2023-12-14 13:47:04 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2023-08-25" ,
"extends_uuid" : "" ,
"info" : "CISA - MAR-10459736.r1.v1 - WHIRLPOOL Variant" ,
"publish_timestamp" : "1692944626" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1692944619" ,
"uuid" : "6b6fa46d-4a17-44a4-a234-d69487b04597" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:clear" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Payload installation" ,
"comment" : "The file 'ssld' is a Linux ELF reverse shell and is a variant of WHIRLPOOL malware used on the Barracuda Email Security Gateway (ESG) device (Figure 1). The file looks for an encoded string with a '.io' extension (Figure 2). The string will be decoded and the data will be passed as the C2 which will include the Internet Protocol (IP) address and port number used to establish a reverse shell." ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2023-08-17T19:19:43.944668+00:00" ,
"timestamp" : "1691615579" ,
"to_ids" : true ,
"type" : "yara" ,
"uuid" : "3e5f8fc0-da1f-47f0-8b6e-f4c4b033ce47" ,
"value" : "'namespace'='CISA_Consolidated.yara' rule_name=CISA_10452108_02 rule_content=rule CISA_10452108_02 : WHIRLPOOL backdoor communicates_with_c2 installs_other_components\n{\n\tmeta:\n\t\tAuthor = \"CISA Code & Media Analysis\"\n\t\tIncident = \"10452108\"\n\t\tDate = \"2023-06-20\"\n\t\tLast_Modified = \"20230804_1730\"\n\t\tActor = \"n/a\"\n\t\tFamily = \"WHIRLPOOL\"\n\t\tCapabilities = \"communicates-with-c2 installs-other-components\"\n\t\tMalware_Type = \"backdoor\"\n\t\tTool_Type = \"unknown\"\n\t\tDescription = \"Detects malicious Linux WHIRLPOOL samples\"\n\t\tSHA256_1 = \"83ca636253fd1eb898b244855838e2281f257bbe8ead428b69528fc50b60ae9c\"\n\t\tSHA256_2 = \"8849a3273e0362c45b4928375d196714224ec22cb1d2df5d029bf57349860347\"\n\tstrings:\n\t\t$s0 = { 65 72 72 6f 72 20 2d 31 20 65 78 69 74 }\n\t\t$s1 = { 63 72 65 61 74 65 20 73 6f 63 6b 65 74 20 65 72 72 6f 72 3a 20 25 73 28 65 72 72 6f 72 3a 20 25 64 29 }\n\t\t$s2 = { c7 00 20 32 3e 26 66 c7 40 04 31 00 }\n\t\t$a3 = { 70 6c 61 69 6e 5f 63 6f 6e 6e 65 63 74 }\n\t\t$a4 = { 63 6f 6e 6e 65 63 74 20 65 72 72 6f 72 3a 20 25 73 28 65 72 72 6f 72 3a 20 25 64 29 }\n\t\t$a5 = { 73 73 6c 5f 63 6f 6e 6e 65 63 74 }\n\tcondition:\n\t\tuint32(0) == 0x464c457f and 4 of them\n}"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector). The Identity SDO can capture basic identifying information, contact information, and the sectors that the Identity belongs to. Identity is used in STIX to represent, among other things, targets of attacks, information sources, object creators, and threat actor identities. (ref. STIX 2.1 - 4.5)" ,
"meta-category" : "misc" ,
"name" : "identity" ,
"template_uuid" : "ae85b960-b507-4de2-a32c-9cfb8f25f990" ,
"template_version" : "1" ,
"timestamp" : "1681321989" ,
"uuid" : "8e112e72-aa8f-4190-a359-28a9abae2896" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "name" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "859d081f-0018-48da-af2b-2fd024ad0d7d" ,
"value" : "GeminiProduction_CMA" ,
"Tag" : [
{
"colour" : "#005226" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp:confidence-level=\"completely-confident\"" ,
"relationship_type" : ""
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "description" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bfcb83d2-b259-438f-bdc8-a43915673d80" ,
"value" : "Cybersecurity and Infrastructure Security Agency Production Identity. Code and Media Analysis." ,
"Tag" : [
{
"colour" : "#005226" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp:confidence-level=\"completely-confident\"" ,
"relationship_type" : ""
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "identity_class" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d38cf44f-19e5-49bd-b39a-ad8ebf954d45" ,
"value" : "system" ,
"Tag" : [
{
