misp-circl-feed/feeds/circl/stix-2.1/5b2f3583-d514-458a-a12e-480a02de0b81.json

761 lines
273 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b2f3583-d514-458a-a12e-480a02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:21:51.000Z",
"modified": "2018-06-24T06:21:51.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b2f3583-d514-458a-a12e-480a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:21:51.000Z",
"modified": "2018-06-24T06:21:51.000Z",
"name": "OSINT - Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems",
"published": "2018-06-24T07:17:16Z",
"object_refs": [
"x-misp-attribute--5b2f3599-ba2c-4e8e-b72b-470402de0b81",
"observed-data--5b2f35a6-e330-4e12-ab45-4ce402de0b81",
"url--5b2f35a6-e330-4e12-ab45-4ce402de0b81",
"indicator--5b2f3627-b4c8-402e-b448-458202de0b81",
"indicator--5b2f3627-8830-4caa-b2b8-492d02de0b81",
"indicator--5b2f3628-7c68-415b-91cd-4d4702de0b81",
"indicator--5b2f3628-8254-4b11-bdfc-4e7d02de0b81",
"indicator--5b2f364d-60f0-4e87-8e5d-45a302de0b81",
"indicator--5b2f364e-5fc0-4780-ba0f-4a9702de0b81",
"indicator--5b2f3664-0470-4030-b8e0-4b6202de0b81",
"indicator--5b2f367d-cb60-4e89-95d7-487d02de0b81",
"indicator--5b2f3698-ec44-4e8a-8550-454e02de0b81",
"observed-data--5b2f36a6-a27c-47d6-9ec3-45c802de0b81",
"mutex--5b2f36a6-a27c-47d6-9ec3-45c802de0b81",
"indicator--5b2f36ce-b3dc-4b08-9627-8e7702de0b81",
"indicator--5b2f36cf-7cb0-43c6-abb7-8e7702de0b81",
"indicator--5b2f36ef-22d4-4f51-8338-40e502de0b81",
"indicator--5b2f36ef-e8b4-4338-accf-4cf302de0b81",
"observed-data--5b2f456d-51f0-4675-86f9-446602de0b81",
"file--5b2f456d-51f0-4675-86f9-446602de0b81",
"artifact--5b2f456d-51f0-4675-86f9-446602de0b81",
"x-misp-object--c5e67388-9ebc-43d2-b001-316b11345631",
"x-misp-object--0df0343d-e5a6-45c5-8b09-4f3276602490",
"x-misp-object--0bf106d7-cee1-47c9-8080-36acc843d925",
"x-misp-object--a734632b-801c-4175-bd56-6c057028a9eb",
"x-misp-object--21ce0ec5-f2f4-41c0-a635-bc69610836ab",
"x-misp-object--edfd2583-84e7-487f-9a9e-7fbb87d8379b",
"x-misp-object--31f39214-38ff-45c1-a415-63747fe90600",
"x-misp-object--7ec69509-17fb-4ac7-955c-f4fd91b4bcdd",
"x-misp-object--c59716a3-9bf9-4f46-9de2-2a9c8c2a5dac",
"x-misp-object--a1a68b9a-e4fc-4510-b173-d6053aaa5dff",
"x-misp-object--84296bb9-543b-4a24-8a5f-ae3a78732236",
"x-misp-object--7ef213a8-48cd-4ed4-9025-e4d3bc89f628",
"x-misp-object--284023d6-8a13-480c-83d9-772fac6b2da9",
"x-misp-object--37a1e511-2dff-44eb-81ba-31e9e3b687c2",
2024-08-07 08:13:15 +00:00
"relationship--a8b7d4f5-c683-446f-aae0-711258248387",
"relationship--f04e3176-a0ac-449f-830a-6e88bed59918",
"relationship--63140850-c60c-4e5d-96bb-ebebe59cf298",
"relationship--f2531d2b-b578-4dc1-8d1f-17c50a2816ce",
"relationship--58bb65b0-9707-45d8-a137-2d9ac3e2c875",
"relationship--f564c20e-7948-4037-b5a3-ada672ba8f6d",
"relationship--903983b4-3662-4220-b6c9-25589bd66022"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Tick\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multi-Stage Channels - T1104\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Replication Through Removable Media - T1091\"",
"osint:source-type=\"blog-post\"",
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b2f3599-ba2c-4e8e-b72b-470402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:09:29.000Z",
"modified": "2018-06-24T06:09:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Tick is a cyberespionage group primarily targeting organizations in Japan and the Republic of Korea. The group is known to conduct attack campaigns with various custom malware such as Minzen, Datper, Nioupale (aka Daserf), and HomamDownloader. Unit 42 last wrote about the Tick group in July 2017.\r\n\r\nRecently, Palo Alto Networks Unit 42 discovered the Tick group targeted a specific type of secure USB drive created by a South Korean defense company. The USB drive and its management system have various features to follow security guidelines in South Korea.\r\n\r\nThe weaponization of a secure USB drive is an uncommon attack technique and likely done in an effort to spread to air-gapped systems, which are systems that do not connect to the public internet. In addition, our research shows that the malware used in these attacks will only try to infect systems running Microsoft Windows XP or Windows Server 2003. This is despite the fact that the malware appears to have been created when newer versions of Windows software were available. This would seem to indicate an intentional targeting of older, out-of-support versions of Microsoft Windows installed on systems with no internet connectivity. Air-gapped systems are common practice in many countries for government, military, and defense contractors, as well as other industry verticals.\r\n\r\nWe have not identified any public reporting on this attack, and we suspect the Tick group used the malware described in this report in attacks multiple years ago. Based on the data collected, we do not believe this malware is part of any active threat campaign.\r\n\r\nOur picture of this past attack is incomplete at this time. Based on our research thus far, we are able to sketch out the following hypothesized attack scenario:\r\n\r\n The Tick Group somehow compromised a secure type of USB drive and loaded a malicious file onto an unknown number of them. These USB drives are supposed to be certified as secure by the South Korean ITSCC (English).\r\n The Tick Group created a specific malware we are calling SymonLoader that somehow gets on older Windows systems and continuously looks for these specific USB drives.\r\n SymonLoader specifically targets Windows XP and Windows Server 2003 systems ONLY.\r\n If SymonLoader detects the presence of a specific type of secure USB drive, it will attempt to load the unknown malicious file using APIs that directly access the file system.\r\n\r\nIn the research below, we outline our findings around SymonLoader. We do not currently have either a compromised USB drive nor the unknown malicious file we believe is implanted on these devices. Because of this we are unable to describe the full attack sequence.\r\n\r\nBecause we do not have either a compromised USB drive or the unknown malicious file, we are also unable to determine how these USB drives have been compromised. Specifically, we do not know if there has been a successful compromise in the supply-chain making these devices, or if these have been compromised post-manufacturing and distributed using other means such as social engineering."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b2f35a6-e330-4e12-ab45-4ce402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:09:42.000Z",
"modified": "2018-06-24T06:09:42.000Z",
"first_observed": "2018-06-24T06:09:42Z",
"last_observed": "2018-06-24T06:09:42Z",
"number_observed": 1,
"object_refs": [
"url--5b2f35a6-e330-4e12-ab45-4ce402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b2f35a6-e330-4e12-ab45-4ce402de0b81",
"value": "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f3627-b4c8-402e-b448-458202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:11:51.000Z",
"modified": "2018-06-24T06:11:51.000Z",
"description": "Trojanized Legitimate Software",
"pattern": "[file:hashes.SHA256 = 'b1bb1d5f178b064eb1d7c9cc7cadcf8b3959a940c14cee457ce3aba5795660aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f3627-8830-4caa-b2b8-492d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:11:51.000Z",
"modified": "2018-06-24T06:11:51.000Z",
"description": "Trojanized Legitimate Software",
"pattern": "[file:hashes.SHA256 = '3227d1e39fc3bc842245ccdb16eeaadad3bcd298e811573b2e68ef2a7077f6f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f3628-7c68-415b-91cd-4d4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:11:52.000Z",
"modified": "2018-06-24T06:11:52.000Z",
"description": "Trojanized Legitimate Software",
"pattern": "[file:hashes.SHA256 = '92e0d0346774127024c672cc7239dd269824a79e85b84c532128fd9663a0ce78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:11:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f3628-8254-4b11-bdfc-4e7d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:11:52.000Z",
"modified": "2018-06-24T06:11:52.000Z",
"description": "Trojanized Legitimate Software",
"pattern": "[file:hashes.SHA256 = '33665d93ab2a0262551c61ec9a3adca2c2b8dfea34e6f3f723274d88890f6ceb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:11:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f364d-60f0-4e87-8e5d-45a302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:12:29.000Z",
"modified": "2018-06-24T06:12:29.000Z",
"description": "HomamDownloader",
"pattern": "[file:hashes.SHA256 = '019874898284935719dc74a6699fb822e20cdb8e3a96a7dc8ec4f625e3f1116e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f364e-5fc0-4780-ba0f-4a9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:12:30.000Z",
"modified": "2018-06-24T06:12:30.000Z",
"description": "HomamDownloader",
"pattern": "[file:hashes.SHA256 = 'f817c9826089b49d251b8a09a0e9bf9b4b468c6e2586af60e50afe48602f0bec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:12:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f3664-0470-4030-b8e0-4b6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:12:52.000Z",
"modified": "2018-06-24T06:12:52.000Z",
"description": "C2 of HomamDownloader",
"pattern": "[domain-name:value = 'pre.englandprevail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:12:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f367d-cb60-4e89-95d7-487d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:13:17.000Z",
"modified": "2018-06-24T06:13:17.000Z",
"description": "Malformed Legitimate software",
"pattern": "[file:hashes.SHA256 = '8549dcbdfc6885e0e7a1521da61352ef4f084d969dd30719166b47fdb204828a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:13:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f3698-ec44-4e8a-8550-454e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:13:44.000Z",
"modified": "2018-06-24T06:13:44.000Z",
"description": "SysmonLoader",
"pattern": "[file:hashes.SHA256 = '31aea8630d5d2fcbb37a8e72fe4e096d0f2d8f05e03234645c69d7e8b59bb0e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:13:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b2f36a6-a27c-47d6-9ec3-45c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:13:58.000Z",
"modified": "2018-06-24T06:13:58.000Z",
"first_observed": "2018-06-24T06:13:58Z",
"last_observed": "2018-06-24T06:13:58Z",
"number_observed": 1,
"object_refs": [
"mutex--5b2f36a6-a27c-47d6-9ec3-45c802de0b81"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b2f36a6-a27c-47d6-9ec3-45c802de0b81",
"name": "SysMonitor_3A2DCB47"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f36ce-b3dc-4b08-9627-8e7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:14:38.000Z",
"modified": "2018-06-24T06:14:38.000Z",
"pattern": "[file:name = '\\\\%ProgramFiles\\\\%\\\\Windows NT\\\\Accessories\\\\Microsoft\\\\msxml.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:14:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f36cf-7cb0-43c6-abb7-8e7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:14:39.000Z",
"modified": "2018-06-24T06:14:39.000Z",
"pattern": "[file:name = '\\\\%UserProfile\\\\%\\\\Applications\\\\Microsoft\\\\msxml.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:14:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f36ef-22d4-4f51-8338-40e502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:15:11.000Z",
"modified": "2018-06-24T06:15:11.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\Microsof\\\\Windows\\\\CurrentVersion\\\\run\\\\\u00e2\u20ac\u009dxml\u00e2\u20ac\u009d' AND windows-registry-key:values.data = '\\\\%ProgramFiles\\\\%\\\\Windows NT\\\\Accessories\\\\Microsoft\\\\msxml.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b2f36ef-e8b4-4338-accf-4cf302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:15:11.000Z",
"modified": "2018-06-24T06:15:11.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Microsof\\\\Windows\\\\CurrentVersion\\\\run\\\\\u00e2\u20ac\u009dxml\u00e2\u20ac\u009d' AND windows-registry-key:values.data = '\\\\%UserProfile\\\\%\\\\Applications\\\\Microsoft\\\\msxml.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-24T06:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b2f456d-51f0-4675-86f9-446602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T07:17:01.000Z",
"modified": "2018-06-24T07:17:01.000Z",
"first_observed": "2018-06-24T07:17:01Z",
"last_observed": "2018-06-24T07:17:01Z",
"number_observed": 1,
"object_refs": [
"file--5b2f456d-51f0-4675-86f9-446602de0b81",
"artifact--5b2f456d-51f0-4675-86f9-446602de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b2f456d-51f0-4675-86f9-446602de0b81",
"name": "tick_1.png",
"content_ref": "artifact--5b2f456d-51f0-4675-86f9-446602de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b2f456d-51f0-4675-86f9-446602de0b81",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA5gAAAKKCAYAAABYofSZAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAXEgAAFxIBZ5/SUgAAQABJREFUeAHsvflzZNdxLpioQlVhaTTQ+8Lm0gvZJEVS3Bdx0S7Llix5kSV5fzG2YzwR/m0iJiZm/og3MRPPfnqy/WTLb2zJY0uyZUkUF3ET953dzd7Z7H1v7EAVUIX5vryVVRcguhsoAHXPLeQhq6twqu69eb4899z8TubJ0/b6669PiRdHwBFwBBwBR8ARcAQcAUcgQASKxaK0ZTKSz+VUuqmpKWFdtj0rufaoLkmxJyYmpFwuS0dHR02MUqkkU/ivkC/U6lrlA9vK9hXyeclks9qsyclJIQ6FQkEy0FWShf1jHP2jHbLlqn2mUqlon8nnc5LNticp3qJf2/SRhz6yCeuD98D4+PgPk+0Biw6xn9ARcAQcAUfAEXAEHAFHoFUQIHEhOWhvr5MC1rG0B0IUTDaTS2WDvJVyRYmnCttC/7CdJDJGLknoWEcckiaXhLmtrU1lmZwsC2VjoVyUmXJanX7RAv+YPoxcmj6yCerDCWYLdCxvgiPgCDgCjoAj4Ag4Aq2GgBnKSlxAGlhINpXMwDNFIhFCqROaOnlpVUJD7CsgbUaqiT/rWOJ1WpHgP5SFeqFX1Uo7+gz5Jj1+rVLYlpkTMOVypI8cMEiqOMFMCnm/riPgCDgCjoAj4Ag4Ao7AZRGYrBrKceJCMkPyxvDHkIrJaGSLspHQVCpTLURoIk+lei+rYbBG+HO5iNCFohNOPbRDpnIlImCUKwPCSa/eRAt5MdmWafoAg56YiLzJSU7AOMEM5U5wORwBR8ARcAQcAUfAEXAEFAESlzKMZ66hM0OZ3hq+bF1daFBRLvXwQXYWEhqSHNa1QlgmiYuAucU9Y0b4M5mwCD/x5yQEJyOmeTFRR/JJYpb2om2Yqky7HybhsTXveZLtc4KZJPp+bUfAEXAEHAFHwBFwBByBjyBA4tLWFq2bsy9nemusPpR38yTFyYt5WtmeNBeGxXJNYzuSKs0k/PG60NrIJFDqZa2GxVJ2TgQwjJT1aS2qD/VUxvTBSRm0MwR9OMFMa89yuR0BR8ARcAQcAUfAEWhBBGbzVJoXMFTvpamB8lWqnlbWGaGh/GkmNJFnDB7ZWGgyPYMk1dlsuHRCw6kRFkv5zYusEwGYvIh7Nk1/aXmv6SO2zpJ1oegj3B6RFg27nI6AI+AIOAKOgCPgCDgCi4bATE8liQHJQA7bkpj3bNEutsgnsvBEtmEaoWGo5mQ94cwiX3ZJT1cj/HEyw/bhqqETfgJj62PZDis6EQCP32Sszr4L/d30Ye2ivDaBwZDsEIoTzBC04DI4Ao6AI+AIOAKOgCPgCKihDFdfjRQQEhrPJJYM/UtDUdLFkNIYeYk8m+nbtoQkmfir16/qvbQ6EpzQCT/7S9R3pq+F1YmAGZ7NNPQtknrTB3XCUtdHDut+w6B2YUih8Pg/joAj4Ag4Ao6AI+AIOALLFQEayhp2CcOfBIBF18+B4KSFXFLmyxIaEIK0hWXSW0YdMCOuFRIclrgHzb4L9d1kjeNvyYrins1Q5Te5GH6t+pjhTeb31kb7bZLvTjCTRN+v7Qg4Ao6AI+AIOAKOgCOgCEwihJSJfeKGMglB5G0KL0vpldQWrfPjPoyl2s8snNQIWu2LQD9M94xFe44a4WdboppAhZ9FrFwur0lwyiDMLPGJALYr9GITMLw/PjIBQ30EpBAnmKH3JpfPEXAEHAFHwBFwBByBFkcgIi7cgqQedskQU9ankcwYeSmXERb7EUIzIcwCGnoxItyOta9WaoS/Gp5p9Wl4ZzKiDORmMhwrJGvUlbXV6kN8NxnjEzCsI9mMJ18KQXYnmCFowWVwBBwBR8ARcAQcAUdgGSMwk7io9wxEIO6tSRs8UUbPyxCaGMkJsV3TPJVV11ic8Ico81xk0rWwIPxG1ngMw38tcc5czpHEb0wfTOJDQsxiMptnPAm5LndNJ5iXQ8brHQFHwBFwBBwBR8ARcASWHAFb5xc3lG1dXNxbs+SCLMEFZiU0SFZk5GAJLrkop2xFwk9gMiBn7FPTsvzCA8jJgDjpXBQQF/EkdU9llCU2Cl+OtiWxcNlFvNyCT+UEc8EQ+gkcAUfAEXAEHAFHwBFwBBpBwAzluKcyvtbMvDWNnDuEYyxUlgSB7WKpeTZjdSHIajIo4Z+KQpOtbnIy2uIj7YSf7WEb6AOME0rWqZcwlvnX2p70O8OsKxWGj9cTLUU6iryvScs32/WdYM6Gitc5Ao6AI+AIOAKOgCPgCCw5AmooV6amJfYxbw2JWCsU25twGqFBqCMJDV+hFXovs9mZiWRQV12vGJq885VHST/IGvVRQd9j0XWMaB8TTYW2Ola9yTF9xCdg6JENsTjBDFErLpMj4Ag4Ao6AI+AIOAItjoCtK6NnxjyVVsd1cVaXdhja4C9je2wNI9vD/QrpNSN5MM9mCO3U0FEIYlt4UCYSsbYAE8ksBC9OXpBUToBQWlHvLNjlxES0DYvVJ/lO7Nk/4vqgjpQkBzwB4wQzyV7j13YEHAFHwBFwBBwBR2CZImAePXrGrETes6xkYfy3UlFCA2+TtZltU0KD93hdkm0mkSmDvJDMGLkn4S8zPDNWl6SMi3Vt+v00LFYzFUfhv0ra0E5iEIJnmfpg34hnVlZ9lFkX9gRMa929i9Xr/DyOgCPgCDgCjoAj4Ag4AkuGQGQog7jkYShXrxKFy05f+7dkAjT5xGwjSQHbGN+2hMSNJCKEbUsiz1id+BIiDc/MgPAH7C1rVJVsE19xjyVJZyYzfSKg0fMv9DibeLCJCJ6PstL7Hbo+nGAuVPt+vCPgCDgCjoAj4Ag4Ao7AvBCoeyqjdZb01rCOxrR5z+Z1whT8mCGZEaGph2XSe8v6+N6MSTRFCT+Ibjsy3FqxkN54eKZ91yrvJP3mKbQ2hbBtCfUReS/r+ogmYKYn+zGZQ3uvxySEJpnL4wg4Ao6AI+AIOAKOgCMQDAI0xPli4b/medSKefxD45nnoXFvZTZvjX3XSu8k0KViUcmDeaaIQ5F18G4mlbRlpqdSSVeV8JMAt2rhZAYTGrH/kfzr39WJANYlNdkxmz50UqY6IRG6Ppxghq4hl88RcAQcAUfAEXAEHIEAEKCBSy/KYhSSKyMuDA81b01SBv1itGku51AvJtoeJzRax1DNUmkup5j1N20Im5zC1iKNFuKeR7iyFcrHYiTY6lvxvb09i349WeuDbKORfhL/JMpMfdh9lxZvshPMJHqNX9MRcAQcAUfAEXAEHIGUIUCjO+51XIj4cSIZeWuirKoLOWdajiVp476GXE9npC6fz9e8w0m1w3QSD8+0uqRkasZ12Ub26xIIfobrMuHBZF2hUGjG5S97DcOe+uA9Qhmt7rIHBfKFE8xAFOFiOAKOgCPgCDgCjoAjEDICS2Hc0niuwCtKgrVcCnFkWCZJw9RUfc3pUuDbCKb0lkHEZeG9NHwsPJYZZLPVvhiaPthn0lLSI2laEHU5HQFHwBFwBBwBR8ARaCEEbN3lYjbJjPcoPBRJbhCiGHpmzMVs/+Rkubbmz867IJzJCKvrY+1883rH8bamlnrQkFEQzXZ8Xg6lXI7WBce3zNHVxgvBdCHATdMHtk7B/cHtYtKiDyeYC1G+H+sIOAKOgCPgCDgCjkALI2DheVFqn3pDSYaMJNZr5/gJxzJM1Nb3MXOpJblJiwE9x5bO+jNuB4J0SQh5rHtta+tbSRQbKNTFgggqrlmA547nIenPMPENPKwWLtqASKk5hLhNTKKt1fBYCs46hszO7PdzbhSO19KgPnksvfpM+sRtUzQRUYr04QQzUr//6wg4Ao6AI+AIOAKOgCMwEwEYuEYEp31FA7pB41lJK0gW17tFBnS0/nI5EBoSF4ZhElMj6MSDSXVYR3LXWCExbZgOKcEiybVQZSaTKcKDacmXGpMpHUcxJHgKOmiPrbnUSQDoaiFrjhdwiwD3CSX4pg/2DcqZFn04wUxH33cpHQFHwBFwBBwBR8ARaDo
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c5e67388-9ebc-43d2-b001-316b11345631",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:45.000Z",
"modified": "2018-06-24T06:17:45.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0df0343d-e5a6-45c5-8b09-4f3276602490",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:44.000Z",
"modified": "2018-06-24T06:17:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0bf106d7-cee1-47c9-8080-36acc843d925",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:48.000Z",
"modified": "2018-06-24T06:17:48.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a734632b-801c-4175-bd56-6c057028a9eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:46.000Z",
"modified": "2018-06-24T06:17:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--21ce0ec5-f2f4-41c0-a635-bc69610836ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:50.000Z",
"modified": "2018-06-24T06:17:50.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--edfd2583-84e7-487f-9a9e-7fbb87d8379b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:48.000Z",
"modified": "2018-06-24T06:17:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--31f39214-38ff-45c1-a415-63747fe90600",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:52.000Z",
"modified": "2018-06-24T06:17:52.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7ec69509-17fb-4ac7-955c-f4fd91b4bcdd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:51.000Z",
"modified": "2018-06-24T06:17:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c59716a3-9bf9-4f46-9de2-2a9c8c2a5dac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:55.000Z",
"modified": "2018-06-24T06:17:55.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a1a68b9a-e4fc-4510-b173-d6053aaa5dff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:53.000Z",
"modified": "2018-06-24T06:17:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--84296bb9-543b-4a24-8a5f-ae3a78732236",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:57.000Z",
"modified": "2018-06-24T06:17:57.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7ef213a8-48cd-4ed4-9025-e4d3bc89f628",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:56.000Z",
"modified": "2018-06-24T06:17:56.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--284023d6-8a13-480c-83d9-772fac6b2da9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:18:00.000Z",
"modified": "2018-06-24T06:18:00.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--37a1e511-2dff-44eb-81ba-31e9e3b687c2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:17:58.000Z",
"modified": "2018-06-24T06:17:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--a8b7d4f5-c683-446f-aae0-711258248387",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:17:59.000Z",
"modified": "2018-06-24T06:17:59.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--c5e67388-9ebc-43d2-b001-316b11345631",
"target_ref": "x-misp-object--0df0343d-e5a6-45c5-8b09-4f3276602490"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f04e3176-a0ac-449f-830a-6e88bed59918",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:17:59.000Z",
"modified": "2018-06-24T06:17:59.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--0bf106d7-cee1-47c9-8080-36acc843d925",
"target_ref": "x-misp-object--a734632b-801c-4175-bd56-6c057028a9eb"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--63140850-c60c-4e5d-96bb-ebebe59cf298",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:17:59.000Z",
"modified": "2018-06-24T06:17:59.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--21ce0ec5-f2f4-41c0-a635-bc69610836ab",
"target_ref": "x-misp-object--edfd2583-84e7-487f-9a9e-7fbb87d8379b"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f2531d2b-b578-4dc1-8d1f-17c50a2816ce",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:18:00.000Z",
"modified": "2018-06-24T06:18:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--31f39214-38ff-45c1-a415-63747fe90600",
"target_ref": "x-misp-object--7ec69509-17fb-4ac7-955c-f4fd91b4bcdd"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--58bb65b0-9707-45d8-a137-2d9ac3e2c875",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:18:00.000Z",
"modified": "2018-06-24T06:18:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--c59716a3-9bf9-4f46-9de2-2a9c8c2a5dac",
"target_ref": "x-misp-object--a1a68b9a-e4fc-4510-b173-d6053aaa5dff"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f564c20e-7948-4037-b5a3-ada672ba8f6d",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:18:00.000Z",
"modified": "2018-06-24T06:18:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--84296bb9-543b-4a24-8a5f-ae3a78732236",
"target_ref": "x-misp-object--7ef213a8-48cd-4ed4-9025-e4d3bc89f628"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--903983b4-3662-4220-b6c9-25589bd66022",
2023-04-21 14:44:17 +00:00
"created": "2018-06-24T06:18:00.000Z",
"modified": "2018-06-24T06:18:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--284023d6-8a13-480c-83d9-772fac6b2da9",
"target_ref": "x-misp-object--37a1e511-2dff-44eb-81ba-31e9e3b687c2"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}