2023-06-14 17:31:25 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5cacf210-9ecc-4a53-90a5-4c6a02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-10T09:38:25.000Z" ,
"modified" : "2019-04-10T09:38:25.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--5cacf210-9ecc-4a53-90a5-4c6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-10T09:38:25.000Z" ,
"modified" : "2019-04-10T09:38:25.000Z" ,
"name" : "OSINT - Flame 2.0: Risen from the Ashes" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"observed-data--5cacf25c-be88-4f49-9371-486d02de0b81" ,
"url--5cacf25c-be88-4f49-9371-486d02de0b81" ,
"x-misp-attribute--5cacf275-91f8-48f8-86b3-4a6602de0b81" ,
"indicator--5cacf524-c7cc-4a00-bcf6-0c6a02de0b81" ,
"indicator--5cacf2d6-8170-4ec2-8fa9-42a202de0b81" ,
"indicator--5cacf361-d240-4b8b-89c1-479e02de0b81" ,
"indicator--5cacf3a6-2794-4cca-b073-4d0102de0b81" ,
"indicator--5cacf3d5-4984-4241-beef-4ecd02de0b81" ,
"indicator--5cacf425-1e2c-467f-b0d9-4b9a02de0b81" ,
"indicator--5cacf45c-a150-42cc-91d0-472b02de0b81" ,
"indicator--5cacf4a2-992c-465c-b7e7-470f02de0b81" ,
"indicator--5cacf4eb-ea8c-4cef-bbf0-4f8b02de0b81" ,
"indicator--3ebf26f8-6710-4b32-a4a0-15d339e5350f" ,
"x-misp-object--019aaeec-55dd-4ce1-b20a-d92710b6b041" ,
"indicator--8697b11b-da93-4d4f-b701-a09aab24cb0d" ,
"x-misp-object--e44af2bf-950a-474b-8042-113d217e5f63" ,
"indicator--48fb1669-d25d-4800-a4bd-443720406f95" ,
"x-misp-object--be651b15-0ff4-4119-9a0a-de4730dc814d" ,
"indicator--7cc0330c-8e97-4662-8588-c4d54f58407c" ,
"x-misp-object--5cf63775-757f-43f1-94ea-a33377e12cd1" ,
"indicator--c301c4d8-3408-4e94-ac87-70c6b3f8d7a7" ,
"x-misp-object--d0ff9ea2-f4ed-4174-b077-308b005ae017" ,
"indicator--8c4f64e3-e346-40b6-b06f-8575a9ce1a83" ,
"x-misp-object--9a473378-5c49-4dc1-a58b-38b7ac011d49" ,
"indicator--287dff0c-5d73-4dca-badb-6de37ea6e766" ,
"x-misp-object--6e6742a5-13ab-483f-a968-22170d66e6e2" ,
"indicator--8403c5f0-33ff-475b-b1f1-aa1df43eff9d" ,
"x-misp-object--13e40b04-1b14-4396-9507-786fb8ee0191" ,
"x-misp-object--5cad948e-7a68-4202-ac52-46ea950d210f" ,
"relationship--e5c8cca4-7940-47bd-9483-ceb684b7c3fc" ,
"relationship--78db3ee8-54d8-48df-a558-b495108302e6" ,
"relationship--cef6d59f-b6db-49b4-b051-cb8a1c6e2b0e" ,
"relationship--46517332-3515-4214-8480-23adbbc62d4f" ,
"relationship--d013b5cd-4f9e-46b2-ac6e-fe452bcd243f" ,
"relationship--713c5ed4-7487-470d-911c-ff52054dcc2d" ,
"relationship--4fa75e1a-d745-49c9-ba6c-a7890059bf96" ,
"relationship--368e8913-c6e4-4ad0-b781-f67993325f54"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-malware=\"Flame\"" ,
"misp-galaxy:tool=\"Flame\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5cacf25c-be88-4f49-9371-486d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:28:28.000Z" ,
"modified" : "2019-04-09T19:28:28.000Z" ,
"first_observed" : "2019-04-09T19:28:28Z" ,
"last_observed" : "2019-04-09T19:28:28Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5cacf25c-be88-4f49-9371-486d02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5cacf25c-be88-4f49-9371-486d02de0b81" ,
"value" : "https://storage.googleapis.com/chronicle-research/Flame%202.0%20Risen%20from%20the%20Ashes.pdf"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5cacf275-91f8-48f8-86b3-4a6602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:28:53.000Z" ,
"modified" : "2019-04-09T19:28:53.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Our investigation into the GOSSIPGIRL Supra Threat Actor (STA) started with a REPLICANTFARM signature name that tentatively links the cryptonym GOSSIPGIRL to Flame. From there,1we investigated MiniFlame and Gauss \u2013two families related to the Flame platform\u2013 withoutfinding any indication of succession to Flame\u2019s operations. Our investigation continued ontoStuxnet and Duqu but the altogether disappearance of Flame never sat right with us."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf524-c7cc-4a00-bcf6-0c6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:20.000Z" ,
"modified" : "2019-04-09T19:40:20.000Z" ,
