-92b8-cd1c1e961a10",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7db6a294-00d5-4a9d-b4ff-29e484eb8d4a",
|
|
"target_ref": "x-misp-object--4f42f6bc-bc09-4beb-b412-645e35f3d61c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9d15e6d0-1b31-4c27-92df-cc4d682d33b1",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--30ffb028-4ee1-479d-ad8e-b16c1c787b24",
|
|
"target_ref": "x-misp-object--cdd6e30a-cb0d-4276-8b1c-208f8db7873c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2a09145c-eaab-4547-8d8c-53c91ad82fe8",
|
|
"created": "2018-04-17T09:38:25.000Z",
|
|
"modified": "2018-04-17T09:38:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--58e315b7-b23a-4232-a7df-24c01f2c6147",
|
|
"target_ref": "x-misp-object--a8ef1585-9219-4fd3-82c4-fd44b510ec44"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f5929fc7-a00f-48d7-93bd-3ea82e7fc1cc",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--eead743e-4f7b-417e-ab5b-754be3ab4639",
|
|
"target_ref": "x-misp-object--44db359a-2322-4199-b7b2-ad7047055145"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ee051d8f-ee4b-49c9-a534-b394b581023c",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c462c18c-5dd2-474d-9bdb-683249100648",
|
|
"target_ref": "x-misp-object--51803a65-599e-4c65-a62e-47cedcfdf679"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8ca0a5e1-d149-4093-a314-341978723835",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--24579f89-a5e2-40a1-b402-1a3f503a9fee",
|
|
"target_ref": "x-misp-object--4df065d3-0e9e-474e-99f0-ddcfd2163f78"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--900a697f-b3a6-42c8-a1a8-2794f0e0d175",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8e397422-74ed-45d1-9b6a-68a3333869ce",
|
|
"target_ref": "x-misp-object--3136bde9-7b09-4380-9688-b316ff8030a3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ab0e267a-7645-4797-a69e-3d79bfb457a1",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a9fa6c94-efe8-4dbf-b103-c24ab19cbbf7",
|
|
"target_ref": "x-misp-object--62a360ce-dbdb-4fbb-8e80-7ce96f87946c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9ecc2a20-e85e-4518-9e87-b7c9d4293f43",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f165aa6e-5d89-4258-8673-39c9f6b9948c",
|
|
"target_ref": "x-misp-object--85cfd077-9915-43ee-80d6-d145645df836"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b129c3bf-ef1c-448a-bc40-e4f663f99f93",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--475a6596-dcd2-4cd5-bde7-91710d2635ae",
|
|
"target_ref": "x-misp-object--20aa948a-2c13-4806-97db-a0b7b736ef88"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b2c02ff1-18fa-4f84-b4e6-468df3df4339",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f66345c9-da87-4634-807e-95b40b3f7829",
|
|
"target_ref": "x-misp-object--4f729230-95ef-4dd1-8e92-e3ca84fde7b0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--16a2ca59-8e37-4e06-aa67-93a933931408",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3ec767cb-63b7-4634-936d-ec2c72b7f414",
|
|
"target_ref": "x-misp-object--e68803ee-8f52-4a45-b1ad-fadc751112e0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--162ac781-c5cd-415f-9ac3-050460173f3e",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2f1a76d0-7049-4e63-b652-573bad749c33",
|
|
"target_ref": "x-misp-object--66400a8a-058c-46d1-be9e-5e0a8e28a098"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8a5e4034-9ac2-48d5-9bb9-5e36af3bd31d",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e7bf71e1-5ed5-46ce-8ba8-a1f4f00e8d19",
|
|
"target_ref": "x-misp-object--92a63283-9df8-4cf5-831d-a1d429ae0a04"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9ec7827b-0dd7-4a65-957d-ad8a6e19a6b4",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1c7451e3-1e01-469b-87a2-8fe5a7a8a1b3",
|
|
"target_ref": "x-misp-object--4f0576c0-d450-4279-9daa-96479dfa26ee"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ef0973da-3965-4b91-b47e-04b96595ee25",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--fe05184f-77b8-4157-80b7-07aa043c9936",
|
|
"target_ref": "x-misp-object--2f79727e-28c0-423d-9ed6-8cbf85e2b518"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a615abe7-96df-4f68-97ba-08e8d3b74eeb",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3732f786-fed1-4ec0-81a2-cf90bac3e268",
|
|
