adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/b6ae21ad-670a-4c81-a61f-78d76ae3bdfa.json

2701 lines
No EOL
120 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--b6ae21ad-670a-4c81-a61f-78d76ae3bdfa",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-15T12:52:45.000Z",
"modified": "2023-12-15T12:52:45.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--b6ae21ad-670a-4c81-a61f-78d76ae3bdfa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-15T12:52:45.000Z",
"modified": "2023-12-15T12:52:45.000Z",
"name": "The Golden Tax Department and the Emergence of GoldenSpy Malware",
"published": "2023-12-15T12:52:57Z",
"object_refs": [
"indicator--525ac4e2-92ac-446a-8130-0dfbe5ac0ede",
"x-misp-attribute--7cf786d3-1687-4276-a71e-03a00f8c527f",
"x-misp-attribute--9870518f-225b-4215-b9c6-6ef8a6a250cb",
"x-misp-attribute--8768e6c6-c703-48a6-9001-77aba7921f96",
"x-misp-attribute--e85e5781-0cb7-48fe-b710-26e2c3c6bca4",
"x-misp-attribute--865b179b-37d2-4c6d-b43a-8bcaba2ffb6c",
"indicator--c2cb668d-ecf5-4b02-8945-809e70013f93",
"indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"indicator--69e13243-e7e0-4726-a10a-01fd046ded89",
"indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"indicator--83c0441c-7262-46b2-b3e0-242171581ba0",
"indicator--99bd5142-86d7-44d9-a1b9-c214a5eb64f9",
"indicator--a1913402-5d6f-4fd1-b158-17c06372b82e",
"indicator--a061ac22-6146-43e0-b80a-1242186ce324",
"indicator--30195ad0-624f-4596-9d38-f297186985f4",
"indicator--e1b6ab63-47f0-4397-9ec5-d4db06cc1b0f",
"indicator--2e14ffc4-b52c-462c-b75c-5769dd873b3c",
"indicator--91755780-edb5-4184-a85a-8038b21037a9",
"indicator--d42c7cfa-02c3-417a-8fda-d78beedcb5be",
"indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"indicator--9a2b3b20-3490-4963-8e55-8a78269c262c",
"indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"indicator--2c00384b-57eb-4d4a-8261-7b29f2fd8f11",
"indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"indicator--67afd357-6025-414b-951f-8d5fd7c2393c",
"indicator--a0cb4750-bc13-48ad-b4c7-0e088f5fe571",
"indicator--56181b68-145d-4240-bdc9-ab7b8bcba590",
"indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"indicator--55b1382d-9f32-4276-89fe-2e7266944439",
"indicator--3320cfa3-936e-41ef-9c53-d63c110b20c5",
"indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"indicator--bf153833-d88e-4154-8d50-4ac02ad8296a",
"indicator--55c42baa-eda4-4bcd-b58f-0d4ae5e46465",
"indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"indicator--fc241f3d-1a7a-4f8f-a5b9-2e14e74252aa",
"indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"indicator--5c497b29-bca4-4702-ae5e-a8df8e26165b",
"indicator--288d3f46-333a-400f-b20d-8e742292776a",
"indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"indicator--ef75e372-c372-416a-bc51-c54fd64cc47c",
"indicator--a2571d1b-5251-49d6-a06a-6b2cd55c33fe",
"indicator--0c820525-3995-48df-b0f7-29543d3bb91e",
"indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"indicator--d6f1a0e7-5a66-48a0-a6ed-597558d2b5f3",
"indicator--47df59a7-8382-486b-8de2-2745eaad8bcb",
"indicator--eb8e2be7-0f90-4150-a98b-b00ea054991a",
"indicator--d1f42381-a3f9-43ac-bd4a-0af2049dc70d",
"indicator--57a4955c-6c61-494c-9c18-b6b144cfcfae",
"indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"indicator--354eb109-0414-4137-bc65-273dead6fd36",
"indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"indicator--81f03e90-ce30-4ba2-b79c-a142e06c1323",
"indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d",
"indicator--51b9a083-6bb7-453e-a3d1-70137283f004",
"indicator--29908be1-f56d-4e97-9892-8830c9d29241",
"indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297",
"indicator--f36ce21a-4c59-4731-9929-1af4ff97f21f",
"indicator--8e56f0cf-4efb-4ce4-9de0-61467c133f58",
"indicator--858c9869-c1a4-46a1-9075-cd11ead979ef",
"indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"indicator--499f7525-508b-463d-8124-ba263c1727a5",
"indicator--8bd144dd-eea0-448e-87c0-67a556c36700",
"indicator--3f3839ec-a575-4603-a292-fab98e7c6038",
"indicator--657df46a-50d1-4010-b30a-a7f64574e0d9",
"indicator--fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f",
"indicator--98843b28-2cbc-4195-aced-0460e2b8d8b6",
"indicator--76062895-7556-47cf-9bb4-f02dd5d7ac09",
"indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"indicator--f0f1cf7c-3ca1-4fb3-9dd3-f25340b7f3b8",
"relationship--be503b47-4c40-4d5a-9bf2-cb595d2056f3",
"relationship--9886eded-debc-473e-af59-e31c9c8e412d",
"relationship--32d6d97f-1d9c-4fde-bf85-fbf789d00cb7",
"relationship--1d082aa9-2ce1-4a58-99ae-816aa7039bd4",
"relationship--64f817ec-c3e1-4228-9cbf-f42cdd030576",
"relationship--696b9fda-97dd-4d59-9d08-a2b0440b8735",
"relationship--14959ec6-f571-4305-a3e7-0f70a7e9e7dd",
"relationship--cf31e7f6-8dd7-432b-9088-c389c69a05ca",
"relationship--78df4cf5-9553-440b-be68-7b5b209e40c2",
"relationship--da1b2e40-8a60-4d89-a1f1-b1d1804c0a63",
"relationship--0380e673-740d-4a5f-a0c6-cbbee8847c0c",
"relationship--44ab6186-8a15-49ce-931d-3e5566851a58",
"relationship--f3c6257d-7a28-4810-a5a8-c867b57f51c1",
"relationship--dde83e5d-befa-41a8-8a33-61f5558b21e0",
"relationship--c44c6b36-5f8a-42ba-a6ad-b21a12e96a2a",
"relationship--7944d7ce-bee8-4dd7-9204-6304f237f68e",
"relationship--7b78d5fb-3671-45c5-b072-12103b2451aa",
"relationship--9489b4a1-ae0d-4f6a-8d30-fd6b3bdcea9a",
"relationship--80b2ecdc-8381-4c7f-a9f4-7d3e95e20bd6",
"relationship--3e6fa74d-aa99-4a01-b1e4-490f85660f53",
"relationship--53cc8c93-b97f-4636-aa8e-4b6b5a3aeef0",
"relationship--48aad818-5cc0-445e-b9de-f2687307fed2",
"relationship--27cfa542-e1a5-4ec2-83a0-fe531cb1b3ee",
"relationship--31e83f22-0a92-4c54-ad25-ce68f39f101a",
"relationship--ebbcb1a2-68f8-4daa-9fb5-67ec24cac20c",
"relationship--f63a9657-fd26-4e5a-ae98-5e4e04d07f9c",
"relationship--ff7ba80d-8af2-4e99-8ca7-dae72cd01893",
"relationship--94406a5e-e6fc-4024-a054-c89c3f1029f2",
"relationship--b7ef2aee-c8d1-4988-b8e2-13515e11f897",
"relationship--ccfdec3a-133f-43f8-a97d-75fac74a2006",
"relationship--29d34333-d544-46bd-95d1-4e57128f9889",
"relationship--9491fede-f8ec-4c10-b683-29423978adc9",
"relationship--ae6b8e1b-ccf6-4715-bfe9-4363e56fe308",
"relationship--fb434e57-8e34-4cdc-80c8-7e8c2fcccda0",
"relationship--1af68db5-8de3-48b7-82cb-fe091512fe0b",
"relationship--ee1cafda-1e3e-49b6-ab6b-1d7311d0581d",
"relationship--8f5faf4b-8fe9-478f-820f-7c3c40a21605",
"relationship--206e4984-9d19-43c7-a49c-716cf173c58b",
"relationship--21dce366-595e-4f85-9d21-fc402ff2b0d7",
"relationship--4213776f-80b4-4966-9c53-be4818581c18",
"relationship--3c6e359b-e6b0-4d4a-ac94-34e7b13e11be",
"relationship--dd8870e1-f8b1-4224-bd02-593ec917a351",
"relationship--491d4496-7f03-46b4-9fae-12fd97cef4b6",
"relationship--822fa251-1e52-4df9-b84f-384ea95a702d",
"relationship--719a6eef-b77e-494a-aa82-47d9912091bd",
"relationship--7a83c624-7dc9-4680-be9e-6fbcfcae49fb",
"relationship--38174bb5-534e-4c38-b435-621706f0e85d",
"relationship--ead4fb7f-b46c-48db-8f8c-bfa71e0c04b2",
"relationship--6638bf51-745d-43eb-b63c-c326bd6091d4",
"relationship--69b86595-9fdb-4515-b372-8e1a64d5ff8a",
"relationship--cf1abb24-b2f3-40d4-92ab-29e46eaf3484",
"relationship--c60b8722-ed43-4e2b-a5a9-a68790d11524",
"relationship--b16a5194-6d58-478a-83f8-271dfe92cd02",
"relationship--1b6cb2dd-0d1b-47c9-93af-fc15423f7160",
"relationship--b75b14a3-d9e5-401f-bfdc-214dd733b7f5",
"relationship--70c7a913-437d-4f5b-a01a-08ecc1ef1865",
"relationship--932101d8-541e-4cd6-8d8f-47ee0f8c5c75",
"relationship--caf71246-f0ed-404d-b1a0-212b499f3f81",
"relationship--81bf3bf4-c446-4dda-ad84-3548738ba254",
"relationship--93398eab-4793-46b9-882b-a1d8adfaf4bd",
"relationship--b5c23664-e5d1-4621-a0da-588652ef22cb",
"relationship--4baeddb4-c666-49ad-9d8f-a0e53885dd72",
"relationship--603905e7-829b-443c-931c-fd05d267ad47",
"relationship--458bd35f-ad6c-4290-a1ad-da4ab27c905c",
"relationship--3c9dedc9-47dc-4f54-84ce-021e2d78a1f3",
"relationship--30052da1-d287-4002-bf60-972ca34ec27d",
"relationship--6d2e9d27-2a3f-45f1-984e-dc3b48df6ea1",
"relationship--fe68fee5-9df7-4c18-b3c9-90436163aa9b",
"relationship--787fc788-b808-4055-b4ef-05fab5a0a8f3",
"relationship--081c60ab-0c8c-4f2c-9c23-c97264a325b3",
"relationship--f656fec9-8182-40be-a254-47f8f856bd4d",
"relationship--3c3a48bd-0950-4de3-9cc4-869ef2c935ed",
"relationship--27e5b510-3773-4eea-b3fb-79ab4d9b1053"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"tlp:clear",
"misp-galaxy:country=\"china\"",
"misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--525ac4e2-92ac-446a-8130-0dfbe5ac0ede",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-07T13:34:30.000Z",
"modified": "2023-12-07T13:34:30.000Z",
"pattern": "[url:value = 'http://upgrade.i-xinnuo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-07T13:34:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--7cf786d3-1687-4276-a71e-03a00f8c527f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:10.000Z",
"modified": "2023-12-12T08:05:10.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Ports used for svm.exe network traffic.",
"x_misp_type": "port",
"x_misp_value": "9005"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--9870518f-225b-4215-b9c6-6ef8a6a250cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:12.000Z",
"modified": "2023-12-12T08:05:12.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Ports used for svm.exe network traffic.",
"x_misp_type": "port",
"x_misp_value": "9006"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--8768e6c6-c703-48a6-9001-77aba7921f96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:18.000Z",
"modified": "2023-12-12T08:05:18.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Used by updater service to request a link to download svm.exe.",
"x_misp_type": "port",
"x_misp_value": "9002"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--e85e5781-0cb7-48fe-b710-26e2c3c6bca4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:33.000Z",
"modified": "2023-12-12T08:05:33.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "While we didn\u2019t observe this directly in our analysis, there are indicators on public scan sites that svm is downloaded over this port in some circumstances.",
"x_misp_type": "port",
"x_misp_value": "8090"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--865b179b-37d2-4c6d-b43a-8bcaba2ffb6c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:45.000Z",
"modified": "2023-12-12T08:05:45.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "WebSocket established by Golden Tax software on installation.",
"x_misp_type": "port",
"x_misp_value": "33666"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:44:17.000Z",
"modified": "2023-11-28T12:44:17.000Z",
"pattern": "[domain-name:value = 'www.ningzhidata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:44:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:44:27.000Z",
"modified": "2023-11-28T12:44:27.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '223.112.21.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69e13243-e7e0-4726-a10a-01fd046ded89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:45:01.000Z",
"modified": "2023-11-28T12:45:01.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '42.56.76.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:45:22.000Z",
"modified": "2023-11-28T12:45:22.000Z",
"pattern": "[domain-name:value = 'ningzhidata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:45:36.000Z",
"modified": "2023-11-28T12:45:36.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '49.232.156.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:45:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--99bd5142-86d7-44d9-a1b9-c214a5eb64f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:53:25.000Z",
"modified": "2023-11-28T12:53:25.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '59.83.204.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:53:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1913402-5d6f-4fd1-b158-17c06372b82e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:53:33.000Z",
"modified": "2023-11-28T12:53:33.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '124.152.41.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:53:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a061ac22-6146-43e0-b80a-1242186ce324",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:22:01.000Z",
"modified": "2023-11-30T09:22:01.000Z",
"pattern": "[file:hashes.SHA256 = '534da7cf722968de28eceff23e2924e180bf2c59f3852fb58a4653f8a54fa69a' AND file:x_misp_compilation_timestamp = '2020-03-27T02:53:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:22:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--30195ad0-624f-4596-9d38-f297186985f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:37:13.000Z",
"modified": "2023-11-30T09:37:13.000Z",
"pattern": "[file:hashes.SHA256 = '6366f009e4c0303d7f5ba0bb6a529039618ff8715972713c3b6645d1aef3d4c1' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1b6ab63-47f0-4397-9ec5-d4db06cc1b0f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:37:34.000Z",
"modified": "2023-11-30T09:37:34.000Z",
"pattern": "[file:hashes.SHA256 = '68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202' AND file:x_misp_compilation_timestamp = '2020-03-27T02:53:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e14ffc4-b52c-462c-b75c-5769dd873b3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:38:20.000Z",
"modified": "2023-11-30T09:38:20.000Z",
"pattern": "[file:hashes.SHA256 = '323d0cf9ac1c750761f66482154dbd3144dae7336c955a4576cb4cce6438a6ba' AND file:name = 'dgb.exe' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91755780-edb5-4184-a85a-8038b21037a9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:39:09.000Z",
"modified": "2023-11-30T09:39:09.000Z",
"pattern": "[file:hashes.SHA256 = '67316d574d0e05549bf314b4764842e2b598f2ffae1ac82123b3dd592f605751' AND file:name = 'svm.exe' AND file:name = 'svmm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:06:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:39:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d42c7cfa-02c3-417a-8fda-d78beedcb5be",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:39:44.000Z",
"modified": "2023-11-30T09:39:44.000Z",
"pattern": "[file:hashes.SHA256 = 'a8169c566bf4566c6c4ba98ce7f9ecf143ae6c21dc0d7b15779c936e1ff60269' AND file:name = 'svm.exe' AND file:name = 'svmm.exe' AND file:x_misp_compilation_timestamp = '2020-04-07T08:44:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:39:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:09:46.000Z",
"modified": "2023-12-05T13:09:46.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '20932b2151de5f0dc5c1159fbc1d2d004f069bb04d32d66dc7fa5b7b9eac1aa7' AND file:name = 'svminstall.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:09:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a2b3b20-3490-4963-8e55-8a78269c262c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:04.000Z",
"modified": "2023-11-30T13:44:04.000Z",
"pattern": "[file:hashes.SHA256 = '2878ad6d386bc3fd9f0625195a3a60fc5056ff7ff24e57cf466e54af07d0217e' AND file:name = '0750e344e12de0b653de4e7d600d00c2.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:37:35.000Z",
"modified": "2023-12-05T12:37:35.000Z",
"description": "Zip archive containing malicious code",
"pattern": "[file:hashes.SHA256 = '2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190' AND file:name = 'svminstall.exe.zip' AND file:x_misp_compilation_timestamp = '2020-05-07T22:21:26+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:30:05.000Z",
"modified": "2023-12-05T12:30:05.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '39b914c8064becf3df1df39b0517bda05371e90b8b5fe15aad275faac634876f' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:12:24+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:30:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c00384b-57eb-4d4a-8261-7b29f2fd8f11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '3b63900e56a7eccee43d42a77fcb6d7834943f5236adae063abe32111f35152d' AND file:name = '71f7e61c2686b4bc1d67745e859b3ca1.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:32:21.000Z",
"modified": "2023-12-05T10:32:21.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3' AND file:name = 'SVMV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:32:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:31:40.000Z",
"modified": "2023-12-05T10:31:40.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376' AND file:name = 'IDG-MINZONGV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:31:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67afd357-6025-414b-951f-8d5fd7c2393c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '5246fc50cce0b3492939a169082eebfde63c9ebc312267eef6d1bb47b44c44aa' AND file:name = '392b5b60444fa9e27c1de9d977ec9248.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0cb4750-bc13-48ad-b4c7-0e088f5fe571",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '55429a6085d50782be52bb2150cfabecfdaa4eb843350399c3cf88a9ab9fa4c1' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:11:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56181b68-145d-4240-bdc9-ab7b8bcba590",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '561f89c566af35a90ae19285177cedaae3a0cbd7c8d415c57766e7988503c686' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T02:53:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:31:29.000Z",
"modified": "2023-12-05T12:31:29.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '77ee7b0a10f3c0ab08c1b1f88ceb0dd979e9c2fee17ac5fd14c9ce27002f6078' AND file:name = 'IDG-FEILONGV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:31:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55b1382d-9f32-4276-89fe-2e7266944439",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '7bf45c75dca3362331d5a9a116bf9c7a52e1352905a5dee66f0cf123acc461b2' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:17:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3320cfa3-936e-41ef-9c53-d63c110b20c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '817887f4e977443cb446579f080ae848a2235b79f8c174e7201cebf62e9ccd94' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:01:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:48:11.000Z",
"modified": "2023-12-05T12:48:11.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '853ef8130b50e9fce5f7575afc04374de0232fa5fe6b7b4d97fda7bf17ec58c9' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:06:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:48:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf153833-d88e-4154-8d50-4ac02ad8296a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = '862115c6d8d6e6addeb408c45ac0a7f8a25126d5ccca6d9356143a7a683c009d' AND file:name = '7bc6b5c6da04a231f5fa011944ce5a31.virus' AND file:x_misp_compilation_timestamp = '2020-03-23T13:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c42baa-eda4-4bcd-b58f-0d4ae5e46465",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = '8b0e1be70409238e7577429df3eaa84a6b12f36d9dbb6e47607f7fc354ddb961' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T02:51:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:52:02.000Z",
"modified": "2023-12-05T12:52:02.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '98b5320e7464fc69b12eb626b6336604efcbf6502adc38c77f6db41666da9dd1' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T02:24:01+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:52:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc241f3d-1a7a-4f8f-a5b9-2e14e74252aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'a44e6b87dc1165c4c6839554dd412e98fade0a7e7c6341b9d44c0ee0dd034160' AND file:name = 'cce1df224e63ff1aab5f74e2fb1559e3.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:13:18.000Z",
"modified": "2023-12-05T13:13:18.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'a6e9d6c145668c4fc6e6dbd3d1fe4bc394211d9c09d31c12730ceddf3e5056be' AND file:name = 'svminstall.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:13:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c497b29-bca4-4702-ae5e-a8df8e26165b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'af120f411c2c1f3ec52516006a25c734a5a0e4952c3eb942ad99858420c9135e' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-04-07T08:44:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--288d3f46-333a-400f-b20d-8e742292776a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:32:40.000Z",
"modified": "2023-12-05T10:32:40.000Z",
"description": "Zip archive containing malicious code",
"pattern": "[file:hashes.SHA256 = 'afcc4ccc4ac0f1eaded6fc2ea704f4e9650942fc317728150676de3af19fb72d' AND file:name = 'svminstall.exe.zip' AND file:x_misp_compilation_timestamp = '2020-05-14T01:29:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:32:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:55:12.000Z",
"modified": "2023-12-05T12:55:12.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'afe2bcd5cb2de6349329c42631bfbbdba46d672f6dc515a5bee63cb4265e49f8' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:17:53+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:16:44.000Z",
"modified": "2023-12-05T13:16:44.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'b67913449618756dcc815a242a270257cce4d5ae71911bb6716bdecc2f1c0c7f' AND file:name = 'svminstall.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef75e372-c372-416a-bc51-c54fd64cc47c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'b6982fe4ab882cfdcba091c6617b9d279a9bcfd3e28a76d5fb2c0cdfc0c23064' AND file:name = '126599da0c79ce196c960d0ba28aacda.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:17:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2571d1b-5251-49d6-a06a-6b2cd55c33fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'c12e099fb5e825be513c75cff8b4f064b9d4ea8435bab254d69e126b74959372' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c820525-3995-48df-b0f7-29543d3bb91e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'c4fc73dbfc0d61a0a60239971225321b882af5923babf26c324726b80db612a2' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:06:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:32:12.000Z",
"modified": "2023-12-05T10:32:12.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'c5c5e59bb18bad1427714d0007b676e658d8e08faf5a0632ed88912f5816d525' AND file:name = 'IDG-NJCKV1.0-20200320.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:32:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6f1a0e7-5a66-48a0-a6ed-597558d2b5f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'c9d1ec32df1b134aa809bc8b3ad475b690347294693f6c5b65ab1df94fa4d1fd' AND file:name = '433F8727.vsc_svm.exe_archive_level0_1_NSIS.unc' AND file:x_misp_compilation_timestamp = '2020-03-23T13:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--47df59a7-8382-486b-8de2-2745eaad8bcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'ce3d64f8ad4dcbbf5324e05c81a716c5d2493e149edafbc5cb73c01836bea5f2' AND file:name = '8497a9301e74d3611c2df3e3c0ea24f4.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb8e2be7-0f90-4150-a98b-b00ea054991a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'd41081969a212dec0ca623d848fb51907d8cdb1cb7bd86e1354e3041052858fb' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:11:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d1f42381-a3f9-43ac-bd4a-0af2049dc70d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'e0e7b4f6878483bdc8c3e01d4daa11c71e61385e85a6eaa2be8fec04d250b74e' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:16:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a4955c-6c61-494c-9c18-b6b144cfcfae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'e8118cb2941c0421a2f6942919f8541b5fab348e2334102eab8654d2c4bff8ed' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:16:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:41:45.000Z",
"modified": "2023-12-05T13:41:45.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'f21623311a947d8a9f2dd05c098f45c3ef12be3cbf79fb49659e5bfc1588cdfe' AND file:name = 'IDG-NINGZHIV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:41:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--354eb109-0414-4137-bc65-273dead6fd36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'f89e898ea40e10901c0c9f9100f269a227323ace1f7248293bfd57982dea1a67' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-23T13:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:03:09.000Z",
"modified": "2023-12-05T13:03:09.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'ffbeaa5947fc467fce27c765a4e8dc08e45c8ca13e583f5271b19e944e0cb8e3' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:03:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81f03e90-ce30-4ba2-b79c-a142e06c1323",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T14:24:52.000Z",
"modified": "2023-11-30T14:24:52.000Z",
"pattern": "[domain-name:value = 'download.ningzhidata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T14:24:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:31:18.000Z",
"modified": "2023-12-05T10:31:18.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '3b8761d2e19bc5185f55cc2f575bbe54a45a52fc1c8650a60f1bd13e01e24655' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:31:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-13T09:30:40.000Z",
"modified": "2023-12-13T09:30:40.000Z",
"description": "Installs the tax invoice gatherer, running as a service",
"pattern": "[file:hashes.MD5 = '39393db9ff05b587ef42ae6340f03a85' AND file:name = 'XYRZSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-13T09:30:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-13T09:33:18.000Z",
"modified": "2023-12-13T09:33:18.000Z",
"description": "Installs the plugin manager \u2013 plugin.exe and mplugin.exe and also downloads the backdoor installer svminstall.exe",
"pattern": "[file:hashes.MD5 = '84ff122838c0da5ab5ddcaa8f45f7011' AND file:name = 'PluginSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-13T09:33:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:44:28.000Z",
"modified": "2023-12-08T10:44:28.000Z",
"description": "PKCS11 Library",
"pattern": "[file:hashes.MD5 = '7b8d8a81b32209a80fb974cf89697116' AND file:name = 'libp11.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:44:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--51b9a083-6bb7-453e-a3d1-70137283f004",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:44:38.000Z",
"modified": "2023-12-08T10:44:38.000Z",
"description": "Configuration file",
"pattern": "[file:hashes.MD5 = '2d9427f26131249333c60139d0995f88' AND file:name = 'serverjsp.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--29908be1-f56d-4e97-9892-8830c9d29241",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:49:41.000Z",
"modified": "2023-12-08T10:49:41.000Z",
"description": "SQLite Library",
"pattern": "[file:hashes.MD5 = '7593a2422d0ea17fac214af4a1efa194' AND file:name = 'sqlite3.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:49:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:50:07.000Z",
"modified": "2023-12-08T10:50:07.000Z",
"description": "SSL Library",
"pattern": "[file:hashes.MD5 = '3cb5a5dc5701c2961742bdb05a43c6d0' AND file:name = 'SSLeay32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:50:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f36ce21a-4c59-4731-9929-1af4ff97f21f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:50:17.000Z",
"modified": "2023-12-08T10:50:17.000Z",
"description": "Program uninstaller",
"pattern": "[file:hashes.MD5 = '8d5692af55e44e471a27a0fc401ac6ba' AND file:name = 'uninst.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e56f0cf-4efb-4ce4-9de0-61467c133f58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:50:59.000Z",
"modified": "2023-12-08T10:50:59.000Z",
"description": "Tax Invoice Gatherer and Uploaded",
"pattern": "[file:hashes.MD5 = '52a64ae155ef5ec37966e787ab1678a2' AND file:name = 'xyrzsvc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--858c9869-c1a4-46a1-9075-cd11ead979ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:51:13.000Z",
"modified": "2023-12-08T10:51:13.000Z",
"description": "SQLite schema",
"pattern": "[file:hashes.MD5 = 'cf9933a40f9a348b412da0953a7de6f3' AND file:name = 'Aisino.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:51:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:51:55.000Z",
"modified": "2023-12-08T10:51:55.000Z",
"description": "Public Key Cryptography Standard",
"pattern": "[file:hashes.MD5 = '696721fb92e109010b03304fda0c960f' AND file:name = 'CTptkcs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:51:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:52:17.000Z",
"modified": "2023-12-08T10:52:17.000Z",
"description": "Tax Card Code Library",
"pattern": "[file:hashes.MD5 = '7c348eac40b9dbf6bd52db2985abee42' AND file:name = 'JsDevInfoDll.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:52:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T10:53:09.000Z",
"modified": "2023-12-12T10:53:09.000Z",
"description": "is a setup file that installs the electronic signing application. The program and component files are installed under the folder %ProgramFiles%\\Signtool",
"pattern": "[file:hashes.MD5 = '04f100f771ed8dd238fdf41a0f85977a' AND file:name = 'SignToolSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-12T10:53:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8bd144dd-eea0-448e-87c0-67a556c36700",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:14:21.000Z",
"modified": "2023-12-08T13:14:21.000Z",
"description": "HELP file",
"pattern": "[file:hashes.MD5 = 'b94c7fc5528f5e233a9900991c7757ca' AND file:name = 'help.pdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:14:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f3839ec-a575-4603-a292-fab98e7c6038",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:21:34.000Z",
"modified": "2023-12-08T13:21:34.000Z",
"description": "CURL Library",
"pattern": "[file:hashes.MD5 = 'b672963bb8fc75b7c122082b5e567058' AND file:name = 'libcurl.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:21:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--657df46a-50d1-4010-b30a-a7f64574e0d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:24:24.000Z",
"modified": "2023-12-08T13:24:24.000Z",
"description": "OpenSSL Library",
"pattern": "[file:hashes.MD5 = '0852402f8f75c9a75a74114af75f34c5' AND file:name = 'libeay32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:24:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:59:09.000Z",
"modified": "2023-12-08T13:59:09.000Z",
"description": "QR Generator Library",
"pattern": "[file:hashes.MD5 = 'f8246f3e4391c50c53c2417b9fea3a33' AND file:name = 'QRGenerator.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:59:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98843b28-2cbc-4195-aced-0460e2b8d8b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T14:12:46.000Z",
"modified": "2023-12-08T14:12:46.000Z",
"description": "Electronic contract signing tool and document file uploader",
"pattern": "[file:hashes.MD5 = '05b0e15a989182e97e6068344840406f' AND file:name = 'SignTool.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T14:12:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76062895-7556-47cf-9bb4-f02dd5d7ac09",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T14:41:23.000Z",
"modified": "2023-12-08T14:41:23.000Z",
"description": "this executable file monitors and makes sure that plugin.exe process is running. When plugin.exe is terminated, it will respawn it. It also checks tax software update from the host: http://upgrade.i-xinnuo[.]com",
"pattern": "[file:hashes.MD5 = '946945ee4555fc7f7aced80904fe802f' AND file:name = 'MPlugin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T14:41:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T10:25:52.000Z",
"modified": "2023-12-12T10:25:52.000Z",
"pattern": "[file:hashes.MD5 = '85223e82337f409697b951207a2d91e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-12T10:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T09:07:39.000Z",
"modified": "2023-12-12T09:07:39.000Z",
"pattern": "[file:hashes.MD5 = '8ecc9a53cc99bde757df9e718fd3af17' AND file:name = 'PluginManagerSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-12T09:07:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0f1cf7c-3ca1-4fb3-9dd3-f25340b7f3b8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-13T14:27:35.000Z",
"modified": "2023-12-13T14:27:35.000Z",
"description": "This is the main plugin manager program. A thread is created to get instructions from the execute commands from the remote host http://upgrade.i-xinnuo[.]com mainly for managing tax",
"pattern": "[file:hashes.MD5 = '134d9ffc9c65366e690c2a4852ec6835' AND file:name = 'plugin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-13T14:27:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--be503b47-4c40-4d5a-9bf2-cb595d2056f3",
"created": "2023-12-05T13:09:19.000Z",
"modified": "2023-12-05T13:09:19.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9886eded-debc-473e-af59-e31c9c8e412d",
"created": "2023-12-05T13:09:31.000Z",
"modified": "2023-12-05T13:09:31.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--32d6d97f-1d9c-4fde-bf85-fbf789d00cb7",
"created": "2023-12-05T13:09:46.000Z",
"modified": "2023-12-05T13:09:46.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d082aa9-2ce1-4a58-99ae-816aa7039bd4",
"created": "2023-12-05T12:37:18.000Z",
"modified": "2023-12-05T12:37:18.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--64f817ec-c3e1-4228-9cbf-f42cdd030576",
"created": "2023-12-05T12:37:35.000Z",
"modified": "2023-12-05T12:37:35.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"target_ref": "indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--696b9fda-97dd-4d59-9d08-a2b0440b8735",
"created": "2023-12-05T12:29:19.000Z",
"modified": "2023-12-05T12:29:19.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14959ec6-f571-4305-a3e7-0f70a7e9e7dd",
"created": "2023-12-05T12:29:36.000Z",
"modified": "2023-12-05T12:29:36.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cf31e7f6-8dd7-432b-9088-c389c69a05ca",
"created": "2023-12-04T13:18:45.000Z",
"modified": "2023-12-04T13:18:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--78df4cf5-9553-440b-be68-7b5b209e40c2",
"created": "2023-12-04T13:19:08.000Z",
"modified": "2023-12-04T13:19:08.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--da1b2e40-8a60-4d89-a1f1-b1d1804c0a63",
"created": "2023-12-04T13:19:30.000Z",
"modified": "2023-12-04T13:19:30.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0380e673-740d-4a5f-a0c6-cbbee8847c0c",
"created": "2023-12-04T09:48:29.000Z",
"modified": "2023-12-04T09:48:29.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--44ab6186-8a15-49ce-931d-3e5566851a58",
"created": "2023-12-04T09:48:45.000Z",
"modified": "2023-12-04T09:48:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f3c6257d-7a28-4810-a5a8-c867b57f51c1",
"created": "2023-12-04T09:48:57.000Z",
"modified": "2023-12-04T09:48:57.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dde83e5d-befa-41a8-8a33-61f5558b21e0",
"created": "2023-12-05T12:31:02.000Z",
"modified": "2023-12-05T12:31:02.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c44c6b36-5f8a-42ba-a6ad-b21a12e96a2a",
"created": "2023-12-05T12:31:16.000Z",
"modified": "2023-12-05T12:31:16.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7944d7ce-bee8-4dd7-9204-6304f237f68e",
"created": "2023-12-05T12:31:29.000Z",
"modified": "2023-12-05T12:31:29.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7b78d5fb-3671-45c5-b072-12103b2451aa",
"created": "2023-12-05T12:47:51.000Z",
"modified": "2023-12-05T12:47:51.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9489b4a1-ae0d-4f6a-8d30-fd6b3bdcea9a",
"created": "2023-12-05T12:48:11.000Z",
"modified": "2023-12-05T12:48:11.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--80b2ecdc-8381-4c7f-a9f4-7d3e95e20bd6",
"created": "2023-12-05T12:51:47.000Z",
"modified": "2023-12-05T12:51:47.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3e6fa74d-aa99-4a01-b1e4-490f85660f53",
"created": "2023-12-05T12:52:02.000Z",
"modified": "2023-12-05T12:52:02.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--53cc8c93-b97f-4636-aa8e-4b6b5a3aeef0",
"created": "2023-12-05T13:12:49.000Z",
"modified": "2023-12-05T13:12:49.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48aad818-5cc0-445e-b9de-f2687307fed2",
"created": "2023-12-05T13:13:03.000Z",
"modified": "2023-12-05T13:13:03.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--27cfa542-e1a5-4ec2-83a0-fe531cb1b3ee",
"created": "2023-12-05T13:13:18.000Z",
"modified": "2023-12-05T13:13:18.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--31e83f22-0a92-4c54-ad25-ce68f39f101a",
"created": "2023-12-05T10:30:32.000Z",
"modified": "2023-12-05T10:30:32.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--288d3f46-333a-400f-b20d-8e742292776a",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ebbcb1a2-68f8-4daa-9fb5-67ec24cac20c",
"created": "2023-12-05T10:30:45.000Z",
"modified": "2023-12-05T10:30:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--288d3f46-333a-400f-b20d-8e742292776a",
"target_ref": "indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f63a9657-fd26-4e5a-ae98-5e4e04d07f9c",
"created": "2023-12-05T12:54:37.000Z",
"modified": "2023-12-05T12:54:37.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ff7ba80d-8af2-4e99-8ca7-dae72cd01893",
"created": "2023-12-05T12:55:12.000Z",
"modified": "2023-12-05T12:55:12.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--94406a5e-e6fc-4024-a054-c89c3f1029f2",
"created": "2023-12-05T13:16:14.000Z",
"modified": "2023-12-05T13:16:14.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b7ef2aee-c8d1-4988-b8e2-13515e11f897",
"created": "2023-12-05T13:16:30.000Z",
"modified": "2023-12-05T13:16:30.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ccfdec3a-133f-43f8-a97d-75fac74a2006",
"created": "2023-12-05T13:16:44.000Z",
"modified": "2023-12-05T13:16:44.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--29d34333-d544-46bd-95d1-4e57128f9889",
"created": "2023-12-04T13:17:08.000Z",
"modified": "2023-12-04T13:17:08.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9491fede-f8ec-4c10-b683-29423978adc9",
"created": "2023-12-04T13:17:19.000Z",
"modified": "2023-12-04T13:17:19.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ae6b8e1b-ccf6-4715-bfe9-4363e56fe308",
"created": "2023-12-04T13:17:33.000Z",
"modified": "2023-12-04T13:17:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fb434e57-8e34-4cdc-80c8-7e8c2fcccda0",
"created": "2023-12-05T13:41:20.000Z",
"modified": "2023-12-05T13:41:20.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1af68db5-8de3-48b7-82cb-fe091512fe0b",
"created": "2023-12-05T13:41:33.000Z",
"modified": "2023-12-05T13:41:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ee1cafda-1e3e-49b6-ab6b-1d7311d0581d",
"created": "2023-12-05T13:41:45.000Z",
"modified": "2023-12-05T13:41:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8f5faf4b-8fe9-478f-820f-7c3c40a21605",
"created": "2023-12-05T13:02:42.000Z",
"modified": "2023-12-05T13:02:42.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--206e4984-9d19-43c7-a49c-716cf173c58b",
"created": "2023-12-05T13:02:54.000Z",
"modified": "2023-12-05T13:02:54.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--21dce366-595e-4f85-9d21-fc402ff2b0d7",
"created": "2023-12-05T13:03:09.000Z",
"modified": "2023-12-05T13:03:09.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4213776f-80b4-4966-9c53-be4818581c18",
"created": "2023-11-30T14:54:01.000Z",
"modified": "2023-11-30T14:54:01.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3c6e359b-e6b0-4d4a-ac94-34e7b13e11be",
"created": "2023-11-30T14:54:21.000Z",
"modified": "2023-11-30T14:54:21.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dd8870e1-f8b1-4224-bd02-593ec917a351",
"created": "2023-11-30T14:57:20.000Z",
"modified": "2023-11-30T14:57:20.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--491d4496-7f03-46b4-9fae-12fd97cef4b6",
"created": "2023-11-30T14:57:33.000Z",
"modified": "2023-11-30T14:57:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--69e13243-e7e0-4726-a10a-01fd046ded89"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--822fa251-1e52-4df9-b84f-384ea95a702d",
"created": "2023-11-30T14:57:48.000Z",
"modified": "2023-11-30T14:57:48.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--a1913402-5d6f-4fd1-b158-17c06372b82e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--719a6eef-b77e-494a-aa82-47d9912091bd",
"created": "2023-11-30T14:58:18.000Z",
"modified": "2023-11-30T14:58:18.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--99bd5142-86d7-44d9-a1b9-c214a5eb64f9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7a83c624-7dc9-4680-be9e-6fbcfcae49fb",
"created": "2023-12-12T09:49:15.000Z",
"modified": "2023-12-12T09:49:15.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--38174bb5-534e-4c38-b435-621706f0e85d",
"created": "2023-12-12T09:49:31.000Z",
"modified": "2023-12-12T09:49:31.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--51b9a083-6bb7-453e-a3d1-70137283f004"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ead4fb7f-b46c-48db-8f8c-bfa71e0c04b2",
"created": "2023-12-12T09:49:47.000Z",
"modified": "2023-12-12T09:49:47.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6638bf51-745d-43eb-b63c-c326bd6091d4",
"created": "2023-12-12T09:49:59.000Z",
"modified": "2023-12-12T09:49:59.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--29908be1-f56d-4e97-9892-8830c9d29241"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--69b86595-9fdb-4515-b372-8e1a64d5ff8a",
"created": "2023-12-12T09:50:10.000Z",
"modified": "2023-12-12T09:50:10.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--f36ce21a-4c59-4731-9929-1af4ff97f21f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cf1abb24-b2f3-40d4-92ab-29e46eaf3484",
"created": "2023-12-12T09:50:23.000Z",
"modified": "2023-12-12T09:50:23.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--8e56f0cf-4efb-4ce4-9de0-61467c133f58"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c60b8722-ed43-4e2b-a5a9-a68790d11524",
"created": "2023-12-12T09:50:35.000Z",
"modified": "2023-12-12T09:50:35.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--858c9869-c1a4-46a1-9075-cd11ead979ef"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b16a5194-6d58-478a-83f8-271dfe92cd02",
"created": "2023-12-12T09:50:47.000Z",
"modified": "2023-12-12T09:50:47.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1b6cb2dd-0d1b-47c9-93af-fc15423f7160",
"created": "2023-12-12T09:51:00.000Z",
"modified": "2023-12-12T09:51:00.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b75b14a3-d9e5-401f-bfdc-214dd733b7f5",
"created": "2023-12-13T09:32:34.000Z",
"modified": "2023-12-13T09:32:34.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--70c7a913-437d-4f5b-a01a-08ecc1ef1865",
"created": "2023-12-13T09:32:49.000Z",
"modified": "2023-12-13T09:32:49.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--932101d8-541e-4cd6-8d8f-47ee0f8c5c75",
"created": "2023-12-13T09:32:58.000Z",
"modified": "2023-12-13T09:32:58.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--caf71246-f0ed-404d-b1a0-212b499f3f81",
"created": "2023-12-13T09:33:09.000Z",
"modified": "2023-12-13T09:33:09.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--288d3f46-333a-400f-b20d-8e742292776a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--81bf3bf4-c446-4dda-ad84-3548738ba254",
"created": "2023-12-13T09:33:18.000Z",
"modified": "2023-12-13T09:33:18.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--93398eab-4793-46b9-882b-a1d8adfaf4bd",
"created": "2023-12-12T10:41:32.000Z",
"modified": "2023-12-12T10:41:32.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--8bd144dd-eea0-448e-87c0-67a556c36700"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b5c23664-e5d1-4621-a0da-588652ef22cb",
"created": "2023-12-12T10:41:48.000Z",
"modified": "2023-12-12T10:41:48.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4baeddb4-c666-49ad-9d8f-a0e53885dd72",
"created": "2023-12-12T10:42:04.000Z",
"modified": "2023-12-12T10:42:04.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--603905e7-829b-443c-931c-fd05d267ad47",
"created": "2023-12-12T10:43:06.000Z",
"modified": "2023-12-12T10:43:06.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--3f3839ec-a575-4603-a292-fab98e7c6038"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--458bd35f-ad6c-4290-a1ad-da4ab27c905c",
"created": "2023-12-12T10:43:18.000Z",
"modified": "2023-12-12T10:43:18.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--3f3839ec-a575-4603-a292-fab98e7c6038"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3c9dedc9-47dc-4f54-84ce-021e2d78a1f3",
"created": "2023-12-12T10:43:52.000Z",
"modified": "2023-12-12T10:43:52.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--657df46a-50d1-4010-b30a-a7f64574e0d9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--30052da1-d287-4002-bf60-972ca34ec27d",
"created": "2023-12-12T10:45:36.000Z",
"modified": "2023-12-12T10:45:36.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6d2e9d27-2a3f-45f1-984e-dc3b48df6ea1",
"created": "2023-12-12T10:52:42.000Z",
"modified": "2023-12-12T10:52:42.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fe68fee5-9df7-4c18-b3c9-90436163aa9b",
"created": "2023-12-12T10:52:54.000Z",
"modified": "2023-12-12T10:52:54.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--98843b28-2cbc-4195-aced-0460e2b8d8b6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--787fc788-b808-4055-b4ef-05fab5a0a8f3",
"created": "2023-12-12T10:53:09.000Z",
"modified": "2023-12-12T10:53:09.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--081c60ab-0c8c-4f2c-9c23-c97264a325b3",
"created": "2023-12-12T09:04:48.000Z",
"modified": "2023-12-12T09:04:48.000Z",
"relationship_type": "contains",
"source_ref": "indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"target_ref": "indicator--cb1e3793-c635-4787-95ef-170010d073d5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f656fec9-8182-40be-a254-47f8f856bd4d",
"created": "2023-12-12T10:25:52.000Z",
"modified": "2023-12-12T10:25:52.000Z",
"relationship_type": "contains",
"source_ref": "indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"target_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3c3a48bd-0950-4de3-9cc4-869ef2c935ed",
"created": "2023-12-12T09:07:17.000Z",
"modified": "2023-12-12T09:07:17.000Z",
"relationship_type": "contains",
"source_ref": "indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"target_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--27e5b510-3773-4eea-b3fb-79ab4d9b1053",
"created": "2023-12-12T09:07:39.000Z",
"modified": "2023-12-12T09:07:39.000Z",
"relationship_type": "contains",
"source_ref": "indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"target_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink