2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5a54ad87-3328-4dde-aa9f-4a7e950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T03:00:24.000Z" ,
"modified" : "2018-01-12T03:00:24.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a54ad87-3328-4dde-aa9f-4a7e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T03:00:24.000Z" ,
"modified" : "2018-01-12T03:00:24.000Z" ,
"name" : "OSINT - MICROCIN MALWARE" ,
"published" : "2018-02-16T08:46:21Z" ,
"object_refs" : [
"observed-data--5a54adfd-02a8-4e79-96fa-4b61950d210f" ,
"url--5a54adfd-02a8-4e79-96fa-4b61950d210f" ,
"observed-data--5a54adfd-28c4-4050-9631-435a950d210f" ,
"url--5a54adfd-28c4-4050-9631-435a950d210f" ,
"indicator--5a571d5a-4528-4ebb-a311-099a950d210f" ,
"indicator--5a571d5a-b69c-4bc7-bbf3-099a950d210f" ,
"indicator--5a571d5a-dc2c-4cba-bb59-099a950d210f" ,
"indicator--5a571d5a-a0b8-4492-a896-099a950d210f" ,
"indicator--5a571d5a-3368-4bfd-85fa-099a950d210f" ,
"indicator--5a571d5a-e770-443e-8d1f-099a950d210f" ,
"indicator--5a571d5a-bea0-4630-807a-099a950d210f" ,
"indicator--5a571dad-c290-481e-8188-4a23950d210f" ,
"indicator--5a571dae-3804-47b1-91da-47a3950d210f" ,
"indicator--5a571dae-f3f8-4ca1-8b83-4ed4950d210f" ,
"indicator--5a571dae-a8a4-4182-8080-4027950d210f" ,
"indicator--5a571dae-1cdc-4b24-9c68-4592950d210f" ,
"indicator--5a571dae-a4c0-45e4-a33c-4d5c950d210f" ,
"indicator--5a571dae-ea7c-447f-b125-44de950d210f" ,
"indicator--5a571dae-8030-4e44-81b5-4c26950d210f" ,
"indicator--5a571dae-b950-4557-b466-4823950d210f" ,
"indicator--5a571dae-9e10-47b9-a693-438a950d210f" ,
"indicator--5a571dae-3e74-4e95-97eb-4cff950d210f" ,
"indicator--5a571dae-ded8-40c0-b51d-4ef1950d210f" ,
"indicator--5a571dae-1d70-440c-b888-4466950d210f" ,
"x-misp-attribute--5a571dce-ed9c-439a-bb6f-0ee0950d210f" ,
"indicator--5a571880-d098-4276-b23e-439a950d210f" ,
"indicator--0dae0b43-76e3-49a2-b984-c7cbd3ca6e02" ,
"x-misp-object--200574ab-5db2-4aef-a3a9-db2d4870285b" ,
"indicator--872eb001-bd68-4082-a707-f69e00ab1cfe" ,
"x-misp-object--f06f8919-d425-414c-94d9-6461c49c81b1" ,
"indicator--2c34de1e-5ccd-4750-b921-dbc1e57b4cb3" ,
"x-misp-object--c688bc3b-d1af-443c-8363-d44c27a98060" ,
"indicator--7613cc8b-ce21-4638-9ef6-3497d9415329" ,
"x-misp-object--67d648f6-ac84-40ae-9edf-90144cd3b7d3" ,
"indicator--9c677e93-f664-4a47-a479-c7807c12d2aa" ,
"x-misp-object--f12656a4-afc0-4caf-b4d0-00701f6754bc" ,
"indicator--f669bde1-8c02-4eca-953c-eba3dffcaf5a" ,
"x-misp-object--1ffb93b4-6850-494f-82bd-0b0b9a00c94d" ,
"x-misp-object--816abaaf-b4ea-468d-927d-b81c1ebe62b7" ,
2023-12-14 13:47:04 +00:00
"relationship--c408abc5-f9f9-443d-9b98-605429e847b3" ,
"relationship--269e2944-b3e4-454c-a6ba-a5cae2b7eec8" ,
"relationship--033de17e-bc8e-482f-bbf7-3535cadabbad" ,
"relationship--8dee70cc-b9fe-4a93-bc4a-755020c824a2" ,
"relationship--8b86420a-9eea-4d2d-8530-f65a567d3c4f" ,
"relationship--bad8a1b7-031c-4922-b526-dab243098c00" ,
"relationship--9b6369d5-b30c-4d16-9d8a-608aa0cf7099"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\"" ,
"osint:source-type=\"blog-post\"" ,
"osint:source-type=\"technical-report\"" ,
"misp-galaxy:threat-actor=\"Microcin\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a54adfd-02a8-4e79-96fa-4b61950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T13:30:38.000Z" ,
"modified" : "2018-01-11T13:30:38.000Z" ,
"first_observed" : "2018-01-11T13:30:38Z" ,
"last_observed" : "2018-01-11T13:30:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a54adfd-02a8-4e79-96fa-4b61950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"technical-report\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a54adfd-02a8-4e79-96fa-4b61950d210f" ,
"value" : "https://cdn.securelist.com/files/2017/09/Microcin_Technical_4PDF_eng_final_s.pdf"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a54adfd-28c4-4050-9631-435a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T13:30:38.000Z" ,
"modified" : "2018-01-11T13:30:38.000Z" ,
"first_observed" : "2018-01-11T13:30:38Z" ,
"last_observed" : "2018-01-11T13:30:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a54adfd-28c4-4050-9631-435a950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a54adfd-28c4-4050-9631-435a950d210f" ,
"value" : "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-4528-4ebb-a311-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = '371bae0fc70563c7fa1ec0e3a0f037f4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-b69c-4bc7-bbf3-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = 'f4deeb3db67bae6cc224802fbad1f3f6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-dc2c-4cba-bb59-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = '3f288e450a375a26bd9c4de7f2bcfd66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-a0b8-4492-a896-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = '7bcf447a93fd37d068ec27dd04c301cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-3368-4bfd-85fa-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = '873105f03ae425101ea206dcd6bc539f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-e770-443e-8d1f-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = 'ab6544e1eba3af3f5236d99b755c701c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571d5a-bea0-4630-807a-099a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:16:26.000Z" ,
"modified" : "2018-01-11T08:16:26.000Z" ,
"description" : "malicious documents" ,
"pattern" : "[file:hashes.MD5 = '6e006124678ffc18458d1322de6232a7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dad-c290-481e-8188-4a23950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:49.000Z" ,
"modified" : "2018-01-11T08:17:49.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '056f811ef41c213b037008300b0daf0d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-3804-47b1-91da-47a3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '3ebcacb207b33bd5376d00b24cb3386c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-f3f8-4ca1-8b83-4ed4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '4644ce606ab4b62622e4a9e6a80d792d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-a8a4-4182-8080-4027950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '4ba4346984a380e22afaccff78688a54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-1cdc-4b24-9c68-4592950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '60cb9e553884085700e359e5367d5fb4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-a4c0-45e4-a33c-4d5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '7771e1738fc2e4de210ac06a5e62c534']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-ea7c-447f-b125-44de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '7a290a29ea0d84e4475e021fa87ec466']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-8030-4e44-81b5-4c26950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '7d8ee0e91cd88bb36d84d52d1d796dea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-b950-4557-b466-4823950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = 'a54966098b2281e4b75b747dbb52f431']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-9e10-47b9-a693-438a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = 'a5c7b7a26fa0f15cbf7bdd3db597fbe6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-3e74-4e95-97eb-4cff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = 'dc6c8bae242c43dad76970329270155e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-ded8-40c0-b51d-4ef1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '335cb36cc21c47b849d370a892d759b8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571dae-1d70-440c-b888-4466950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T08:17:50.000Z" ,
"modified" : "2018-01-11T08:17:50.000Z" ,
"description" : "backdoors" ,
"pattern" : "[file:hashes.MD5 = '948fecf6a044b79de79dc69e09d9979b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T08:17:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a571dce-ed9c-439a-bb6f-0ee0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T13:30:38.000Z" ,
"modified" : "2018-01-11T13:30:38.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "We\u00e2\u20ac\u2122re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago \u00e2\u20ac\u201c we named it \u00e2\u20ac\u02dcMicrocin\u00e2\u20ac\u2122 after microini, one of the malicious components used in it.\r\n\r\nWe detected a suspicious RTF file. The document contained an exploit to the previously known and patched vulnerability CVE-2015-1641; however, its code had been modified considerably. Remarkably, the malicious document was delivered via websites that targeted a very narrow audience, so we suspected early on that we were dealing with a targeted attack. The threat actors took aim at users visiting forums with discussions on the state-subsidized housing that Russian military personnel and their families are entitled to."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a571880-d098-4276-b23e-439a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T07:55:47.000Z" ,
"modified" : "2018-01-11T07:55:47.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a50b6ec77276cf235eaf2d14665bdb5c' AND file:name = '\u00d0\u0161\u00d0\u00b0\u00d0\u00ba\u00d0\u0178\u00d1\u20ac\u00d0\u00b8\u00d0\u00bd\u00d0\u00b8\u00d0\u00bc\u00d0\u00b0\u00d1\u201a\u00d1\u0152\u00d0\u0161\u00d0\u00b2\u00d0\u00b0\u00d1\u20ac\u00d1\u201a\u00d0\u00b8\u00d1\u20ac\u00d1\u0192-1.rtf' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T07:55:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0dae0b43-76e3-49a2-b984-c7cbd3ca6e02" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:49.000Z" ,
"modified" : "2018-01-11T11:30:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '873105f03ae425101ea206dcd6bc539f' AND file:hashes.SHA1 = 'bd10265d0be8839ed7dc0fb576fb8901c347729b' AND file:hashes.SHA256 = 'c950c3fa513a487acfe2f1809e8e25e39d407fdf51553f272af81d2368cbeb0c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T11:30:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--200574ab-5db2-4aef-a3a9-db2d4870285b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:46.000Z" ,
"modified" : "2018-01-11T11:30:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c950c3fa513a487acfe2f1809e8e25e39d407fdf51553f272af81d2368cbeb0c/analysis/1513681658/" ,
"category" : "External analysis" ,
"comment" : "malicious documents" ,
"uuid" : "5a574ae6-cde4-4bb3-9721-4f2602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/60" ,
"category" : "Other" ,
"comment" : "malicious documents" ,
"uuid" : "5a574ae6-aea0-4b56-ab17-407602de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-19T11:07:38" ,
"category" : "Other" ,
"comment" : "malicious documents" ,
"uuid" : "5a574ae6-b690-4d21-b83f-43b202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--872eb001-bd68-4082-a707-f69e00ab1cfe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:49.000Z" ,
"modified" : "2018-01-11T11:30:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '335cb36cc21c47b849d370a892d759b8' AND file:hashes.SHA1 = '150b8350ec483781d8d7a0643e6462c7a6e4d2a0' AND file:hashes.SHA256 = 'cbd43e70dc55e94140099722d7b91b07a3997722d4a539ecc4015f37ea14a26e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T11:30:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f06f8919-d425-414c-94d9-6461c49c81b1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:46.000Z" ,
"modified" : "2018-01-11T11:30:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cbd43e70dc55e94140099722d7b91b07a3997722d4a539ecc4015f37ea14a26e/analysis/1510610117/" ,
"category" : "External analysis" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae6-dacc-491e-9acf-4d9002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/68" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae6-3560-46cb-8a05-401e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-13T21:55:17" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae6-7a5c-42bf-88e8-481302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2c34de1e-5ccd-4750-b921-dbc1e57b4cb3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:49.000Z" ,
"modified" : "2018-01-11T11:30:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '7d8ee0e91cd88bb36d84d52d1d796dea' AND file:hashes.SHA1 = 'a0f68ae3f0263b5443b133b07701174947fa6105' AND file:hashes.SHA256 = '8a7d04229722539f2480270851184d75b26c375a77b468d8cbad6dbdb0c99271']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T11:30:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c688bc3b-d1af-443c-8363-d44c27a98060" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:46.000Z" ,
"modified" : "2018-01-11T11:30:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8a7d04229722539f2480270851184d75b26c375a77b468d8cbad6dbdb0c99271/analysis/1514186505/" ,
"category" : "External analysis" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae6-ec14-4891-8080-4da102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/67" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae6-0d04-4491-906c-48d402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-25T07:21:45" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae6-831c-4274-8dc7-424702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7613cc8b-ce21-4638-9ef6-3497d9415329" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:49.000Z" ,
"modified" : "2018-01-11T11:30:49.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a50b6ec77276cf235eaf2d14665bdb5c' AND file:hashes.SHA1 = '938c879b547ca71a332308f6d9c87252b9addc59' AND file:hashes.SHA256 = '66f0cbc0aa7e96bf937d5fb72374be454d1d6a6c85860df9d8ee8a26adc2a75e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T11:30:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--67d648f6-ac84-40ae-9edf-90144cd3b7d3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:47.000Z" ,
"modified" : "2018-01-11T11:30:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/66f0cbc0aa7e96bf937d5fb72374be454d1d6a6c85860df9d8ee8a26adc2a75e/analysis/1513683573/" ,
"category" : "External analysis" ,
"uuid" : "5a574ae7-62ec-42c6-8cfe-4d4302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/60" ,
"category" : "Other" ,
"uuid" : "5a574ae7-8120-474c-a223-45b502de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-19T11:39:33" ,
"category" : "Other" ,
"uuid" : "5a574ae7-ba08-4b5a-abb8-47ad02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9c677e93-f664-4a47-a479-c7807c12d2aa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:50.000Z" ,
"modified" : "2018-01-11T11:30:50.000Z" ,
"pattern" : "[file:hashes.MD5 = '948fecf6a044b79de79dc69e09d9979b' AND file:hashes.SHA1 = 'f7b8ef6431039ae12d4e7b1b997c1cc56e062611' AND file:hashes.SHA256 = '871ab24fd6ae15783dd9df5010d794b6121c4316b11f30a55f23ba37eef4b87a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T11:30:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f12656a4-afc0-4caf-b4d0-00701f6754bc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:47.000Z" ,
"modified" : "2018-01-11T11:30:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/871ab24fd6ae15783dd9df5010d794b6121c4316b11f30a55f23ba37eef4b87a/analysis/1510036080/" ,
"category" : "External analysis" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae7-7408-4685-9c0e-472202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/67" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae7-5c38-403b-8e2e-477902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-07T06:28:00" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae7-f7b0-4743-a008-42ac02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f669bde1-8c02-4eca-953c-eba3dffcaf5a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:50.000Z" ,
"modified" : "2018-01-11T11:30:50.000Z" ,
"pattern" : "[file:hashes.MD5 = '3ebcacb207b33bd5376d00b24cb3386c' AND file:hashes.SHA1 = 'c4dfcaac739910a4c1c7171ed9902b2c7bb36b0b' AND file:hashes.SHA256 = '9dd9bb13c2698159eb78a0ecb4e8692fd96ca4ecb50eef194fa7479cb65efb7c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-11T11:30:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1ffb93b4-6850-494f-82bd-0b0b9a00c94d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T11:30:47.000Z" ,
"modified" : "2018-01-11T11:30:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9dd9bb13c2698159eb78a0ecb4e8692fd96ca4ecb50eef194fa7479cb65efb7c/analysis/1511174150/" ,
"category" : "External analysis" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae7-0008-4f5f-b89f-4b9002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/67" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae7-0bc0-4893-8517-4ff402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-20T10:35:50" ,
"category" : "Other" ,
"comment" : "backdoors" ,
"uuid" : "5a574ae7-4020-4d97-abe2-456c02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--816abaaf-b4ea-468d-927d-b81c1ebe62b7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-11T13:30:38.000Z" ,
"modified" : "2018-01-11T13:30:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/66f0cbc0aa7e96bf937d5fb72374be454d1d6a6c85860df9d8ee8a26adc2a75e/analysis/1513683573/" ,
"category" : "External analysis" ,
"uuid" : "5a5766fe-7e0c-4c7c-802d-424102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/60" ,
"category" : "Other" ,
"uuid" : "5a5766fe-e0b8-4fb4-9625-438a02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-19T11:39:33" ,
"category" : "Other" ,
"uuid" : "5a5766fe-2d04-45ff-a0b6-431302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--c408abc5-f9f9-443d-9b98-605429e847b3" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:20.000Z" ,
"modified" : "2018-02-16T08:46:20.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5a571880-d098-4276-b23e-439a950d210f" ,
"target_ref" : "x-misp-object--816abaaf-b4ea-468d-927d-b81c1ebe62b7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--269e2944-b3e4-454c-a6ba-a5cae2b7eec8" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:20.000Z" ,
"modified" : "2018-02-16T08:46:20.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--0dae0b43-76e3-49a2-b984-c7cbd3ca6e02" ,
"target_ref" : "x-misp-object--200574ab-5db2-4aef-a3a9-db2d4870285b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--033de17e-bc8e-482f-bbf7-3535cadabbad" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:20.000Z" ,
"modified" : "2018-02-16T08:46:20.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--872eb001-bd68-4082-a707-f69e00ab1cfe" ,
"target_ref" : "x-misp-object--f06f8919-d425-414c-94d9-6461c49c81b1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--8dee70cc-b9fe-4a93-bc4a-755020c824a2" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:21.000Z" ,
"modified" : "2018-02-16T08:46:21.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--2c34de1e-5ccd-4750-b921-dbc1e57b4cb3" ,
"target_ref" : "x-misp-object--c688bc3b-d1af-443c-8363-d44c27a98060"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--8b86420a-9eea-4d2d-8530-f65a567d3c4f" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:21.000Z" ,
"modified" : "2018-02-16T08:46:21.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--7613cc8b-ce21-4638-9ef6-3497d9415329" ,
"target_ref" : "x-misp-object--67d648f6-ac84-40ae-9edf-90144cd3b7d3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--bad8a1b7-031c-4922-b526-dab243098c00" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:21.000Z" ,
"modified" : "2018-02-16T08:46:21.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--9c677e93-f664-4a47-a479-c7807c12d2aa" ,
"target_ref" : "x-misp-object--f12656a4-afc0-4caf-b4d0-00701f6754bc"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--9b6369d5-b30c-4d16-9d8a-608aa0cf7099" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-02-16T08:46:21.000Z" ,
"modified" : "2018-02-16T08:46:21.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--f669bde1-8c02-4eca-953c-eba3dffcaf5a" ,
"target_ref" : "x-misp-object--1ffb93b4-6850-494f-82bd-0b0b9a00c94d"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}