"target_ref": "x-misp-object--dc2dd4e7-efc4-4d62-8c13-1af4257ee137"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--da52817a-19bb-4071-b96f-53511b30a27b",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3bf3ae13-b58d-4f5d-8469-5a34c8122639",
|
|
"target_ref": "x-misp-object--409f2f05-3619-4f32-9c87-2ba0be7d1f14"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4e9e7834-f945-41d4-95b7-86c25d44f61c",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ca3966ec-726d-4dcb-81f4-39c21bce3b57",
|
|
"target_ref": "x-misp-object--54df5a27-b7e9-4370-b86a-434bc5c4bfb0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c1600516-3e67-4fde-8be8-32b2b73210c2",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--54175632-8cf7-4b49-934a-da9ed750f839",
|
|
"target_ref": "x-misp-object--1602037e-3d0a-4d7c-aad4-690589211f3d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6450b19d-a614-41a2-8bcc-1d0103af4c75",
|
|
"created": "2018-04-17T09:38:26.000Z",
|
|
"modified": "2018-04-17T09:38:26.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--22060082-286e-4e92-a9de-5932cc66684c",
|
|
"target_ref": "x-misp-object--da7a7be3-a8bf-4a4b-942e-6366ca70d287"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--221e2a72-be54-4537-9b4b-0bf95ae35c93",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bc3cbc70-c086-48a4-8c6e-faf4f66dc4fd",
|
|
"target_ref": "x-misp-object--fe8692b8-47ed-49ae-ac84-c200cf0fb40b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--20c2ab40-cedf-4fa7-a177-375d5f8f6885",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f971946a-c11f-4e87-958e-b1216469856d",
|
|
"target_ref": "x-misp-object--7fc03e03-5dfe-4d7b-9ca9-d4f2c47233fb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a424c92f-fbee-4fbe-8157-6dfeba329057",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--820f1598-4c73-4860-8239-acc32c501496",
|
|
"target_ref": "x-misp-object--686748b5-288c-48a2-9596-1fc1e96df87b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b3ab01b7-8385-4def-aa9f-9c93c987f902",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9b31f6f2-1afa-4cc1-b1c9-3939d61c351e",
|
|
"target_ref": "x-misp-object--c3012495-b7ed-4916-9049-53b6c65ac11b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--20a457d5-26ec-4475-8dd5-61dab4ded549",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4febf0f3-b71a-45e4-baed-ebd75779a918",
|
|
"target_ref": "x-misp-object--872d5324-22bb-4366-a495-9cfe1ab1fcb8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--beb207a2-6bb1-4084-bd20-e6615c27e6da",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b366383d-8567-41d5-8bd2-098a72d6410b",
|
|
"target_ref": "x-misp-object--c18455f9-0c99-40ad-9307-b6c207b78199"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--04be0f1b-5e79-4dff-90a6-9a78b443500e",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--338c09b1-8889-4266-bc9c-9b6198986d8e",
|
|
"target_ref": "x-misp-object--ed59d7cd-6596-4802-b2c8-8bc71943c90f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--62ad4326-02bf-47ab-b0cc-f79585e93d77",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9b0cbf41-9f55-4c12-af30-95638bcb9724",
|
|
"target_ref": "x-misp-object--ddd0eeec-07f6-4e82-aa68-2237276ef93e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e20408e9-58a0-4722-a07b-850620582044",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--23d68864-87dc-40f6-8bdb-0382a2de717f",
|
|
"target_ref": "x-misp-object--6a099e7c-a5dd-400b-8bca-df7575a5f1e0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--93b642f4-01f0-486f-b0ac-b3cd80313335",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bf50fe3f-7ce4-4162-bee5-5b58898ff862",
|
|
"target_ref": "x-misp-object--e031d087-ef4b-4824-9859-b46854c2939b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9a0148f7-5e5d-47bc-9361-63881815617e",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a2d09237-7842-4a7c-9966-66901fed8c9d",
|
|
"target_ref": "x-misp-object--f2130b6f-d3b1-4d06-9938-964ee58f732c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ee7446f0-26d3-4adb-ae05-5039d90dcf6c",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--93d0b571-4b57-409a-8616-fe681227c5b0",
|
|
"target_ref": "x-misp-object--ef46be73-9a3e-44c3-83c2-4ede304d137b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b71fb009-4bee-49ff-b60b-1e17a795ed4e",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d3888401-a744-46ca-af6a-ebd96da536f0",