"colour" : "#005226" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp:confidence-level=\"completely-confident\"" ,
"relationship_type" : ""
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Malware Analysis captures the metadata and results of a particular static or dynamic analysis performed on a malware instance or family." ,
"meta-category" : "misc" ,
"name" : "malware-analysis" ,
"template_uuid" : "8229ee82-7218-4ff5-9eac-57961a6f0288" ,
"template_version" : "1" ,
"timestamp" : "1691615579" ,
"uuid" : "07141506-e989-4a25-b510-797383e9b01a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "07141506-e989-4a25-b510-797383e9b01a" ,
"referenced_uuid" : "efd3fd98-6f1b-590d-bdd4-1e0753d3a689" ,
2023-12-14 13:47:04 +00:00
"relationship_type" : "analyses" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1692944331" ,
"uuid" : "97ecd299-8512-4e61-bcde-5465d3f4e2f3"
}
] ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "product" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "42e406d8-bcb1-468d-b9d1-195810672cab" ,
"value" : "eset"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "result" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "aea648ae-f790-412a-8511-22728becdb95" ,
"value" : "unknown"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "result_name" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e2f4500e-7dea-4009-8c50-d8915623816a" ,
"value" : "a variant of Linux/WhirlPool.A trojan"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1691615579" ,
"uuid" : "efd3fd98-6f1b-590d-bdd4-1e0753d3a689" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "efd3fd98-6f1b-590d-bdd4-1e0753d3a689" ,
"referenced_uuid" : "626a2549-5775-43a8-b8bb-2fe2682a6dae" ,
2023-12-14 13:47:04 +00:00
"relationship_type" : "associated-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1692944331" ,
"uuid" : "0626f6c9-bf7a-479e-a859-9e8aaca5c167"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e9137ec7-592d-4cd3-a135-fa3c821d50cb" ,
"value" : "77e1e9bf69b09ed0840534adb8258540"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5f51c077-1d78-40f7-ac58-034bcbdff910" ,
"value" : "deadca9bd85ee5c4e086fd81eee09407b769e9b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5e064e2f-2cbd-4362-a68d-a955e47a2cd0" ,
"value" : "0af253e60456b03af49cc675f71d47b2dd9a48f50a927e43b9d8116985c06459"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "e2994827-7640-4181-9ce8-53925b0026f1" ,
"value" : "3ad6bd00c4195c9b1757a9d697196e8beffb343c331509c2eda24bbbd009cc1af552a1900ab04d169a22d273e6359cb2ff149050a7f792b9630108a4af226e2d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "d8f3d964-78ae-4e93-900f-08fb1d569fa8" ,
"value" : "98304:1z2EGoxipg0NPbuqbVxbNgqE+Q+F4YGZLx4BAFm/CyU:LLXYGNFLj"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "f213075f-0b12-46ee-b52e-7c9c9651fcfa" ,
"value" : "ssld"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4f8aa9e3-a8bc-480a-9432-20ee8ef3679d" ,
"value" : "5034648"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Malware is a type of TTP that represents malicious code." ,
"meta-category" : "misc" ,
"name" : "malware" ,
"template_uuid" : "e5ad1d64-4b4e-44f5-9e00-88a705a67f9d" ,
"template_version" : "1" ,
"timestamp" : "1691615579" ,
"uuid" : "626a2549-5775-43a8-b8bb-2fe2682a6dae" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "description" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2d538923-b375-4471-b5f4-69f653cf572e" ,
"value" : "The file 'ssld' is a Linux ELF reverse shell and is a variant of WHIRLPOOL malware used on the Barracuda Email Security Gateway (ESG) device (Figure 1). The file looks for an encoded string with a '.io' extension (Figure 2). The string will be decoded and the data will be passed as the C2 which will include the Internet Protocol (IP) address and port number used to establish a reverse shell."
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "is_family" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "boolean" ,
"uuid" : "2b74c868-0c2e-4e1f-bb81-7cf1cc9d2c0b" ,
"value" : "0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "malware_type" ,
"timestamp" : "1692944331" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "be1cbecb-8dd5-4cf9-899f-a58169012721" ,
"value" : "trojan"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"first_seen" : "2023-08-17T19:19:43.953009+00:00" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1691615579" ,
"uuid" : "31532fc0-d3ee-479f-8482-a4d49732d5af" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4f992ff1-08a6-4659-b962-93388c468a2d" ,
"value" : "77e1e9bf69b09ed0840534adb8258540"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "23f4ad3c-0727-4c5d-af13-b9f6812b4e75" ,
"value" : "deadca9bd85ee5c4e086fd81eee09407b769e9b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "3806a4ad-a863-4f3f-95dc-4ab555aa5dad" ,
"value" : "0af253e60456b03af49cc675f71d47b2dd9a48f50a927e43b9d8116985c06459"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1692944331" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "63291d10-2a0f-4170-b774-1139ef17277e" ,
"value" : "3ad6bd00c4195c9b1757a9d697196e8beffb343c331509c2eda24bbbd009cc1af552a1900ab04d169a22d273e6359cb2ff149050a7f792b9630108a4af226e2d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing the original file used to import data in MISP." ,
"meta-category" : "file" ,
"name" : "original-imported-file" ,
"template_uuid" : "4cd560e9-2cfe-40a1-9964-7b2e797ecac5" ,
"template_version" : "2" ,
"timestamp" : "1692944338" ,
"uuid" : "74888f9e-4968-4601-944d-100a179c1b88" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " e w o g I C A g I n R 5 c G U i O i A i Y n V u Z G x l I i w K I C A g I C J p Z C I 6 I C J i d W 5 k b G U t L T c 4 Z D c 0 M D V k L W M 3 N j k t N G V m Y i 0 5 N T U w L T Q w N W E z N T h h M m Q 3 N i I s C i A g I C A i b 2 J q Z W N 0 c y I 6 I F s K I C A g I C A g I C B 7 C i A g I C A g I C A g I C A g I C J 0 e X B l I j o g I m l k Z W 50 a X R 5 I i w K I C A g I C A g I C A g I C A g I n N w Z W N f d m V y c 2 l v b i I 6 I C I y L j E i L A o g I C A g I C A g I C A g I C A i a W Q i O i A i a W R l b n R p d H k t L T h l M T E y Z T c y L W F h O G Y t N D E 5 M C 1 h M z U 5 L T I 4 Y T l h Y m F l M j g 5 N i I s C i A g I C A g I C A g I C A g I C J j c m V h d G V k X 2 J 5 X 3 J l Z i I 6 I C J p Z G V u d G l 0 e S 0 t N D J h Y z N j O T I t N j B k M i 0 0 M T h m L W J h O G U t O D M 4 O T Q 0 Z T Y x M T B i I i w K I C A g I C A g I C A g I C A g I m N y Z W F 0 Z W Q i O i A i M j A y M y 0 w N C 0 x M l Q x N z o 1 M z o w O S 42 N D Z a I i w K I C A g I C A g I C A g I C A g I m 1 v Z G l m a W V k I j o g I j I w M j M t M D Q t M T J U M T c 6 N T M 6 M D k u N j Q 2 W i I s C i A g I C A g I C A g I C A g I C J u Y W 1 l I j o g I k d l b W l u a V B y b 2 R 1 Y 3 R p b 25 f Q 0 1 B I i w K I C A g I C A g I C A g I C A g I m R l c 2 N y a X B 0 a W 9 u I j o g I k N 5 Y m V y c 2 V j d X J p d H k g Y W 5 k I E l u Z n J h c 3 R y d W N 0 d X J l I F N l Y 3 V y a X R 5 I E F n Z W 5 j e S B Q c m 9 k d W N 0 a W 9 u I E l k Z W 50 a X R 5 L i B D b 2 R l I G F u Z C B N Z W R p Y S B B b m F s e X N p c y 4 i L A o g I C A g I C A g I C A g I C A i a W R l b n R p d H l f Y 2 x h c 3 M i O i A i c 3 l z d G V t I i w K I C A g I C A g I C A g I C A g I m N v b m Z p Z G V u Y 2 U i O i A x M D A s C i A g I C A g I C A g I C A g I C J s Y W 5 n I j o g I m V u I i w K I C A g I C A g I C A g I C A g I m 9 i a m V j d F 9 t Y X J r a W 5 n X 3 J l Z n M i O i B b C i A g I C A g I C A g I C A g I C A g I C A i b W F y a 2 l u Z y 1 k Z W Z p b m l 0 a W 9 u L S 1 i Y W I 0 Y T Y z Y y 1 h Z W Q 5 L T R j Z j U t Y T c 2 N i 1 k Z m N h N W F i Y W M y Y m I i C i A g I C A g I C A g I C A g I F 0 K I C A g I C A g I C B 9 L A o g I C A g I C A g I H s K I C A g I C A g I C A g I C A g I n R 5 c G U i O i A i Z m l s Z S I s C i A g I C A g I C A g I C A g I C J z c G V j X 3 Z l c n N p b 24 i O i A i M i 4 x I i w K I C A g I C A g I C A g I C A g I m l k I j o g I m Z p b G U t L W V m Z D N m Z D k 4 L T Z m M W I t N T k w Z C 1 i Z G Q 0 L T F l M D c 1 M 2 Q z Y T Y 4 O S I s C i A g I C A g I C A g I C A g I C J o Y X N o Z X M i O i B 7 C i A g I C A g I C A g I C A g I C A g I C A i T U Q 1 I j o g I j c 3 Z T F l O W J m N j l i M D l l Z D A 4 N D A 1 M z R h Z G I 4 M j U 4 N T Q w I i w K I C A g I C A g I C A g I C A g I C A g I C J T S E E t M S I 6 I C J k Z W F k Y 2E5 Y m Q 4 N W V l N W M 0 Z T A 4 N m Z k O D F l Z W U w O T Q w N 2 I 3 N j l l O W I 2 I i w K I C A g I C A g I C A g I C A g I C A g I C J T S E E t M j U 2 I j o g I j B h Z j I 1 M 2 U 2 M D Q 1 N m I w M 2 F m N D l j Y z Y 3 N W Y 3 M W Q 0 N 2 I y Z G Q 5 Y T Q 4 Z j U w Y T k y N 2 U 0 M 2 I 5 Z D g x M T Y 5 O D V j M D Y 0 N T k i L A o g I C A g I C A g I C A g I C A g I C A g I l N I Q S 0 1 M T I i O i A i M 2 F k N m J k M D B j N D E 5 N W M 5 Y j E 3 N T d h O W Q 2 O T c x O T Z l O G J l Z m Z i M z Q z Y z M z M T U w O W M y Z W R h M j R i Y m J k M D A 5 Y 2 M x Y W Y 1 N T J h M T k w M G F i M D R k M T Y 5 Y T I y Z D I 3 M 2 U 2 M z U 5 Y 2 I y Z m Y x N D k w N T B h N 2 Y 3 O T J i O T Y z M D E w O G E 0 Y W Y y M j Z l M m Q i L A o g I C A g I C A g I C A g I C A g I C A g I l N T R E V F U C I 6 I C I 5 O D M w N D o x e j J F R 294 a X B n M E 5 Q Y n V x Y l Z 4 Y k 5 n c U U r U S t G N F l H W k x 4 N E J B R m 0 v Q 3 l V O k x M W F l H T k Z M a i I K I C A g I C A g I C A g I C A g f S w K I C A g I C A g I C A g I C A g I n N p e m U i O i A 1 M D M 0 N j Q 4 L A o g I C A g I C A g I C A g I C A i b m F t Z S I 6 I C J z c 2 x k I i w K I C A g I C A g I C A g I C A g I m 9 i a m V j d F 9 t Y X J r a W 5 n X 3 J l Z n M i O i B b C i A g I C A g I C A g I C A g I C A g I C A i b W F y a 2 l u Z y 1 k Z W Z p b m l 0 a W 9 u L S 0 5 N D g 2 O G M 4 O S 0 4 M 2 M y L T Q 2 N G I t O T I 5 Y i 1 h M W E 4 Y W E z Y z g 0 O D c i C i A g I C A g I C A g I C A g I F 0 K I C A g I C A g I C B 9 L A o g I C A g I C A g I H s K I C A g I C A g I C A g I C A g I n R 5 c G U i O i A i a W 5 k a W N h d G 9 y I i w K I C A g I C A g I C A g I C A g I n N w Z W N f d m V y c 2 l v b i I 6 I C I y L j E i L A o g I C A g I C A g I C A g I C A i a W Q i O i A i a W 5 k a W N h d G 9 y L S 0 z Z T V m O G Z j M C 1 k Y T F m L T Q 3 Z j A t O G I 2 Z S 1 m N G M 0 Y j A z M 2 N l N D c i L A o g I C A g I C A g I C A g I C A i Y 3 J l Y X R l Z F 9 i e V 9 y Z W Y i O i A i a W R l b n R p d H k t L T h l M T E y Z T c y L W F h O G Y t N D E 5 M C 1 h M z U 5 L T I 4 Y T l h Y m F l M j g 5 N i I s C i A g I C A g I C A g I C A g I C J j c m V h d G V k I j o g I j I w M j M t M D g t M D l U M j E 6 M T I 6 N T k u M D A w W i I s C i A g I C A g I C A g I C A g I C J t b 2 R p Z m l l Z C I 6 I C I y M D I z L T A 4 L T A 5 V D I x O j E y O j U 5 L j A w M F o i L A o g I C A g I C A g I C A g I C A i b m F t Z S I 6 I C J z c 2 x k I i w K I C A g I C A g I C A g I C A g I m 9 i a m V j d F 9 t Y X J r a W 5 n X 3 J l Z n M i O i B b C i A g I C A g I C A g I C A g I C A g I C A i b W F y a 2 l u Z y 1 k Z W Z p b m l 0 a W 9 u L S 0 5 N D g 2 O G M 4 O S 0 4 M 2 M y L T Q 2 N G I t O T I 5 Y i 1 h M W E 4 Y W E z Y z g 0 O D c i C i A g I C A g I C A g I C A g I F 0 s C i A g I C A g I C A g I C A g I C J k Z X N j c m l w d G l v b i I 6 I C J U a G U g Z m l s Z S A n c 3 N s Z C c g a X M g Y S B M a W 51 e C B F T E Y g c m V 2 Z X J z Z S B z a G V s b C B h b m Q g a X M g Y S B 2 Y X J p Y W 50 I G 9 m I F d I S V J M U E 9 P T C B t Y W x 3 Y X J l I H V z Z W Q g b 24 g d G h l I E J h c n J h Y 3 V k Y S B F b W F p b C B T Z W N 1 c m l 0 e S B H Y X R l d 2 F 5 I C h F U 0 c p I G R l d m l j Z S A o R m l n d X J l I D E p L i B U a G U g Z m l s Z S B s b 29 r c y B m b 3 I g Y W 4 g Z W 5 j b 2 R l Z C B z d H J p b m c g d 2 l 0 a C B h I C c u a W 8 n I G V 4 d G V u c 2 l v b i A o R m l n d X J l I D I p L i B U a G U g c 3 R y a W 5 n I H d p b G w g Y m U g Z G V j b 2 R l Z C B h b m Q g d G h l I G R h d G E g d 2 l s b C B i Z S B w Y X N z Z W Q g Y X M g d G h l I E M y I H d o a W N o I H d p b G w g a W 5 j b H V k Z S B 0 a G U g S W 50 Z X J u Z X Q g U H J v d G 9 j b 2 w g K E l Q K S B h Z G R y Z X N z I G F u Z C B w b 3 J 0 I G 51 b W J l c i B 1 c 2 V k I H R v I G V z d G F i b G l z a C B h I H J l d m V y c 2 U g c 2 h l b G w u I i w K I C A g I C A g I C A g I C A g I m l u Z G l j Y X R v c l 90 e X B l c y I 6 I F s K I C A g I C A g I C A g I C A g I C A g I C J t Y W x p Y 2 l v d X M t Y W N 0 a X Z p d H k i C i A g I C A g I C A g I C A g I F 0 s C i A g I C A g I C A g I C A g I C J w Y X R 0 Z X J u I j o g I i A n b m F t Z X N w Y W N l J z 0 n Q 0 l T Q V 9 D b 25 z b 2 x p Z G F 0 Z W Q u e W F y Y S c g c n V s Z V 9 u Y W 1 l P U N J U 0 F f M T A 0 N T I x M D h f M D I g c n V s Z V 9 j b 250 Z W 50 P X J 1 b G U g Q 0 l T Q V 8 x M D Q 1 M j E w O F 8 w M i A 6 I F d I S V J M U E 9 P T C B i Y W N r Z G 9 v c i B j b 21 t d W 5 p Y 2 F 0 Z X N f d 2 l 0 a F 9 j M i B p b n N 0 Y W x s c 19 v d G h l c l 9 j b 21 w b 25 l b n R z X G 57 X G 5 c d G 1 l d G E 6 X G 5 c d F x 0 Q X V 0 a G 9 y I D 0 g X C J D S V N B I E N v Z G U g J i B N Z W R p Y S B B b m F s e X N p c 1 w i X G 5 c d F x 0 S W 5 j a W R l b n Q g P S B c I j E w N D U y M T A 4 X C J c b l x 0 X H R E Y X R l I D 0 g X C I y M D I z L T A 2 L T I w X C J c b l x 0 X H R M Y X N 0 X 0 1 v Z G l m a W V k I D 0 g X C I y M D I z M D g w N F 8 x N z M w X C J c b l x 0 X H R B Y 3 R v c i A 9 I F w i b i 9 h X C J c b l x 0 X H R G Y W 1 p b H k g P S B c I l d I S V J M U E 9 P T F
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "imported-sample" ,
"timestamp" : "1692944338" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "3cebdcfe-65ce-4b62-b622-aa56867ef744" ,
"value" : "MAR-10459736.r1.v1.CLEAR_stix2.json"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "format" ,
"timestamp" : "1692944338" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c4002e7-7313-479e-911e-eb4920d76fc7" ,
"value" : "STIX 2.1"
}
]
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-12-14 13:47:04 +00:00
}