"pattern" : "[import\u200b \u200b\"pe\"import\u200b \u200b\"hash\"rule FLAME2_Orchestrator{meta:desc \u200b=\u200b \u200b\"Encrypted resources in Flame2.0 Orchestrators\"author \u200b=\u200b \u200b\"turla @ Uppercase\"hash1 \u200b=\"15a9b1d233c02d1fdf80071797ff9077f6ac374958f7d0f2b6e84b8d487c9cd1\"hash2 \u200b=\"426aa55d2afb9eb08b601d373671594f39a1d9d9a73639c4a64f17d674ca9a82\"hash3 \u200b=\"af8ccd0294530c659580f522fcc8492d92c2296dc068f9a42474d52b2b2f16e4\"condition:for\u200b any i \u200bin\u200b \u200b(\u200b0.\u200b.\u200bpe\u200b.\u200bnumber_of_resources \u200b-\u200b \u200b1\u200b):(\u200b(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"53b19d9863d8ff8cde8e4358d1b57c04\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"4849cc439e524ef6a9964a3666dddb13\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"62bfe21a8eb76fd07e22326c0073fef5\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"dfed2c71749b04dad46d0ce52834492c\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"9119aa701b39242a98be118d9c237ecc\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"b69d168e29fba6c88ad4e670949815aa\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"4849cc439e524ef6a9964a3666dddb13\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"1933a1e254b1657a6a2eb8ad1fbe6fa3\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"dfed2c71749b04dad46d0ce52834492c\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"9119aa701b39242a98be118d9c237ecc\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"b69d168e29fba6c88ad4e670949815aa\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"17c794f7056349cb82889b5e5b030d15\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"e15187f79b6916cb6763d29d215623c1\"\u200b)\u200b \u200bor(\u200bhash\u200b.\u200bmd5\u200b(\u200bpe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200boffset\u200b,\u200b pe\u200b.\u200bresources\u200b[\u200bi\u200b].\u200blength\u200b)\u200b \u200b==\"923963bb24f2e2ceac9f9759071dba88\" \ u 200
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf2d6-8170-4ec2-8fa9-42a202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:30:30.000Z" ,
"modified" : "2019-04-09T19:30:30.000Z" ,
"pattern" : "[file:hashes.SHA256 = '15a9b1d233c02d1fdf80071797ff9077f6ac374958f7d0f2b6e84b8d487c9cd1' AND file:name = 'sensrsvcs.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:30:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf361-d240-4b8b-89c1-479e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:32:49.000Z" ,
"modified" : "2019-04-09T19:32:49.000Z" ,
"pattern" : "[file:hashes.SHA256 = '426aa55d2afb9eb08b601d373671594f39a1d9d9a73639c4a64f17d674ca9a82' AND file:name = 'sensrsvcs.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:32:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf3a6-2794-4cca-b073-4d0102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:33:58.000Z" ,
"modified" : "2019-04-09T19:33:58.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'af8ccd0294530c659580f522fcc8492d92c2296dc068f9a42474d52b2b2f16e4' AND file:name = 'sensrsvr.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:33:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf3d5-4984-4241-beef-4ecd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:34:45.000Z" ,
"modified" : "2019-04-09T19:34:45.000Z" ,
"pattern" : "[file:hashes.SHA256 = '69227d046ad108e5729e6bfaecc4e05a0da30d8e7e87769d9d3bbf17b4366e64' AND file:name = 'sensrsvr.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:34:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf425-1e2c-467f-b0d9-4b9a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:36:05.000Z" ,
"modified" : "2019-04-09T19:36:05.000Z" ,
"pattern" : "[file:hashes.SHA256 = '0039eb194f00b975145a35ede6b48d9c1ea87a6b2e61ac015b3d38e7e46aecbb' AND file:name = 'wmisvcs64.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:36:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf45c-a150-42cc-91d0-472b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:37:00.000Z" ,
"modified" : "2019-04-09T19:37:00.000Z" ,
"pattern" : "[file:hashes.SHA256 = '8cb78327bd69fda61afac9393187ad5533a63d43ebf74c0f9800bedb814b20ad' AND file:name = 'wmisvcs64.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:37:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf4a2-992c-465c-b7e7-470f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:38:10.000Z" ,
"modified" : "2019-04-09T19:38:10.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b61c62724421d38a13c58877f31298bd663c1c8f8c3fe7d108eb9c8fe5ad0362' AND file:name = 'wmihost64.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:38:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cacf4eb-ea8c-4cef-bbf0-4f8b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:39:23.000Z" ,
"modified" : "2019-04-09T19:39:23.000Z" ,
"pattern" : "[file:hashes.SHA256 = '134849f697ab5f31ffb043b06e9ca1c9b98ffebba8af8ccdedd036a6263bf3a4' AND file:name = 'wmihost.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:39:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3ebf26f8-6710-4b32-a4a0-15d339e5350f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:47.000Z" ,
"modified" : "2019-04-09T19:40:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '2529ecdd21ad9854d52ab737306bee59' AND file:hashes.SHA1 = 'b144c68108d9a9208accb562b141d8b8a15550d7' AND file:hashes.SHA256 = '69227d046ad108e5729e6bfaecc4e05a0da30d8e7e87769d9d3bbf17b4366e64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--019aaeec-55dd-4ce1-b20a-d92710b6b041" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:47.000Z" ,
"modified" : "2019-04-09T19:40:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:25:12" ,
"category" : "Other" ,
"uuid" : "cda2bde6-b763-42f6-a894-5fd2298cec87"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/69227d046ad108e5729e6bfaecc4e05a0da30d8e7e87769d9d3bbf17b4366e64/analysis/1554837912/" ,
"category" : "Payload delivery" ,
"uuid" : "f12fd4ac-1d89-4c87-ab7f-8981d9e12f24"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "4/70" ,
"category" : "Payload delivery" ,
"uuid" : "d7f96a43-c836-49fa-9a47-c9c7b955509d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8697b11b-da93-4d4f-b701-a09aab24cb0d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:47.000Z" ,
"modified" : "2019-04-09T19:40:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '2a2614756387176845187a7de247a98a' AND file:hashes.SHA1 = 'ef2f8fca2a010f49ab4080a6439651320b95e44f' AND file:hashes.SHA256 = '15a9b1d233c02d1fdf80071797ff9077f6ac374958f7d0f2b6e84b8d487c9cd1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e44af2bf-950a-474b-8042-113d217e5f63" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:47.000Z" ,
"modified" : "2019-04-09T19:40:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:37:57" ,
"category" : "Other" ,
"uuid" : "23b15a5c-28e3-447a-b7a1-0cd24b6cf23f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/15a9b1d233c02d1fdf80071797ff9077f6ac374958f7d0f2b6e84b8d487c9cd1/analysis/1554838677/" ,
"category" : "Payload delivery" ,
"uuid" : "e1f5cd2c-1b4b-4a24-9bc5-35d4794acab5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "6/66" ,
"category" : "Payload delivery" ,
"uuid" : "93a80e3b-e83c-4712-82e1-31c4e053ea2d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--48fb1669-d25d-4800-a4bd-443720406f95" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:47.000Z" ,
"modified" : "2019-04-09T19:40:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '7ab1c0c5e7d1ed834bccdfcafb5b07f2' AND file:hashes.SHA1 = '21d3d7c33f63def5aed98d54dac5de218c49a35f' AND file:hashes.SHA256 = '426aa55d2afb9eb08b601d373671594f39a1d9d9a73639c4a64f17d674ca9a82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--be651b15-0ff4-4119-9a0a-de4730dc814d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:47.000Z" ,
"modified" : "2019-04-09T19:40:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:23:23" ,
"category" : "Other" ,
"uuid" : "912c83ff-cdc9-4485-a904-2384fb9e195c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/426aa55d2afb9eb08b601d373671594f39a1d9d9a73639c4a64f17d674ca9a82/analysis/1554837803/" ,
"category" : "Payload delivery" ,
"uuid" : "fbc9682d-7d72-44c9-9b9d-2666493b4c12"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "7/66" ,
"category" : "Payload delivery" ,
"uuid" : "03ee7243-f176-46d0-a04f-f34ae5ea6ddc"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7cc0330c-8e97-4662-8588-c4d54f58407c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '15a0b9948d60e6bc6f60d7226caa923f' AND file:hashes.SHA1 = '16a02af1746adbc173a5dc5a16012468133777c5' AND file:hashes.SHA256 = '0039eb194f00b975145a35ede6b48d9c1ea87a6b2e61ac015b3d38e7e46aecbb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5cf63775-757f-43f1-94ea-a33377e12cd1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:37:54" ,
"category" : "Other" ,
"uuid" : "1e091e6a-ebe5-4c3b-9b5f-c9cb6a375015"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0039eb194f00b975145a35ede6b48d9c1ea87a6b2e61ac015b3d38e7e46aecbb/analysis/1554838674/" ,
"category" : "Payload delivery" ,
"uuid" : "8962d991-4022-46cd-b23b-ac1b66118e2e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "6/69" ,
"category" : "Payload delivery" ,
"uuid" : "15ef209b-969d-49a7-8eff-cd865725bfc8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c301c4d8-3408-4e94-ac87-70c6b3f8d7a7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '98303a3a424c407a3e27ab818066811c' AND file:hashes.SHA1 = '5ab8b1ac11789606333ff94066cae6048a335ac5' AND file:hashes.SHA256 = 'af8ccd0294530c659580f522fcc8492d92c2296dc068f9a42474d52b2b2f16e4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d0ff9ea2-f4ed-4174-b077-308b005ae017" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:28:00" ,
"category" : "Other" ,
"uuid" : "a56f74da-1eb6-4b0e-9946-f4f64bfaa448"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/af8ccd0294530c659580f522fcc8492d92c2296dc068f9a42474d52b2b2f16e4/analysis/1554838080/" ,
"category" : "Payload delivery" ,
"uuid" : "5ddc77d8-25bf-48b8-ba1e-a3e473a00edf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "10/67" ,
"category" : "Payload delivery" ,
"uuid" : "425ae711-425a-4400-bdea-ca8ccb8e9021"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8c4f64e3-e346-40b6-b06f-8575a9ce1a83" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '6ce0a12d7461f3267af7fa835a0b5677' AND file:hashes.SHA1 = '941195b52f5ea4eb60027c3aeb67cd72e95f4c8e' AND file:hashes.SHA256 = 'b61c62724421d38a13c58877f31298bd663c1c8f8c3fe7d108eb9c8fe5ad0362']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9a473378-5c49-4dc1-a58b-38b7ac011d49" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:16:19" ,
"category" : "Other" ,
"uuid" : "2294d851-edaf-4560-93de-6a3163cca0b4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b61c62724421d38a13c58877f31298bd663c1c8f8c3fe7d108eb9c8fe5ad0362/analysis/1554837379/" ,
"category" : "Payload delivery" ,
"uuid" : "086df5b9-0480-41c0-8d26-10c5e04a6d41"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "5/68" ,
"category" : "Payload delivery" ,
"uuid" : "a9717401-7206-494d-983b-0f029dcf4c2a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--287dff0c-5d73-4dca-badb-6de37ea6e766" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '883034ba4657ba4765a20f680721d0ea' AND file:hashes.SHA1 = 'eafb4e041587f4204c2dda9bbb91622ce34421f0' AND file:hashes.SHA256 = '8cb78327bd69fda61afac9393187ad5533a63d43ebf74c0f9800bedb814b20ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6e6742a5-13ab-483f-a968-22170d66e6e2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 17:37:57" ,
"category" : "Other" ,
"uuid" : "12cc2922-c79a-47cd-9c00-a1c9edb9b3e8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8cb78327bd69fda61afac9393187ad5533a63d43ebf74c0f9800bedb814b20ad/analysis/1554831477/" ,
"category" : "Payload delivery" ,
"uuid" : "1cb396f5-1a48-470f-acd5-72a4ee4a577d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "3/70" ,
"category" : "Payload delivery" ,
"uuid" : "9dececda-d7d7-428b-aeb1-294204d06505"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8403c5f0-33ff-475b-b1f1-aa1df43eff9d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:48.000Z" ,
"modified" : "2019-04-09T19:40:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '294be9caf93116430f7a8007a202e9fd' AND file:hashes.SHA1 = '45f348b46a745c1f45e4eac0185d73cc4e65edc3' AND file:hashes.SHA256 = '134849f697ab5f31ffb043b06e9ca1c9b98ffebba8af8ccdedd036a6263bf3a4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-09T19:40:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--13e40b04-1b14-4396-9507-786fb8ee0191" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-09 19:26:22" ,
"category" : "Other" ,
"uuid" : "6d627e0b-8860-4c24-b070-3147b81c8326"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/134849f697ab5f31ffb043b06e9ca1c9b98ffebba8af8ccdedd036a6263bf3a4/analysis/1554837982/" ,
"category" : "Payload delivery" ,
"uuid" : "a47abd4b-72f6-4b58-89c9-210de35edc1c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "7/69" ,
"category" : "Payload delivery" ,
"uuid" : "39dce544-f7ac-41b8-82d1-512fb42eb17b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5cad948e-7a68-4202-ac52-46ea950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-10T07:00:30.000Z" ,
"modified" : "2019-04-10T07:00:30.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "@juanandres_gs\r\n and @silascutler\r\n released research into FLAME 2.0 Risen from the Ashes at #TheSAS2019 (link: https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0) medium.com/chronicle-blog\u2026 #yara rules included in the technical report (link: https://storage.googleapis.com/chronicle-research/Flame%202.0%20Risen%20from%20the%20Ashes.pdf) storage.googleapis.com/chronicle-rese\u2026" ,
"category" : "Other" ,
"uuid" : "5cad948e-7698-48e9-b3e4-4e8a950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5cad948e-6674-469c-b14a-4206950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://mobile.twitter.com/markus_neis/status/1115478572116742144" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5cad948e-1124-4eda-a29c-4d75950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username-quoted" ,
"value" : "@juanandres_gs" ,
"category" : "Other" ,
"uuid" : "5cad948e-ff3c-4461-bdc9-4e64950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username-quoted" ,
"value" : "@silascutler" ,
"category" : "Other" ,
"uuid" : "5cad948e-7ee4-4ce8-9b4f-4c13950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://storage.googleapis.com/chronicle-research/Flame%202.0%20Risen%20from%20the%20Ashes.pdf" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5cad948e-52d0-4f79-8ea3-4674950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5cad948e-5a4c-43c9-94df-4e0a950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://t.co/E2b4nT2Xcl?amp=1" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5cad948e-daa0-4671-bad1-46b3950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://t.co/TajWhD5Bhq?amp=1" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5cad948e-65c0-457c-85bc-4152950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "Apr 9, 2019 6:56 AM" ,
"category" : "Other" ,
"uuid" : "5cad948e-5738-46b0-8c2a-49fa950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "markus_neis" ,
"category" : "Other" ,
"uuid" : "5cad948e-326c-435c-be57-4450950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--e5c8cca4-7940-47bd-9483-ceb684b7c3fc" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3ebf26f8-6710-4b32-a4a0-15d339e5350f" ,
"target_ref" : "x-misp-object--019aaeec-55dd-4ce1-b20a-d92710b6b041"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--78db3ee8-54d8-48df-a558-b495108302e6" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8697b11b-da93-4d4f-b701-a09aab24cb0d" ,
"target_ref" : "x-misp-object--e44af2bf-950a-474b-8042-113d217e5f63"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--cef6d59f-b6db-49b4-b051-cb8a1c6e2b0e" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--48fb1669-d25d-4800-a4bd-443720406f95" ,
"target_ref" : "x-misp-object--be651b15-0ff4-4119-9a0a-de4730dc814d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--46517332-3515-4214-8480-23adbbc62d4f" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7cc0330c-8e97-4662-8588-c4d54f58407c" ,
"target_ref" : "x-misp-object--5cf63775-757f-43f1-94ea-a33377e12cd1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--d013b5cd-4f9e-46b2-ac6e-fe452bcd243f" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c301c4d8-3408-4e94-ac87-70c6b3f8d7a7" ,
"target_ref" : "x-misp-object--d0ff9ea2-f4ed-4174-b077-308b005ae017"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--713c5ed4-7487-470d-911c-ff52054dcc2d" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8c4f64e3-e346-40b6-b06f-8575a9ce1a83" ,
"target_ref" : "x-misp-object--9a473378-5c49-4dc1-a58b-38b7ac011d49"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--4fa75e1a-d745-49c9-ba6c-a7890059bf96" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--287dff0c-5d73-4dca-badb-6de37ea6e766" ,
"target_ref" : "x-misp-object--6e6742a5-13ab-483f-a968-22170d66e6e2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--368e8913-c6e4-4ad0-b781-f67993325f54" ,
"created" : "2019-04-09T19:40:49.000Z" ,
"modified" : "2019-04-09T19:40:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8403c5f0-33ff-475b-b1f1-aa1df43eff9d" ,
"target_ref" : "x-misp-object--13e40b04-1b14-4396-9507-786fb8ee0191"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}