|
|
"target_ref": "x-misp-object--d0fb5f61-30c3-4b2e-a514-31fc3fff048f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f27cd957-54f3-4437-90ba-64a6fa2ea451",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--48f7985a-f575-46f2-b2a6-d8f9f349e20d",
|
|
"target_ref": "x-misp-object--1ef1d86b-f368-4bf7-899f-8e2141bf5ae7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--711b9012-aec0-413e-a117-a85130feeeb8",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bbb9a50d-b258-4447-b8a5-c15bf7581ae8",
|
|
"target_ref": "x-misp-object--0a443b7d-1866-4230-b65b-dedabfe03e83"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--999c16e3-6819-4d14-ac26-0fe2b971edd0",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--34f4e2b6-3c81-4759-984f-86d7b4918862",
|
|
"target_ref": "x-misp-object--332bc7c4-5a4e-4d1f-ad95-ba547a1bd03d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--eec8c1a5-1c81-45bc-a90c-a5450e1cce85",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d1fc796f-8f35-4217-a3cc-d034728cab47",
|
|
"target_ref": "x-misp-object--91de0b6e-f4f2-43e9-8ea7-3f3e5341eecb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6f511e0a-4267-4156-9a90-3b328d0e4d9e",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8d5831df-85b4-49dd-ac0e-a65280af1025",
|
|
"target_ref": "x-misp-object--0475bcfd-dcdf-44d2-87b0-2083883a290c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3d004b74-ec80-4a38-8170-e96c8c504e68",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2bd61b04-6327-416d-b613-a56d7c4a6dfe",
|
|
"target_ref": "x-misp-object--610984d9-b024-4156-9823-26b761e17e15"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--06c15cf8-763a-42df-9899-a3b95d25bac4",
|
|
"created": "2018-04-17T09:38:27.000Z",
|
|
"modified": "2018-04-17T09:38:27.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7bebd57c-bb57-4da1-a8b1-97fb53694f80",
|
|
"target_ref": "x-misp-object--4d3f77ed-8659-4a4c-8a0f-65c772c7a7fe"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--25337171-cae3-4641-b485-1c1a522861dc",
|
|
"created": "2018-04-17T09:38:28.000Z",
|
|
"modified": "2018-04-17T09:38:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b91d5808-92ad-4fa7-9b4d-7348cc563091",
|
|
"target_ref": "x-misp-object--7994aa0e-7f14-4988-8820-5ffe04a261d1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6089b2a0-17af-4550-9abe-6a41a953f0f0",
|
|
"created": "2018-04-17T09:38:28.000Z",
|
|
"modified": "2018-04-17T09:38:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f46250f9-0e9b-4e25-9bee-b06e384c3a53",
|
|
"target_ref": "x-misp-object--c4796178-b6f0-433b-96a2-9b72e558e59a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a51876ee-4676-4001-8a27-cdb8ee72dc52",
|
|
"created": "2018-04-17T09:38:28.000Z",
|
|
"modified": "2018-04-17T09:38:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--911c04f4-f1f2-44c4-8242-c69e588493f0",
|
|
"target_ref": "x-misp-object--d436e73b-9629-4c08-988b-73650cd12315"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--338103f7-cc64-4ccc-a7be-a301d602395f",
|
|
"created": "2018-04-17T09:38:28.000Z",
|
|
"modified": "2018-04-17T09:38:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c878521d-9b6b-4046-a3d2-fc9798c3c8df",
|
|
"target_ref": "x-misp-object--03a28507-7341-429a-afef-14f0e4faeae6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--624709da-f03a-4312-9167-218081e25095",
|
|
"created": "2018-04-17T09:38:28.000Z",
|
|
"modified": "2018-04-17T09:38:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ac554dac-0487-4973-be4d-4d2efbcfc1b9",
|
|
"target_ref": "x-misp-object--49e363d6-17fc-41dc-b434-a102e236ceba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cd847c4f-a667-44d4-ae52-fa50cdda3313",
|
|
"created": "2018-04-17T09:38:28.000Z",
|
|
"modified": "2018-04-17T09:38:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7606e8b5-261a-40ea-99e1-383c9a1c85f7",
|
|
"target_ref": "x-misp-object--a0ebe82c-5513-4e78-9d9c-2b1ee9be03c0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--53e13e10-8b96-49cc-906c-63381cbc4a6b",
|
|
"created": "2018-04-20T09:11:01.000Z",
|
|
"modified": "2018-04-20T09:11:01.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3e803fec-57d0-4a64-bffa-8c406bfa4df8",
|
|
"target_ref": "x-misp-object--1d03fb64-13be-4f35-87e1-ad4700b35b8c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--779506e9-26ba-4d5d-b3d4-90cbdd037b6d",
|
|
"created": "2018-04-20T09:11:01.000Z",
|
|
"modified": "2018-04-20T09:11:01.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1d4884a7-3654-4522-9024-5916811aa592",
|
|
"target_ref": "x-misp-object--b4b37264-5f7b-43ed-9857-782b9d942a9d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b655a041-ee55-4fd4-9b42-bfc06bfac19d",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b5665818-45ad-4e55-872a-d64f9564f57c",
|
|
"target_ref": "x-misp-object--e2c5a4be-2cfe-4eed-8a62-52f5a8918745"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f071a8c5-4ab6-4da9-835f-7ab29e950cc2",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ce15aa39-ec50-4981-8929-3019908b5ceb",
|
|
"target_ref": "x-misp-object--00da20c8-dd00-4c56-bfb0-46add8af6839"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ab47ff73-0973-4272-8a6e-ca6588df7b62",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1c88e6ef-671c-48e1-a0d0-9932be1a8cc5",
|
|
"target_ref": "x-misp-object--452c6b20-11a0-41ca-bc89-a8e7de5f2779"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e9776ba0-80a7-43a2-80c4-073b3ba94aee",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f128ac41-042d-495c-939c-11d3d83d1b19",
|
|
"target_ref": "x-misp-object--05cc5c9e-5cf4-406f-8a8e-c7653cb7dcb5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5c9c1816-6cdb-4742-bab9-b927a24f28ab",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e0f188cf-3ab6-4014-9327-4c09757acf99",
|
|
"target_ref": "x-misp-object--08068585-edc1-40fa-a64d-5080ad1e0311"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c484af95-ddfb-49bf-8a63-33dee07b3422",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--efdd79ca-bfbd-425d-816a-1de5a615d4f8",
|
|
"target_ref": "x-misp-object--ee5376c5-6962-420f-aec1-e6ac03cf5ab3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c044fcc2-5939-4afc-9924-873858cdf1af",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--513cd9b4-6715-4444-81de-c6d9f0a86318",
|
|
"target_ref": "x-misp-object--f7d51df1-5efb-42cb-891d-24f914eb835f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--501fa497-f4bd-42e0-ae37-a580753d586c",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8009eae4-08fe-4674-8c61-3d790fdeb86a",
|
|
"target_ref": "x-misp-object--13ef15ad-c73c-4ae3-b7bb-4827d33f81f3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--191c3ec4-a7f0-46eb-9dfe-4448ce41afe4",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f1f3104e-c6b4-4111-a006-5c69509c7f75",
|
|
"target_ref": "x-misp-object--b7e219d4-82e9-40f3-9812-d833f1c4bf60"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4a42fd96-0a06-44b3-863e-29c3e21c0dfc",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--73ac235c-e3db-4617-a968-47e2ea6f6b8b",
|
|
"target_ref": "x-misp-object--279cd6bd-aa55-47a5-af76-2826253108bc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0843286f-e24d-4602-aeaf-ae072a912f76",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e2119423-0173-4009-b875-e913f911653d",
|
|
"target_ref": "x-misp-object--47f144bd-561a-4e14-b508-d7313f28add9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--95b33020-3b0b-41bf-8508-1d366872aeb5",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--526cfc6f-1c12-422e-89ba-f6de05aab48f",
|
|
"target_ref": "x-misp-object--42544fa3-e8aa-4f6b-8869-2b12571c968f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6732c0b9-2daf-461c-9d18-cebb3be2f3da",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--68952c57-5f30-4f16-b04a-6cadc596e4c6",
|
|
"target_ref": "x-misp-object--0745ebfe-aea5-421a-8e0f-0c298339d924"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--418fb285-d8e3-4282-b494-16bd660b469c",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7d22be2e-b385-4542-bafd-8cda3281f8af",
|
|
"target_ref": "x-misp-object--6c18a448-9381-44bb-b7ba-97b81413fc84"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--98ad2590-0aa5-4646-9843-1e9a88672291",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b0b5debd-236b-418d-8531-a3bca58059e6",
|
|
"target_ref": "x-misp-object--4d5cd1b8-e117-411c-afae-a3d69e619e90"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d1f14654-f236-48d9-b07f-8ba83f40bd27",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--aa497e72-a431-479b-8077-5ac653a7ef21",
|
|
"target_ref": "x-misp-object--451113c2-f016-43ed-a80e-dd42f3b61bf3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c8a53d92-0abf-45e1-9e67-9c71bf6bc326",
|
|
"created": "2018-04-20T09:11:02.000Z",
|
|
"modified": "2018-04-20T09:11:02.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a1283755-9512-4fb4-952b-2f4d65e1281e",
|
|
"target_ref": "x-misp-object--24d66f9a-7b0a-4668-8c5c-6ca6050b9148"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--aafc91f9-0b63-4439-85d6-d1cb939b349e",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9942e1a6-6aff-4d41-9c65-ac96ad725488",
|
|
"target_ref": "x-misp-object--ea2d92b0-2297-4284-9a47-20f003e7649f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7ed29d8d-59f9-4855-bfeb-4bcaa6bea8a6",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ef41bd1f-8663-4df6-a8f0-a32f05ee2929",
|
|
"target_ref": "x-misp-object--c7efea86-38e8-48f9-bbf4-7ed8e0cccd7d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c92afaa9-7902-46c4-84b7-50922697007c",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--40076ee5-8c95-4b32-830d-016ea2cebaf2",
|
|
"target_ref": "x-misp-object--1b50d528-62f5-4f78-9df4-40a2e5a095bd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--03167b56-0c2d-4086-833a-33f3eb444563",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c4ce6a07-a96e-491d-912d-93b9c2853c3b",
|
|
"target_ref": "x-misp-object--35102d8f-3918-45f0-b06f-e56249794342"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fbb26d35-666f-4e47-b2de-26c9407b5556",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f93d9038-ecd3-4445-86e9-3887a797a5b7",
|
|
"target_ref": "x-misp-object--5c3c3c27-41c9-4498-be03-8b7e20ef7a01"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4278a607-18d2-4c1e-bc6b-89cc0c68d140",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4a801296-d29c-4f5f-8b79-cb38789995ae",
|
|
"target_ref": "x-misp-object--b23c1243-8546-43e6-b6ac-bdc9a52e5bd4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c89fdabd-fa5c-4994-a1ee-2882dc243f6f",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c9b13b31-1a5d-4a7e-a46f-d8dea222c73f",
|
|
"target_ref": "x-misp-object--edd1a003-7c62-43a9-a8a4-f00159990874"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d0ee69e3-8490-4474-91bf-9f7af1437c9f",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9766aaf4-2b4d-42a8-b271-07a8430ff750",
|
|
"target_ref": "x-misp-object--9f9e8c03-a143-42d7-b717-70ed7682d916"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--beed884e-b838-4c95-856d-64f0f0b8fdfb",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--de30466c-306a-4ff8-a134-3016bd00c2da",
|
|
"target_ref": "x-misp-object--d77bdd19-aec1-4b36-b72e-1d67bb46e2ee"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5904f154-8950-46b8-8c66-c1de1f1a8569",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--be24abb2-78bb-4d0a-9dff-b8d9d47ac518",
|
|
"target_ref": "x-misp-object--7988c9d7-a714-433c-a302-4a38a99896d7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--641b3fd5-025e-4b04-a7fa-093843a064ae",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ff8766ca-b4b6-4c3d-a8db-7c64fa5d5166",
|
|
"target_ref": "x-misp-object--82da5b6c-dc6e-4612-be44-ee4bbd7a65e8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--25a9c89e-f1f9-43d8-af1e-4c96b4a73a2b",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c33e937c-3313-4bd8-9d42-8a213ad27271",
|
|
"target_ref": "x-misp-object--a9affe73-79d3-46e1-9175-550e62f9d545"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--27d543e8-4189-4968-8b82-af3732a07ec6",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e70ded6-3a06-4520-86d4-77316815da01",
|
|
"target_ref": "x-misp-object--a6d5940d-d687-4031-89c7-d527a7cb1083"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--93b7a7bd-1164-4526-b192-78fc823bc570",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--31abe87c-b601-4581-ba6c-55e716214d8e",
|
|
"target_ref": "x-misp-object--d6f9fda9-bb3e-4a6d-951a-ef2b7b91810b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--71e73acd-52d0-4f10-a44d-4946b7ec7d19",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ea39a79f-3211-4917-8ba8-11798108d030",
|
|
"target_ref": "x-misp-object--36ca324b-a75e-40dc-a318-a368d201799b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--29cf049b-5586-4806-b05d-31b94a7d1346",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ba5fa1e3-8824-42b7-8158-8885efa936dc",
|
|
"target_ref": "x-misp-object--4b6521e7-b216-4bb7-8b2e-d03294f7a176"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6eb54c29-b810-4067-8133-d68ebbf1d9b3",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--049ddb48-7266-48ef-946e-c19acf93d44b",
|
|
"target_ref": "x-misp-object--44a5a106-6496-434f-837c-f4b710cbcfac"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1eb7d282-c8a4-4403-858b-2d00f1cfac1b",
|
|
"created": "2018-04-20T09:11:03.000Z",
|
|
"modified": "2018-04-20T09:11:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--797ea4f5-30c7-40ac-baf6-28db7149f503",
|
|
"target_ref": "x-misp-object--1086f8ba-2d76-4d9b-b26a-5e18c595f194"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6ea340aa-78c6-477b-98cd-16ef0d290481",
|
|
"created": "2018-04-20T09:11:04.000Z",
|
|
"modified": "2018-04-20T09:11:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0ed8ca28-2829-4ca6-ba71-03b2a41bf521",
|
|
"target_ref": "x-misp-object--d249aa60-eb0b-4861-a6b4-87b813998e73"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a5e19476-f53e-445b-ac02-92d058bcd91a",
|
|
"created": "2018-04-20T09:11:04.000Z",
|
|
"modified": "2018-04-20T09:11:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a91eac4f-7259-4a12-8838-2b0f051d6696",
|
|
"target_ref": "x-misp-object--6088b568-f7ad-4a41-a8d8-d4522a466ac9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c4f712e2-476d-4317-a9cd-590cad4c4ca3",
|
|
"created": "2018-04-20T09:11:04.000Z",
|
|
"modified": "2018-04-20T09:11:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e6ea2fd2-8462-4e6f-9a19-cce766827d36",
|
|
"target_ref": "x-misp-object--16acc5bd-90ec-431b-bbca-953b2b06ece8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ba321ec4-0429-4b7a-aef6-140cdf76546d",
|
|
"created": "2018-04-20T09:11:04.000Z",
|
|
"modified": "2018-04-20T09:11:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ecdf5094-5fc6-44c6-8c47-412f3bb5b255",
|
|
"target_ref": "x-misp-object--98a86f21-1cc1-4708-9b3e-74e14dfe7f48"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cdf31a08-ce11-4b36-8a9f-02e50bda3b68",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--77cfb676-5e8d-4566-84e1-4e6817db2990",
|
|
"target_ref": "x-misp-object--f604786f-c9dd-4c19-ab31-aa89044f4a1b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--121c2ec6-f47b-49d7-984f-2c276d273adb",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--96745ec9-e044-4f68-a3cb-383e0fa9f872",
|
|
"target_ref": "x-misp-object--b55b4b48-6ba3-44f3-b8da-903bfd98ea29"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5c5388b0-44e0-4f06-9111-8eb6a8dbd54d",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3f85b4db-24d4-40a8-a7d8-71d30219b53e",
|
|
"target_ref": "x-misp-object--c55b37c5-82e6-4fc8-a929-4118f95504af"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f4ef31f3-f893-4184-a259-0de53aedd081",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1852f268-9a82-42b0-8a9e-d7e52d16abbd",
|
|
"target_ref": "x-misp-object--f6ec3f23-3273-49b5-8dea-910fbcf248b5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8e987c91-a6dc-4467-8e4b-b9a405aaf1f1",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--37bf3b5d-cb41-409f-94e9-f50be725a4af",
|
|
"target_ref": "x-misp-object--f354861e-6452-4a92-a456-69b235657f4d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--036ecc8b-72ca-48cd-bf96-e479ddb2bb97",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--fd71e68d-d005-441d-8ee0-7b5c1812bf8b",
|
|
"target_ref": "x-misp-object--4c74c847-cc7b-492c-87b0-f33694b4c6ec"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e000c227-c7b6-42f7-99e0-1e810bbf0ca7",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--139196f6-be99-47ed-b809-73d2853fa944",
|
|
"target_ref": "x-misp-object--0a753999-8af3-41ac-8ddd-dcc50453ed70"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b1fa69c6-f715-46d4-86a3-ebb771b094cc",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--cc2b374f-3d33-44e7-a28a-aa0e6581036e",
|
|
"target_ref": "x-misp-object--78ef6597-c29d-407c-90da-5c9ac51c0d20"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--387aa0fe-b863-442f-bf82-ebf74d315845",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2b1058c5-64f7-4e3b-a392-29bf82262d28",
|
|
"target_ref": "x-misp-object--d46ebad3-0ea9-4fa6-9449-2ed4fd77bda5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1cf96210-67c2-4374-87a0-c42d0acac5d3",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a2904375-8986-41ef-b6b7-4cafbad88a0e",
|
|
"target_ref": "x-misp-object--dd8685d4-ae68-4e10-9a02-4ff2a38bd092"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1d9dcb16-aa43-4d71-96d4-e19ad35696c6",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--61c11e5f-54fb-43cc-9485-ccf4f7f6c41a",
|
|
"target_ref": "x-misp-object--23867c24-4af9-4a2f-bedc-dda5c1b39c75"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0ea2c1b5-74cf-4aeb-aa01-735238c6392c",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--964d2d64-c17a-4c3e-91bd-80776bc6644f",
|
|
"target_ref": "x-misp-object--6c20a0c5-39a6-49c9-aaf2-9fb0b1938633"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4298125a-670c-4cbf-9134-1116b9b8ba4a",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9393f4f9-b9fc-416b-92bd-4c090307ae39",
|
|
"target_ref": "x-misp-object--f22c7776-6135-4800-9901-5a4de6adee83"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ef5d72f0-f2c7-4735-9aa5-0076a124d315",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c97afdae-f971-4e34-8ce8-c3f0151f6e38",
|
|
"target_ref": "x-misp-object--395fc03d-627f-47dd-a7db-71cf2e558e15"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a0a10d30-8431-4bcd-a0f2-6e1e79884a42",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e1867223-f5e0-4877-a819-9612307f3867",
|
|
"target_ref": "x-misp-object--c3feebd9-263b-4900-a98c-8bec8b9440f8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--eaca633b-48ca-4b15-855b-fd5e81408a16",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b805ea51-f04a-4f6a-8ecf-c9ec51fa83cb",
|
|
"target_ref": "x-misp-object--15222292-8bfb-4e86-91fa-b0e4ec0adc58"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2cb1753c-71bb-488f-aa08-8bffd52c92b5",
|
|
"created": "2018-04-20T09:11:05.000Z",
|
|
"modified": "2018-04-20T09:11:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--eb42f6f1-2c60-490e-8e04-79cdc4144a37",
|
|
"target_ref": "x-misp-object--8c0ecebc-54db-4732-b8e6-8a3e388aadaf"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--42d04483-2802-4ecd-b737-e5f5877d960d",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7967e5b8-00eb-4320-9412-e01a082c07ec",
|
|
"target_ref": "x-misp-object--7300f602-1abc-44a4-9093-a7e2165d7a91"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--be4a4a33-f2e2-4697-aa87-a4a23e832b8d",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6007d8cd-f034-477a-9e08-2fd715e5e884",
|
|
"target_ref": "x-misp-object--27e7462f-edef-4bff-b8fc-d526b1399b40"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9f1e59ab-22d8-40e7-baa9-6f2322268cd6",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--04a6579c-e5e5-4b9f-8941-c896ddbea402",
|
|
"target_ref": "x-misp-object--3c579ecb-1bdd-491f-bcae-9aeb77253f1d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d8d93dc5-28e9-46c5-9114-b8b3841e95b2",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--95c00602-db58-40f5-91c5-3b5abeb62f34",
|
|
"target_ref": "x-misp-object--5ef6db2d-f867-495b-9515-aee0b0c69572"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2beda80b-6ffc-42c2-bb0f-c201a98a441c",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--927a32d1-3581-4660-a7cb-b3b983b1d2b6",
|
|
"target_ref": "x-misp-object--f5e79c89-6ae1-40b3-8d64-7ccc44962818"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--13ffac55-54d2-407e-9109-09bc23295222",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--33ada061-a11c-4b80-bfe1-2a219c8b4216",
|
|
"target_ref": "x-misp-object--4d75191a-9322-46a4-8bb1-28edd400300e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2a2b90f6-bc84-49b8-9611-97b5525c6d49",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--231da622-eca5-46f9-8b3d-7a60271bbf5a",
|
|
"target_ref": "x-misp-object--d8b83106-c718-4884-bc69-e1ec3157b231"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--20be3246-0f68-41c2-b482-15efb2610558",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--900b2299-4d91-4311-8eb6-3d8dcde3c53e",
|
|
"target_ref": "x-misp-object--ba9454c8-868b-4c61-99a5-7f1c6eaba02e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4c7b36c6-1c68-4a2b-9563-5158d92fca26",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--123260f2-c093-487a-8da6-0a38a26956b0",
|
|
"target_ref": "x-misp-object--52bb8f52-813c-42b9-b810-935626ee2a80"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a42f8342-d8f4-4f34-a4ab-f4529c8fa280",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b9967b9a-c9d0-48cf-8c84-d7527995794e",
|
|
"target_ref": "x-misp-object--bf02e3cf-264a-406b-bafe-860ff8d96eae"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--551cb2e4-4a0a-4fb6-80c1-476942b84f49",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1aa193f1-c768-4a16-a2cb-0c0381dba191",
|
|
"target_ref": "x-misp-object--6bd8fb6f-dd9f-4d3f-aa56-e4c18e904991"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ae9619ae-f8dc-437c-8965-459b5b54b9b8",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--67459c2e-6974-4168-a4bb-0c94041b7a1c",
|
|
"target_ref": "x-misp-object--d2ae4a97-361c-42ac-90f2-42867b1bec12"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--627a8610-342b-4c48-a199-9d61bc471af4",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7ee2136a-174e-41ca-8e77-c55b330a2d7d",
|
|
"target_ref": "x-misp-object--4dcb2323-6adc-4e6f-9a4c-4da633df6bfa"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cfd52477-3fed-4f72-b74a-9f971e528b2d",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a558cc1a-df6e-4ddd-bd8c-694a27a2e298",
|
|
"target_ref": "x-misp-object--ff7f2a21-2be3-447a-9137-7fd1eb8a7100"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--09d96cbb-8652-45ef-b6d1-8e49bb4d1f2e",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--966e7ca9-3fb4-4d2a-8c16-b8911848b40b",
|
|
"target_ref": "x-misp-object--6b683fae-c19a-4048-a4df-87877482042a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--51e168bb-1d10-4611-9987-b50f83be1eb6",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--871505a5-67b3-4e0e-a061-771e9e689bf3",
|
|
"target_ref": "x-misp-object--da838904-52a0-4aba-a34c-444c519ca9e9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4f2c219d-f8d1-4af7-a269-c3442c8f28c9",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b1c027bf-e678-4107-9332-782883a20df5",
|
|
"target_ref": "x-misp-object--e18d455e-9797-4cfd-bc4e-7f58784671eb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8acc8015-fb95-420b-ace5-c68a5fe01968",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2eaac486-82b0-49c2-8dc7-c0e0d1334bc5",
|
|
"target_ref": "x-misp-object--4880b0ee-33df-4e81-8a32-8f53fabe84e0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--52670aff-e09a-49a1-93ef-7022382e0c82",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f74b8766-0e2c-48dd-97fe-7a6bcbd3683f",
|
|
"target_ref": "x-misp-object--d5e5151a-6fe7-4aea-8c1b-f384641f3de1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7ffb8561-3805-4e3a-8715-fc09beb622ec",
|
|
"created": "2018-04-20T09:11:06.000Z",
|
|
"modified": "2018-04-20T09:11:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e508395-c56b-44f3-8d8f-c27378c24948",
|
|
"target_ref": "x-misp-object--91d65c73-3c78-4c78-9b43-04795a21d2dc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a5049574-321b-4205-8791-8b02ae5129b2",
|
|
"created": "2018-04-20T09:11:07.000Z",
|
|
"modified": "2018-04-20T09:11:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ce1148cb-ccbb-4534-a264-987b0a02387e",
|
|
"target_ref": "x-misp-object--7b05f522-f1e9-4890-b0bc-3dcbcd58388e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--83809770-e294-4958-b2e3-4b114ba8176d",
|
|
"created": "2018-04-20T09:11:07.000Z",
|
|
"modified": "2018-04-20T09:11:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8ed19c62-1efa-47b5-bd86-5ce3ea96eea3",
|
|
"target_ref": "x-misp-object--ba0df232-2b85-4c6e-ad5f-0bf6e12cc26a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3098cbcc-e939-40e9-ae87-c5d0aedbe623",
|
|
"created": "2018-04-20T09:11:07.000Z",
|
|
"modified": "2018-04-20T09:11:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c750f8a8-1526-41bf-9e8c-3ac273664df7",
|
|
"target_ref": "x-misp-object--1d1ce1a4-cf6c-4dee-83fd-c67c479b0e7b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3aca9ea7-756d-4e96-a601-a1ccd29d2183",
|
|
"created": "2018-04-20T09:11:07.000Z",
|
|
"modified": "2018-04-20T09:11:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0b93c146-e37e-43df-8900-5c0faf08a5f5",
|
|
"target_ref": "x-misp-object--066ffd6c-1f8a-4876-b8e7-4c6c950c58d8"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |