Intel471 Malware Indicator Feed

This Integration is part of the Intel471 Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Intel471's Malware Intelligence is focused on the provisioning of a high fidelity and timely indicators feed with rich context, TTP information, and malware intelligence reports. This feed allows customers to block and gain an understanding of the latest crimeware campaigns and is for those that value timeliness, confidence (little to no false positives), and seek rich context and insight around the attacks they are seeing."

Configure Intel471 Indicator Feed on Cortex XSOAR#

Navigate to Settings > Integrations > Servers & Services.
Search for Intel471 Indicator Feed.

Click Add instance to create and configure a new integration instance.

Parameter	Description	Required
Fetch indicators		False
Username		False
Indicator Reputation	Indicators from this integration instance will be marked with this reputation	False
Source Reliability	Reliability of the source providing the intelligence data	True
Traffic Light Protocol Color	The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed	False
Indicator Expiration Method		False
Feed Expiration Interval		False
Feed Fetch Interval		False
Indicator Type	Type of the indicator in the feed.	True
Search by Threat Type	"Search indicators by threat type (e.g. malware, bulletproof_hosting, proxy_service). If empty, all threat types will be considered."	False
Malware Family	"Search indicators by malware family (e.g. gozi_isfb, smokeloader, trickbot). If empty, all malware families will be considered."	False
Search by confidence	Search indicators by confidence. See detailed description of the confidence levels below.	False
Free text indicator search (all fields included)		False
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)	How far back in time to go when performing the first fetch.	False
Tags	Supports CSV values.	False
Bypass exclusion list	When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.	False
Use system proxy settings		False
Trust any certificate (not secure)		False
Create relationships	Create relationships between indicators as part of Enrichment.	False

Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

intel471-indicators-get-indicators#

Gets the feed indicators.

Base Command#

intel471-indicators-get-indicators

Input#

Argument Name	Description	Required
limit	The maximum number of results to return. Default is 50. Will limit the result for each indicator type.	Optional

Context Output#

There is no context output for this command.

Command Example#

!intel471-indicators-get-indicators limit=5

Human Readable Output#

Indicators#
value type rawJSON
https://example.com URL uid: 3cbf2c65f7d7b86c3276094b795e289a
threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}}
expiration: 1622633644000
confidence: high
context: {"description": "qbot controller URL"}
mitre_tactics: command_and_control
indicator_type: url
indicator_data: {"url": "https://example.com"}
intel_requirements: 1.3.4,
1.1.4
https://example.com URL uid: 46c4335a6e4f07cbc073754ce830b23b
threat: {"type": "malware", "uid": "355b864087900df6130bc1605ace1035", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.12"}}
expiration: 1622634181000
confidence: high
context: {"description": "qbot controller URL"}
mitre_tactics: command_and_control
indicator_type: url
indicator_data: {"url": "https://example.com"}
intel_requirements: 1.3.4,
1.1.4
https://example.com URL uid: 3ac312ba14bb661ac165ff9b06a4de51
threat: {"type": "malware", "uid": "22e7a5f41d4f3cc5c704758ffa505556", "data": {"malware_family_profile_uid": "20eb1f82621001883ea0c2085aff5729", "family": "lokibot", "version": "1.8"}}
expiration: 1622636921000
confidence: high
context: {"description": "lokibot controller URL"}
mitre_tactics: command_and_control
indicator_type: url
indicator_data: {"url": "https://example.com"}
intel_requirements: 1.1.5,
1.1.6
https://example.com URL uid: 3c2b4db3d8016f7ad1e97821d6f58cff
threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}}
expiration: 1622637063000
confidence: high
context: {"description": "qbot controller URL"}
mitre_tactics: command_and_control
indicator_type: url
indicator_data: {"url": "https://example.com"}
intel_requirements: 1.3.4,
1.1.4
http://example.com URL uid: f2509c1f7c725e2ffa6ae8e93f3dd4da
threat: {"type": "malware", "uid": "2beba14b4653bf651e1dee439b1caf48", "data": {"malware_family_profile_uid": "dbdf04e70d844c5d9373f9069998bbcb", "family": "formbook", "version": "4.1"}}
expiration: 1622637530000
confidence: high
context: {"description": "formbook controller URL"}
mitre_tactics: command_and_control
indicator_type: url
indicator_data: {"url": "http://example.com"}
intel_requirements: 1.1.5,
1.1.6
d55d6ffe62778604b95c4af57bbd25010a26869668516e1139865d907b4177a7 File uid: ed7e66db788ccdef60c0a30f37da66e2
threat: {"type": "malware", "uid": "456c1d6b360423fffff2bff49d0662eb", "data": {"malware_family_profile_uid": "456c1d6b360423fffff2bff49d0662eb", "family": "cobaltstrike"}}
expiration: 1651577888000
confidence: medium
context: {"description": "core component downloaded by cobaltstrike malware family"}
mitre_tactics: stage_capabilities
indicator_type: file
indicator_data: {"file": {"md5": "c274ce1427910a47d7acbfcb36f8e5c9", "sha1": "2479bdbd4f4a5b04e995eccc477ed44d7bbabf43", "sha256": "d55d6ffe62778604b95c4af57bbd25010a26869668516e1139865d907b4177a7", "type": "DATA", "size": 180854, "download_url": "https://api.intel471.com/v1/download/malwareIntel/d55d6ffe62778604b95c4af57bbd25010a26869668516e1139865d907b4177a7.zip"}}
intel_requirements: 1.1
ba1a42a7875ba307126d3f470617107973b8557756d08b386c1d9e2fbdfe3f0f File uid: 2a930e90451169755fe2b65620a28364
threat: {"type": "malware", "uid": "183ee6a5aec804f5df69eea69edddce0", "data": {"malware_family_profile_uid": "886b44916f8e62d9a9da5f7a8b143fb8", "family": "smokeloader", "version": "2020"}}
expiration: 1651578048000
confidence: medium
context: {"description": "executable downloaded by smokeloader malware family"}
mitre_tactics: command_and_control
indicator_type: file
indicator_data: {"file": {"md5": "0d0fec0f2a6af96ad0a7d0d3c96cb98d", "sha1": "223f50da553a39823c8b731fbc68f72471cb5152", "sha256": "ba1a42a7875ba307126d3f470617107973b8557756d08b386c1d9e2fbdfe3f0f", "type": "PEEXE_x64", "size": 5613568, "download_url": "https://api.intel471.com/v1/download/malwareIntel/ba1a42a7875ba307126d3f470617107973b8557756d08b386c1d9e2fbdfe3f0f.zip"}}
intel_requirements: 1.1.5,
1.1.6
1d96205e9fd00d5dd4a57e101eee21f47d850c505d592998c5ea12ff867e1865 File uid: df7c2e16d384f1fbfe09e3fafab93fa6
threat: {"type": "malware", "uid": "183ee6a5aec804f5df69eea69edddce0", "data": {"malware_family_profile_uid": "886b44916f8e62d9a9da5f7a8b143fb8", "family": "smokeloader", "version": "2020"}}
expiration: 1651578052000
confidence: medium
context: {"description": "executable downloaded by smokeloader malware family"}
mitre_tactics: command_and_control
indicator_type: file
indicator_data: {"file": {"md5": "9bcb6653def44687d0d8f971ca5d0cf5", "sha1": "b900e03a9770a4345f1276c198843a5b2bc02223", "sha256": "1d96205e9fd00d5dd4a57e101eee21f47d850c505d592998c5ea12ff867e1865", "type": "PEEXE_x86", "size": 771072, "download_url": "https://api.intel471.com/v1/download/malwareIntel/1d96205e9fd00d5dd4a57e101eee21f47d850c505d592998c5ea12ff867e1865.zip"}}
intel_requirements: 1.1.5,
1.1.6
26e9bac9d285ba198b272999ae48e7049eb7847c2d37c142b79931779130df8b File uid: 35faa35978b8ee7f3a32c0f83291163d
threat: {"type": "malware", "uid": "4bff756d3eacb5066dbdeebdaf3f9aeb", "data": {"malware_family_profile_uid": "b38ef686caf0103866339452d3d1c4fb", "family": "dridex", "version": "2.165"}}
expiration: 1651578060000
confidence: medium
context: {"description": "web_inject plugin downloaded by dridex malware family"}
mitre_tactics: stage_capabilities
indicator_type: file
indicator_data: {"file": {"md5": "8a72d4c069d724bcf70ccde3148df130", "sha1": "398484e2c3bd11f2e8bff37614db4cc5943b966d", "sha256": "26e9bac9d285ba198b272999ae48e7049eb7847c2d37c142b79931779130df8b", "type": "PEDLL_x64", "size": 614400, "download_url": "https://api.intel471.com/v1/download/malwareIntel/26e9bac9d285ba198b272999ae48e7049eb7847c2d37c142b79931779130df8b.zip"}}
intel_requirements: 1.3.4,
1.1.4
055c7a3ecbc64032aa4e08d3e9954183a216ae085e1a25cd85108414534aa92d File uid: fec667f3d059f9635a231e4b57bd18f8
threat: {"type": "malware", "uid": "355b864087900df6130bc1605ace1035", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.12"}}
expiration: 1651578135000
confidence: high
context: {"description": "sample of qbot malware family"}
mitre_tactics: command_and_control
indicator_type: file
indicator_data: {"file": {"md5": "5a8d0dd7df9a2f5996dbbb3d62303a4c", "sha1": "62b32aa8e61ff1e66d55fee4649b9aef52d50e60", "sha256": "055c7a3ecbc64032aa4e08d3e9954183a216ae085e1a25cd85108414534aa92d", "type": "PEDLL_x86", "size": 1004032, "download_url": "https://api.intel471.com/v1/download/malwareIntel/055c7a3ecbc64032aa4e08d3e9954183a216ae085e1a25cd85108414534aa92d.zip"}}
intel_requirements: 1.3.4,
1.1.4
x.x.x.x IP uid: e71f7b0300d6bc37fd4cb27fd03c98ed
threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}}
expiration: 1622633644000
confidence: medium
context: {"description": "qbot controller IPv4"}
mitre_tactics: command_and_control
indicator_type: ipv4
indicator_data: {"address": "x.x.x.x"}
intel_requirements: 1.3.4,
1.1.4
x.x.x.x IP uid: 09ae761c2a9cbaaa6210129a3c89474a
threat: {"type": "malware", "uid": "355b864087900df6130bc1605ace1035", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.12"}}
expiration: 1622634181000
confidence: medium
context: {"description": "qbot controller IPv4"}
mitre_tactics: command_and_control
indicator_type: ipv4
indicator_data: {"address": "x.x.x.x"}
intel_requirements: 1.3.4,
1.1.4
x.x.x.x IP uid: fdc225adafa78bae33ca9651bbfcc36e
threat: {"type": "malware", "uid": "22e7a5f41d4f3cc5c704758ffa505556", "data": {"malware_family_profile_uid": "20eb1f82621001883ea0c2085aff5729", "family": "lokibot", "version": "1.8"}}
expiration: 1622636921000
confidence: medium
context: {"description": "lokibot controller IPv4"}
mitre_tactics: command_and_control
indicator_type: ipv4
indicator_data: {"address": "x.x.x.x"}
intel_requirements: 1.1.5,
1.1.6
x.x.x.x IP uid: a9a3a50497dc52eee69be35cffd22b5c
threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}}
expiration: 1622637063000
confidence: medium
context: {"description": "qbot controller IPv4"}
mitre_tactics: command_and_control
indicator_type: ipv4
indicator_data: {"address": "x.x.x.x"}
intel_requirements: 1.3.4,
1.1.4
x.x.x.x IP uid: c4e482756324c8020ea96beda15db0cc
threat: {"type": "malware", "uid": "12699e2e6873f0e319e2db36e28f6262", "data": {"malware_family_profile_uid": "886b44916f8e62d9a9da5f7a8b143fb8", "family": "smokeloader", "version": "2019"}}
expiration: 1622639358000
confidence: medium
context: {"description": "smokeloader controller IPv4"}
mitre_tactics: command_and_control
indicator_type: ipv4
indicator_data: {"address": "x.x.x.x"}
intel_requirements: 1.1.5,
1.1.6

value	type	rawJSON
https://example.com	URL	uid: 3cbf2c65f7d7b86c3276094b795e289a threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}} expiration: 1622633644000 confidence: high context: {"description": "qbot controller URL"} mitre_tactics: command_and_control indicator_type: url indicator_data: {"url": "https://example.com"} intel_requirements: 1.3.4, 1.1.4
https://example.com	URL	uid: 46c4335a6e4f07cbc073754ce830b23b threat: {"type": "malware", "uid": "355b864087900df6130bc1605ace1035", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.12"}} expiration: 1622634181000 confidence: high context: {"description": "qbot controller URL"} mitre_tactics: command_and_control indicator_type: url indicator_data: {"url": "https://example.com"} intel_requirements: 1.3.4, 1.1.4
https://example.com	URL	uid: 3ac312ba14bb661ac165ff9b06a4de51 threat: {"type": "malware", "uid": "22e7a5f41d4f3cc5c704758ffa505556", "data": {"malware_family_profile_uid": "20eb1f82621001883ea0c2085aff5729", "family": "lokibot", "version": "1.8"}} expiration: 1622636921000 confidence: high context: {"description": "lokibot controller URL"} mitre_tactics: command_and_control indicator_type: url indicator_data: {"url": "https://example.com"} intel_requirements: 1.1.5, 1.1.6
https://example.com	URL	uid: 3c2b4db3d8016f7ad1e97821d6f58cff threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}} expiration: 1622637063000 confidence: high context: {"description": "qbot controller URL"} mitre_tactics: command_and_control indicator_type: url indicator_data: {"url": "https://example.com"} intel_requirements: 1.3.4, 1.1.4
http://example.com	URL	uid: f2509c1f7c725e2ffa6ae8e93f3dd4da threat: {"type": "malware", "uid": "2beba14b4653bf651e1dee439b1caf48", "data": {"malware_family_profile_uid": "dbdf04e70d844c5d9373f9069998bbcb", "family": "formbook", "version": "4.1"}} expiration: 1622637530000 confidence: high context: {"description": "formbook controller URL"} mitre_tactics: command_and_control indicator_type: url indicator_data: {"url": "http://example.com"} intel_requirements: 1.1.5, 1.1.6
d55d6ffe62778604b95c4af57bbd25010a26869668516e1139865d907b4177a7	File	uid: ed7e66db788ccdef60c0a30f37da66e2 threat: {"type": "malware", "uid": "456c1d6b360423fffff2bff49d0662eb", "data": {"malware_family_profile_uid": "456c1d6b360423fffff2bff49d0662eb", "family": "cobaltstrike"}} expiration: 1651577888000 confidence: medium context: {"description": "core component downloaded by cobaltstrike malware family"} mitre_tactics: stage_capabilities indicator_type: file indicator_data: {"file": {"md5": "c274ce1427910a47d7acbfcb36f8e5c9", "sha1": "2479bdbd4f4a5b04e995eccc477ed44d7bbabf43", "sha256": "d55d6ffe62778604b95c4af57bbd25010a26869668516e1139865d907b4177a7", "type": "DATA", "size": 180854, "download_url": "https://api.intel471.com/v1/download/malwareIntel/d55d6ffe62778604b95c4af57bbd25010a26869668516e1139865d907b4177a7.zip"}} intel_requirements: 1.1
ba1a42a7875ba307126d3f470617107973b8557756d08b386c1d9e2fbdfe3f0f	File	uid: 2a930e90451169755fe2b65620a28364 threat: {"type": "malware", "uid": "183ee6a5aec804f5df69eea69edddce0", "data": {"malware_family_profile_uid": "886b44916f8e62d9a9da5f7a8b143fb8", "family": "smokeloader", "version": "2020"}} expiration: 1651578048000 confidence: medium context: {"description": "executable downloaded by smokeloader malware family"} mitre_tactics: command_and_control indicator_type: file indicator_data: {"file": {"md5": "0d0fec0f2a6af96ad0a7d0d3c96cb98d", "sha1": "223f50da553a39823c8b731fbc68f72471cb5152", "sha256": "ba1a42a7875ba307126d3f470617107973b8557756d08b386c1d9e2fbdfe3f0f", "type": "PEEXE_x64", "size": 5613568, "download_url": "https://api.intel471.com/v1/download/malwareIntel/ba1a42a7875ba307126d3f470617107973b8557756d08b386c1d9e2fbdfe3f0f.zip"}} intel_requirements: 1.1.5, 1.1.6
1d96205e9fd00d5dd4a57e101eee21f47d850c505d592998c5ea12ff867e1865	File	uid: df7c2e16d384f1fbfe09e3fafab93fa6 threat: {"type": "malware", "uid": "183ee6a5aec804f5df69eea69edddce0", "data": {"malware_family_profile_uid": "886b44916f8e62d9a9da5f7a8b143fb8", "family": "smokeloader", "version": "2020"}} expiration: 1651578052000 confidence: medium context: {"description": "executable downloaded by smokeloader malware family"} mitre_tactics: command_and_control indicator_type: file indicator_data: {"file": {"md5": "9bcb6653def44687d0d8f971ca5d0cf5", "sha1": "b900e03a9770a4345f1276c198843a5b2bc02223", "sha256": "1d96205e9fd00d5dd4a57e101eee21f47d850c505d592998c5ea12ff867e1865", "type": "PEEXE_x86", "size": 771072, "download_url": "https://api.intel471.com/v1/download/malwareIntel/1d96205e9fd00d5dd4a57e101eee21f47d850c505d592998c5ea12ff867e1865.zip"}} intel_requirements: 1.1.5, 1.1.6
26e9bac9d285ba198b272999ae48e7049eb7847c2d37c142b79931779130df8b	File	uid: 35faa35978b8ee7f3a32c0f83291163d threat: {"type": "malware", "uid": "4bff756d3eacb5066dbdeebdaf3f9aeb", "data": {"malware_family_profile_uid": "b38ef686caf0103866339452d3d1c4fb", "family": "dridex", "version": "2.165"}} expiration: 1651578060000 confidence: medium context: {"description": "web_inject plugin downloaded by dridex malware family"} mitre_tactics: stage_capabilities indicator_type: file indicator_data: {"file": {"md5": "8a72d4c069d724bcf70ccde3148df130", "sha1": "398484e2c3bd11f2e8bff37614db4cc5943b966d", "sha256": "26e9bac9d285ba198b272999ae48e7049eb7847c2d37c142b79931779130df8b", "type": "PEDLL_x64", "size": 614400, "download_url": "https://api.intel471.com/v1/download/malwareIntel/26e9bac9d285ba198b272999ae48e7049eb7847c2d37c142b79931779130df8b.zip"}} intel_requirements: 1.3.4, 1.1.4
055c7a3ecbc64032aa4e08d3e9954183a216ae085e1a25cd85108414534aa92d	File	uid: fec667f3d059f9635a231e4b57bd18f8 threat: {"type": "malware", "uid": "355b864087900df6130bc1605ace1035", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.12"}} expiration: 1651578135000 confidence: high context: {"description": "sample of qbot malware family"} mitre_tactics: command_and_control indicator_type: file indicator_data: {"file": {"md5": "5a8d0dd7df9a2f5996dbbb3d62303a4c", "sha1": "62b32aa8e61ff1e66d55fee4649b9aef52d50e60", "sha256": "055c7a3ecbc64032aa4e08d3e9954183a216ae085e1a25cd85108414534aa92d", "type": "PEDLL_x86", "size": 1004032, "download_url": "https://api.intel471.com/v1/download/malwareIntel/055c7a3ecbc64032aa4e08d3e9954183a216ae085e1a25cd85108414534aa92d.zip"}} intel_requirements: 1.3.4, 1.1.4
x.x.x.x	IP	uid: e71f7b0300d6bc37fd4cb27fd03c98ed threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}} expiration: 1622633644000 confidence: medium context: {"description": "qbot controller IPv4"} mitre_tactics: command_and_control indicator_type: ipv4 indicator_data: {"address": "x.x.x.x"} intel_requirements: 1.3.4, 1.1.4
x.x.x.x	IP	uid: 09ae761c2a9cbaaa6210129a3c89474a threat: {"type": "malware", "uid": "355b864087900df6130bc1605ace1035", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.12"}} expiration: 1622634181000 confidence: medium context: {"description": "qbot controller IPv4"} mitre_tactics: command_and_control indicator_type: ipv4 indicator_data: {"address": "x.x.x.x"} intel_requirements: 1.3.4, 1.1.4
x.x.x.x	IP	uid: fdc225adafa78bae33ca9651bbfcc36e threat: {"type": "malware", "uid": "22e7a5f41d4f3cc5c704758ffa505556", "data": {"malware_family_profile_uid": "20eb1f82621001883ea0c2085aff5729", "family": "lokibot", "version": "1.8"}} expiration: 1622636921000 confidence: medium context: {"description": "lokibot controller IPv4"} mitre_tactics: command_and_control indicator_type: ipv4 indicator_data: {"address": "x.x.x.x"} intel_requirements: 1.1.5, 1.1.6
x.x.x.x	IP	uid: a9a3a50497dc52eee69be35cffd22b5c threat: {"type": "malware", "uid": "2103dcd99080ee86a7808912f3ff4382", "data": {"malware_family_profile_uid": "d9b8af17f349af0718badc314ce6b4bd", "family": "qbot", "version": "0402.68"}} expiration: 1622637063000 confidence: medium context: {"description": "qbot controller IPv4"} mitre_tactics: command_and_control indicator_type: ipv4 indicator_data: {"address": "x.x.x.x"} intel_requirements: 1.3.4, 1.1.4
x.x.x.x	IP	uid: c4e482756324c8020ea96beda15db0cc threat: {"type": "malware", "uid": "12699e2e6873f0e319e2db36e28f6262", "data": {"malware_family_profile_uid": "886b44916f8e62d9a9da5f7a8b143fb8", "family": "smokeloader", "version": "2019"}} expiration: 1622639358000 confidence: medium context: {"description": "smokeloader controller IPv4"} mitre_tactics: command_and_control indicator_type: ipv4 indicator_data: {"address": "x.x.x.x"} intel_requirements: 1.1.5, 1.1.6